502 Bad Gateway caused by: dial tcp 192.168.192.8:8080: connect: connection refused

Hi,
I recently added a new webservice in my stack.
I added the labels for traefik as I did in the past, but somehow, it's not working well.

It's nextcloud. The app opens the port 8080 inside the docker and maps it to 8089.
I can access nextcloud through the server_local_ip:8089
But through mydomain, I get a "bad gateway message"
"connection refused".
Every other subdomains are accessible.

nextcloud_app:
    image: nextcloud
    restart: unless-stopped
    container_name: nextcloud_app
    labels:
      - com.centurylinklabs.watchtower.enable=true
      - traefik.enable=true
      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAINNAME}`)
      - traefik.http.routers.nextcloud.entrypoints=websecure
      - traefik.http.routers.nextcloud.service=nextcloud@docker
      - traefik.http.routers.nextcloud.tls=true
      - traefik.http.routers.nextcloud.tls.certresolver=letsEncrypt
      - traefik.http.services.nextcloud.loadbalancer.server.port=8080
      ## Middlewares
      - traefik.http.routers.nextcloud.middlewares=chain-authelia@file
    ports:
      - 8089:8080
    networks:
      - internal
    links:
      - nextcloud_db
    volumes:
      - ${APP_DATA_DIR}/nextcloud/app:/var/www/html
      - ${DOCS_SHARE}:/documents
    environment:
      - MYSQL_PASSWORD=/run/secrets/mysql_password
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=nextcloud_db

I'm not sure where to look ?
Could anyone give me some pointers ?
Immensely appreciated.

Cheers

WB.

Are Traefik and NextCloud on the same Docker network? If you have multiple networks, you should use docker.network config.

Enable and check Traefik debug log and access log.

I am looking at the logs.
I understand maybe 30% of traefik.log, and not much at all from access.log.

Both nextcloud and traefik are on the same stack, and on the same "internal" network.

I had another avenue of thinking and it was about the load balancer rule and that there might be a conflict

traefik:
    image: "traefik:latest"
    container_name: "traefik"
    labels:
      - com.centurylinklabs.watchtower.enable=true
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`traefik.${DOMAINNAME}`)
      - traefik.http.routers.api.entrypoints=websecure
      - traefik.http.routers.api.middlewares=chain-authelia@file
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.api.tls=true
      - traefik.http.routers.api.tls.certresolver=letsEncrypt
      - traefik.http.services.api.loadbalancer.server.port=8083
      - traefik.port=8083
    ports:
      - "80:80"
      #- "8080:8080"
      - "443:443"
    environment:
       - DOCKER_HOST=tcp://socket-proxy:2375
       - HTPASSWD_FILE=/run/secrets/.htpasswd
       - NAMECHEAP_API_KEY= #key#
       - NAMECHEAP_API_USER=#user#
    volumes:
     # - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - ${APP_DATA_DIR}/traefik:/etc/traefik
      - ${APP_DATA_DIR}/traefik/acme.json:/acme.json
      - ${APP_DATA_DIR}/traefik/rules:/rules
      - ${SHARED_DIR}:/shared
      - ${APP_DATA_DIR}/secrets:/secrets
     # - TZ=${TZ}
    secrets:
      - htpasswd
      - namecheap_api_user
      - namecheap_api_key  
    networks:
      - socket_proxy
      - web
      - internal
    restart: unless-stopped

...
  nextcloud_app:
    image: nextcloud
    restart: unless-stopped
    container_name: nextcloud_app
    labels:
      - com.centurylinklabs.watchtower.enable=true
      - traefik.enable=true
      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAINNAME}`)
      - traefik.http.routers.nextcloud.entrypoints=websecure
      - traefik.http.routers.nextcloud.service=nextcloud@docker
      - traefik.http.routers.nextcloud.tls=true
      - traefik.http.routers.nextcloud.tls.certresolver=letsEncrypt
      - traefik.http.services.nextcloud.loadbalancer.server.port=8080
      ## Middlewares
      - traefik.http.routers.nextcloud.middlewares=chain-authelia@file
    ports:
      - 8089:8080
    networks:
      - internal

The container opens 8080 as default inside, I map it to 8089, and for the loadbalancer I put 8080, but I'm really not sure about what I am doing there.

On the same line of inquiry,
if I am right, which I am really not sure to be, the traefik label included in a given container,

- traefik.http.services.nextcloud.loadbalancer.server.port=XXXX

should not reflect the external port exposed by the container, but the inner port ? is that correct ?
so if it

ports:
   -  8089:80

then the label should be

- traefik.http.services.nextcloud.loadbalancer.server.port=80

If it is correct, then how to manage different containers that have the same inner port exposed, because then the label will be pointing at the same ports ?
This is really confusing.
Should I put those conflicting containers on different networks ?

I welcome any help, explanation or pointers.
Cheers.

I don't know if this is the best solution but it worked for me, so here it is if it can help.

What I believe is that there was on conflict between an existing container opened port / loadbalancer port.

app1 > label > traefik.http.services.app1.loadbalancer.server.port=8080
app1 > ports > 2302:8080

app2 > label > traefik.http.services.app1.loadbalancer.server.port=8080 (or 80 or 8089 tried both)
app2 > ports > 8089:80

on top of it traefik container was also causing issues with that
traefik > label > traefik.http.services.api.loadbalancer.server.port=8083
traefik > label > traefik.port=8083
traefik > ports > 80:80
traefik > ports > 443:443

I finally tried to solve this by changing the inner apache port of app 2, using permanent volumes for default.conf and ports.conf.
Changed them to 8089, and applied 8089 in the app2 label for the load balancer port

It works now.

The loadbalancer.server.port should be the port inside the target container. You do not need to expose the port externally (except for Traefik itself). Traefik will route to the target via the Docker network to the internal port.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.