When I enable TLS on my container like this: -l "traefik.http.routers.pi-hole.tls.certresolver=corp" I get a 404 page not found when trying to connect using port 80. When I remove the label I get a 404 page not found on port 443 and port 80 works. How can I make it work on both ports?
container config:
docker create --name pi-hole \
--restart=unless-stopped \
--dns=127.0.0.1 --dns=8.8.8.8 \
-v "/opt/pi-hole/etc-pihole/:/etc/pihole/" \
-v "/opt/pi-hole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
-e VIRTUAL_HOST="pi-hole.docker-core.corp.example.com" \
-e TZ="Europe/Amsterdam" \
-p 53:53/tcp \
-p 53:53/udp \
-p 67:67/udp \
-p 8053:80 \
-l "traefik.enable=true" \
-l 'traefik.http.routers.pi-hole.rule=Host(`pi-hole.docker-core.corp.example.com`)' \
-l "traefik.http.routers.pi-hole.entrypoints=web,web-secure" \
-l "traefik.http.services.pi-hole.loadbalancer.server.port=80" \
-l "traefik.http.routers.pi-hole.tls.certresolver=corp" \
pihole/pihole:latest
Traefik.yml
# traefik.yml
# Docker configuration backend
providers:
docker:
exposedByDefault: false
api:
insecure: true
log:
level: DEBUG
accessLog: {}
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
certificatesResolvers:
corp:
acme:
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
email: postmaster@example.com
storage: acme.json
dnsChallenge:
provider: gandiv5
delayBeforeCheck: 10
resolvers:
- "8.8.8.8:53"
zespri
October 3, 2019, 7:03pm
2
You need two routers, one to listen on web
, another to listen on websecure
, only the one on websecure should have tls.
Hmm I tried making two routers by doing this, however now I got zero routers.
-l 'traefik.http.routers.http.rule=Host(`pi-hole.docker-core.corp.example.com`)' \
-l 'traefik.http.routers.https.rule=Host(`pi-hole.docker-core.corp.example.com`)' \
-l "traefik.http.routers.http.entrypoints=web" \
-l "traefik.http.routers.https.entrypoints=web-secure" \
-l "traefik.http.services.http.loadbalancer.server.port=80" \
-l "traefik.http.services.https.loadbalancer.server.port=80" \
-l "traefik.http.routers.https.tls.certresolver=corp" \
- "traefik.enable=true"
- traefik.docker.network=your_dock_net
- "traefik.http.routers.http-pihole.entryPoints=http"
- "traefik.http.routers.http-pihole.rule=Host(`pihole`)"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
- "traefik.http.routers.http-pihole.middlewares=https_redirect"
- "traefik.http.routers.https-pihole.entryPoints=https"
- "traefik.http.routers.https-pihole.rule=Host(`pihole`)"
- "traefik.http.routers.https-pihole.service=pihole"
- "traefik.http.routers.https-pihole.tls=true"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "traefik.http.routers.https-pihole.tls.certResolver=le-ssl"
Try similar to this?
(of course certresolver is different, mine is defined somewhere else)
zespri
October 3, 2019, 8:08pm
5
@Eagleman7 You only need a single service you do not need two:
- "traefik.http.routers.http.service=http"
- "traefik.http.routers.https.service=http"
- "traefik.http.services.http.loadbalancer.server.port=80"
zespri
October 3, 2019, 8:09pm
6
@przemas75 he does indicate he wants a redirect. From his OP he wants the site to be accessible on plain HTTP.
Aha, I thought I needed to tell the load balancer where to connect for each service.
zespri
October 3, 2019, 8:37pm
8
So has it finally worked?
Yes! I can connect on both port 80 and 443 without getting a 404 page not found on one of them. Thanks again, Traefik is a bit confusing sometimes, especially when you're new.
1 Like