Hi there
Frist of all thanks for your awesome work!!!
I recently migrated from traefik 1.7 to chevrotin. With a little work I got everything up an running again. Now I wanted to add another docker-service (onlyoffice-documentserver) to my server. I have been testing around conluting all 502-posts on containous but nothing helped to get rid of the 502 error.
I have one docker-compose file which I use to start all services including traefik. Below you find the relevant snippets of the code. Just to let you know. I have 25 containers running of which 19 are accessible with an individual *.mydomain.com adress. All with one config, which so far, worked perfectly.
traefik:
container_name: traefik
image: traefik:chevrotin
command:
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=true
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
- --entrypoints.https.forwardedHeaders.trustedIPs=lots of IP's
- --entryPoints.traefik.address=:8080
- --api=true
# - --api.insecure=true
# - --serversTransport.insecureSkipVerify=true
- --log=true
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/traefik2.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=400-499
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
- --providers.docker.exposedByDefault=false
- --providers.docker.network=t2_proxy
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
- --providers.file.watch=true # Only works on top level files in the rules folder
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # uncomment when testing
- --certificatesResolvers.dns-cloudflare.acme.email=$MYEMAIL
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
networks:
t2_proxy:
ipv4_address: IP
security_opt:
- no-new-privileges:true
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080
published: 8080
protocol: tcp
mode: host
volumes:
- $USERDIR/traefik2/rules:/rules # file provider directory
- /var/run/docker.sock:/var/run/docker.sock:ro
- $USERDIR/traefik2/acme/acme.json:/acme.json
- $USERDIR/traefik2/traefik2.log:/var/log/docker/traefik2.log
- $USERDIR/shared:/shared
environment:
- CF_API_EMAIL=$MYEMAIL
- CF_API_KEY=$CFAPI
- TZ=${TZ}
labels:
- "traefik.enable=true"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
- "traefik.http.routers.traefik-rtr.tls=true"
# - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
- "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
- "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
## Middlewares
# - "traefik.http.routers.portainer-rtr.middlewares=chain-no-auth@file" # No Authentication
- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file"
#- "traefik.http.routers.portainer-rtr.middlewares=chain-oauth@file"
## Services - API
- "traefik.http.routers.traefik-rtr.service=api@internal"
restart: unless-stopped
Header security is defined in a seperate .toml file in the "rules"-folder.
And here the onlyoffice service:
onlyoffice-documentserver:
container_name: onlyoffice-documentserver
image: onlyoffice/documentserver
environment:
- TZ=${TZ}
stdin_open: true
tty: true
networks:
- t2_proxy
restart: always
volumes:
- $USERDIR/onlyoffice/data:/var/www/onlyoffice/Data/
- $USERDIR/onlyoffice/data/certs:/var/www/onlyoffice/Data/onlyoffice/documentserver
- $USERDIR/onlyoffice/log:/var/log/onlyoffice
- $USERDIR/onlyoffice/cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
- $USERDIR/onlyoffice/example:/var/www/onlyoffice/documentserver-example/public/files
- $USERDIR/onlyoffice/fonts:/usr/share/fonts
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.onlyoffice-rtr.entrypoints=https"
- "traefik.http.routers.onlyoffice-rtr.rule=Host(`onlyoffice.$DOMAINNAME`)"
- "traefik.http.routers.onlyoffice-rtr.tls=true"
## Middlewares
- "traefik.http.routers.onlyoffice-rtr.middlewares=chain-no-auth@file"
## HTTP Services
- "traefik.http.routers.onlyoffice-rtr.service=onlyoffice-svc"
- "traefik.http.services.onlyoffice-svc.loadbalancer.server.port=443"
Log is:
time="xxx" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip\"],\"Accept-Language\":[\"de-CH,en-US;q=0.7,en;q=0.3\"],\"Cache-Control\":[\"max-age=0\"],\"Cdn-Loop\":[\"cloudflare\"],\"Cf-Connecting-Ip\":[\"*myip*\"],\"Cf-Ipcountry\":[\"CH\"],\"Cf-Ray\":[\"*certinfo*\"],\"Cf-Request-Id\":[\"*certinfo*\"],\"Cf-Visitor\":[\"{\\\"scheme\\\":\\\"https\\\"}\"],\"Connection\":[\"Keep-Alive\"],\"Cookie\":[\"__cfduid=*alphanumerical*\"],\"Dnt\":[\"1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0\"],\"X-Forwarded-For\":[\"*myip*\"],\"X-Forwarded-Host\":[\"onlyoffice.mydomain.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"*alphanumeric*\"],\"X-Real-Ip\":[\"162.158.91.242\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"onlyoffice.mydomain.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"162.158.91.242:52126\",\"RequestURI\":\"/\",\"TLS\":null}"
and
time="xxx" level=debug msg="'502 Bad Gateway' caused by: dial tcp 192.168.90.20:443: connect: connection refused"
thanks for your help