404 page not found

When I enable TLS on my container like this: -l "traefik.http.routers.pi-hole.tls.certresolver=corp" I get a 404 page not found when trying to connect using port 80. When I remove the label I get a 404 page not found on port 443 and port 80 works. How can I make it work on both ports?

container config:

docker create --name pi-hole \
    --restart=unless-stopped \
    --dns=127.0.0.1 --dns=8.8.8.8 \
    -v "/opt/pi-hole/etc-pihole/:/etc/pihole/" \
    -v "/opt/pi-hole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    -e VIRTUAL_HOST="pi-hole.docker-core.corp.example.com" \
    -e TZ="Europe/Amsterdam" \
    -p 53:53/tcp \
    -p 53:53/udp \
    -p 67:67/udp \
    -p 8053:80 \
    -l "traefik.enable=true" \
    -l 'traefik.http.routers.pi-hole.rule=Host(`pi-hole.docker-core.corp.example.com`)' \
    -l "traefik.http.routers.pi-hole.entrypoints=web,web-secure" \
    -l "traefik.http.services.pi-hole.loadbalancer.server.port=80" \
    -l "traefik.http.routers.pi-hole.tls.certresolver=corp" \
pihole/pihole:latest

Traefik.yml

# traefik.yml

# Docker configuration backend
providers:
  docker:
    exposedByDefault: false

api:
  insecure: true

log:
  level: DEBUG

accessLog: {}

entryPoints:
  web:
    address: ":80"

  web-secure:
    address: ":443"

certificatesResolvers:
  corp:
    acme:
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      email: postmaster@example.com
      storage: acme.json
      dnsChallenge:
        provider: gandiv5
        delayBeforeCheck: 10
        resolvers:
          - "8.8.8.8:53"

You need two routers, one to listen on web, another to listen on websecure, only the one on websecure should have tls.

Hmm I tried making two routers by doing this, however now I got zero routers.

    -l 'traefik.http.routers.http.rule=Host(`pi-hole.docker-core.corp.example.com`)' \
    -l 'traefik.http.routers.https.rule=Host(`pi-hole.docker-core.corp.example.com`)' \
    -l "traefik.http.routers.http.entrypoints=web" \
	-l "traefik.http.routers.https.entrypoints=web-secure" \
    -l "traefik.http.services.http.loadbalancer.server.port=80" \
    -l "traefik.http.services.https.loadbalancer.server.port=80" \
    -l "traefik.http.routers.https.tls.certresolver=corp" \
      - "traefik.enable=true"
      - traefik.docker.network=your_dock_net
      - "traefik.http.routers.http-pihole.entryPoints=http"
      - "traefik.http.routers.http-pihole.rule=Host(`pihole`)"
      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
      - "traefik.http.routers.http-pihole.middlewares=https_redirect"
      - "traefik.http.routers.https-pihole.entryPoints=https"
      - "traefik.http.routers.https-pihole.rule=Host(`pihole`)"
      - "traefik.http.routers.https-pihole.service=pihole"
      - "traefik.http.routers.https-pihole.tls=true"
      - "traefik.http.services.pihole.loadbalancer.server.port=80"
      - "traefik.http.routers.https-pihole.tls.certResolver=le-ssl"

Try similar to this?
(of course certresolver is different, mine is defined somewhere else)

@Eagleman7 You only need a single service you do not need two:

      - "traefik.http.routers.http.service=http"
      - "traefik.http.routers.https.service=http"
      - "traefik.http.services.http.loadbalancer.server.port=80"

@przemas75 he does indicate he wants a redirect. From his OP he wants the site to be accessible on plain HTTP.

Aha, I thought I needed to tell the load balancer where to connect for each service.

So has it finally worked?

Yes! I can connect on both port 80 and 443 without getting a 404 page not found on one of them. Thanks again, Traefik is a bit confusing sometimes, especially when you're new.

1 Like