502 bad gateway for some containers and not others

Traefik Traefik v2
1

All my containers (including traefik) are setup within one docker-compose file.

Here is the section for traefik2 (the dashboard of which I can then access neatly on traefik.DOMAINNAME):

traefik:
    container_name: traefik
    image: traefik:v2.2
    restart: unless-stopped
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entryPoints.traefik.address=:8080
      - --api=true
      - --log=true
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=traefik2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
      - --providers.file.watch=true # Only works on top level files in the rules folder
      - --certificatesResolvers.dns-gandi.acme.storage=/acme.json
      - --certificatesResolvers.dns-gandi.acme.dnsChallenge.provider=gandiv5
    networks:
      - traefik2_proxy
    security_opt:
      - no-new-privileges:true
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
    volumes:
      - $USERDIR/docker/traefik2/rules:/rules
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $USERDIR/docker/traefik2/acme/acme.json:/acme.json
      - $USERDIR/docker/traefik2/traefik.log:/traefik.log
      - $USERDIR/docker/shared:/shared
    environment:
      - GANDIV5_API_KEY=$GANDI_API_KEY
    labels:
      - traefik.enable=true
      # HTTP-to-HTTPS Redirect
      - traefik.http.routers.http-catchall.entrypoints=http
      - traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)
      - traefik.http.routers.http-catchall.middlewares=redirect-to-https
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      # HTTP Routers
      - traefik.http.routers.traefik-rtr.entrypoints=https
      - traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)
      - traefik.http.routers.traefik-rtr.tls=true
      - traefik.http.routers.traefik-rtr.tls.domains[0].main=*.$DOMAINNAME
      - traefik.http.routers.traefik-rtr.tls.domains[0].sans=$DOMAINNAME
      # Services - API
      - traefik.http.routers.traefik-rtr.service=api@internal
      # Middlewares
      - traefik.http.routers.traefik-rtr.middlewares=middlewares-basic-auth@file

Here is the working section for portainer (i.e I can connect to portainer.DOMAINNAME in https and use portainer as intended).

portainer:
    container_name: portainer
    image: portainer/portainer:latest
    restart: unless-stopped
    command: -H unix:///var/run/docker.sock
    networks:
      traefik2_proxy:
        ipv4_address: 192.168.90.12
    security_opt:
      - no-new-privileges:true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $USERDIR/docker/portainer/data:/data
    environment:
      - TZ=$TZ
    labels:
      - traefik.enable=true
      ## HTTP Routers
      - traefik.http.routers.portainer-rtr.entrypoints=https
      - traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME`)
      - traefik.http.routers.portainer-rtr.tls=true
      ## HTTP Services
      - traefik.http.routers.portainer-rtr.service=portainer-svc
      - traefik.http.services.portainer-svc.loadbalancer.server.port=9000

And now the faulty radarr section for which I get the dreaded 502 bad gateway error.

  radarr:
    container_name: radarr
    image: linuxserver/radarr:latest
    restart: always
    networks:
      traefik2_proxy:
        ipv4_address: 192.168.90.13
    security_opt:
      - no-new-privileges:true
    volumes:
      - /volume1/Torrents/Downloading:/torrents_downloading
      - /volume1/Torrents/Downloaded/Movies:/torrents_downloaded
      - /volume1/Movies:/movies
      - $USERDIR/docker/radarr/config:/config
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
    labels:
      - traefik.enable=true
      ## HTTP Routers
      - traefik.http.routers.radarr-rtr.entrypoints=https
      - traefik.http.routers.radarr-rtr.rule=Host(`radarr.$DOMAINNAME`)
      - traefik.http.routers.radarr-rtr.tls=true
      ## HTTP Services
      - traefik.http.routers.radarr-rtr.service=radarr-svc
      - traefik.http.services.radarr-svc.loadbalancer.server.port=7878

They are basically the exact same configuration, only the traefik port changes.

What am I missing here ?

Adding that I tried to sh into the traefik container and curl -v http://192.168.90.13:7878 :

 curl -v http://192.168.90.13:7878
*   Trying 192.168.90.13:7878...
* TCP_NODELAY set
* connect to 192.168.90.13 port 7878 failed: Connection refused
* Failed to connect to 192.168.90.13 port 7878: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 192.168.90.13 port 7878: Connection refused

So the issue is with the container instead of traefik ?

2

Seems like it might be. Swap it out with containous/whoami or another container listening on 7878.

3

Yes the container was failing. My bad.

4

How you fix this? I'm getting the same 502 with linuxserver/radarr...

6

Please open a topic for your own issue.

Pierre's container was failing. So there was nothing to route to.