Most of the time I can just reach my containers with https://sub.domain.com/ . But reaching the qbittorrent web ui is not working like that. I get a 404 page not found trying https://qbittorrent.domain.xyz , or secure connection failed An error occurred during a connection to qbittorent.domain.xyz:8000. PR_END_OF_FILE_ERROR. when trying https://qbittorrent.domain.xyz:8000. I can reach the web portal doing qbittorrent.domain.xyz:8000 using http, just not https. Tried various configs like using these labels but nope Traefik Reverse Proxy for Web UI · qbittorrent/qBittorrent Wiki · GitHub . Any ideas? im not familiar with the curl tool but when i curl it, it seems to work, just not the web browser. configs below
---Update--- Tried visiting the domain in the chrome browser and it worked effortlessly. Clicked the lock in firefox to delete the cookies but still the 404. i dont get it, but must be some obscure browser issue.
version: '3.4'
networks:
proxy:
external: true
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=$CLOUDFLARE_EMAIL
# - CF_DNS_API_TOKEN=YOUR_API_TOKEN
- CF_API_KEY=$CLOUDFLARE_API_KEY
# be sure to use the correct one depending on if you are using a token or key
- DOMAINNAME # from .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- $DOCKERDIR/data/traefik.yml:/traefik.yml:ro
- $DOCKERDIR/data/acme.json:/acme.json
- $DOCKERDIR/data/config.yml:/config.yml:ro
# - $DOCKERDIR/.env:/.env:ro
command:
- "--serversTransport.insecureSkipVerify=true"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.$DOMAINNAME`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:admin"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.$DOMAINNAME`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=$DOMAINNAME"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.$DOMAINNAME"
- "traefik.http.routers.traefik-secure.service=api@internal"
extra_hosts: # https://community.home-assistant.io/t/home-assistant-in-docker-hosts-mode-with-traefik-2-and-lets-encrypt-working-sample/190476/7
- host.docker.internal:172.19.0.1 # I don't know why this is needed
qbittorrent:
image: lscr.io/linuxserver/qbittorrent
container_name: qbittorrent
networks:
- proxy
environment:
- PUID=$PUID
- PGID=$PGID
- TZ=$TZ
- WEBUI_PORT=8000
labels:
- "traefik.enable=true"
- "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.$DOMAINNAME`)"
- "traefik.http.routers.qbittorrent.entrypoints=https"
- "traefik.http.routers.qbittorrent.tls.certresolver=cloudflare"
- "traefik.http.services.qbittorrent.loadbalancer.server.port=8000"
volumes:
- $DOCKERDIR/qbittorrent/config:/config
- $DOCKERDIR/qbittorrent/downloads:/downloads
ports:
- 8000:8000
- 6881:6881
- 6881:6881/udp
restart: unless-stopped
########### config.yaml
http:
#region routers
#endregion
middlewares:
addprefix-pihole:
addPrefix:
prefix: "/admin"
https-redirect:
redirectScheme:
scheme: https
default-headers:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
idrac:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipWhiteList:
sourceRange:
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
secured:
chain:
middlewares:
- default-whitelist
- default-headers
############## traefik.yaml
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
idrac: # for idrac console
address: ":5900/tcp"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: email@gmail.com
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
heres curl output if thats helpful:
curl -v https://qbittorrent.domain.xyz:8000
* Trying 192.168.40.10:8000...
* TCP_NODELAY set
* Connected to qbittorrent.domain.xyz (192.168.40.10) port 8000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to qbittorrent.domain.xyz:8000
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to qbittorrent.domain.xyz:8000
curl -v https://qbittorrent.domain.xyz
* Trying 192.168.40.10:443...
* TCP_NODELAY set
* Connected to qbittorrent.domain.xyz (192.168.40.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=domain.xyz
* start date: Mar 21 05:35:33 2022 GMT
* expire date: Jun 19 05:35:32 2022 GMT
* subjectAltName: host "qbittorrent.domain.xyz" matched cert's "*.domain.xyz"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5649cceb8e30)
> GET / HTTP/2
> Host: qbittorrent.domain.xyz
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 200
< cache-control: no-store
< content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; frame-ancestors 'self';
< content-type: text/html
< date: Wed, 20 Apr 2022 18:08:53 GMT
< referrer-policy: same-origin
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
<
<!DOCTYPE html>
<html lang="C">
<head>
<meta charset="UTF-8" />
<title>qBittorrent Web UI</title>
<link rel="icon" type="image/png" href="images/qbittorrent32.png" />
<link rel="icon" type="image/svg+xml" href="icons/qbittorrent-tray.svg" />
<link rel="stylesheet" type="text/css" href="css/login.css?v=ksfvs6" />
<noscript>
<link rel="stylesheet" type="text/css" href="css/noscript.css?v=ksfvs6" />
</noscript>
<script src="scripts/login.js?locale=C&v=ksfvs6"></script>
</head>
<body>
<noscript id="noscript">
<h1>JavaScript Required! You must enable JavaScript for the Web UI to work properly</h1>
</noscript>
<div id="main">
<h1>qBittorrent Web UI</h1>
<div id="logo" class="col">
<img src="icons/qbittorrent-tray.svg" alt="qBittorrent logo" />
</div>
<div id="formplace" class="col">
<form id="loginform" method="post" onsubmit="submitLoginForm();">
<div class="row">
<label for="username">Username</label><br />
<input type="text" id="username" name="username" autocomplete="username" />
</div>
<div class="row">
<label for="password">Password</label><br />
<input type="password" id="password" name="password" autocomplete="current-password" />
</div>
<div class="row">
<input type="submit" id="login" value="Login" />
</div>
</form>
</div>
<div id="error_msg"></div>
</div>
</body>
</html>
* Connection #0 to host qbittorrent.domain.xyz left intact