Hello together,
I'm new to traefik, letsencrypt and all this stuff. I need your help. I have a small setup with docker, 3 services: I have no problems with 2 services (which are homeassistant and traefic) but with grocy I get a 502 error. The Labels I use are most identical. With loglevel debug I can see a "connection refused" from 172.18.0.3 which is the grocy service.
Here my docker-compose.yaml:
version: "3.8"
services:
homeassistant:
container_name: homeassistant
image: homeassistant/home-assistant:latest
volumes:
- "homeassistant:/config"
- "/etc/localtime:/etc/localtime:ro"
network_mode: host
devices:
- "/dev/ttyACM0:/dev/ttyACM0"
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.homeassistant.entrypoints=http"
- "traefik.http.routers.homeassistant.rule=Host(`homeassistant.xxx.duckdns.org`)"
- "traefik.http.middlewares.homeassistant-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.homeassistant.middlewares=homeassistant-https-redirect"
- "traefik.http.routers.homeassistant-secure.entrypoints=https"
- "traefik.http.routers.homeassistant-secure.rule=Host(`homeassistant.xxx.duckdns.org`)"
- "traefik.http.routers.homeassistant-secure.tls=true"
- "traefik.http.routers.homeassistant-secure.tls.certresolver=http"
- "traefik.http.routers.homeassistant-secure.service=homeassistant"
- "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
- "traefik.docker.network=proxy"
hass-configurator:
container_name: hass-configurator
image: causticlab/hass-configurator-docker:x86_64
volumes:
- "hass-configurator:/config"
- "homeassistant:/hass-config"
networks:
- smarthome-frontend
ports:
- "3218:3218"
restart: unless-stopped
traefik:
container_name: traefik
image: traefik:2.4.8
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# Mist, fuktioniert irgendwie nicht mit Named Volumes
- "/smarthome/traefik/data/traefik.yaml:/traefik.yml:ro"
- "/smarthome/traefik/data/dynamic_conf.yaml:/dynamic_conf.yml"
- "/smarthome/traefik/data/acme.json:/acme.json"
networks:
- proxy
ports:
- 80:80
- 443:443
restart: unless-stopped
security_opt:
- no-new-privileges:true
extra_hosts:
- "host.docker.internal:172.17.0.1"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.xxx.duckdns.org`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=lotse:$$apr1$$98SlGN.d$$k2LCyn9r8k0uj3iLnvydI."
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.xxx.duckdns.org`)"
- "traefik.http.routers.traefik-secure.middlewares=secHeaders@file,traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "providers.file.filename=/dynamic_conf.yml"
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: always
ports:
- 9000:9000
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "portainer_data:/data"
grocy:
image: ghcr.io/linuxserver/grocy:amd64-latest
container_name: grocy
volumes:
- "grocy:/config"
networks:
- proxy
ports:
- 9283:80
environment:
- "TZ=Europe/Berlin"
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.grocy.entrypoints=http"
- "traefik.http.routers.grocy.rule=Host(`grocy.xxx.duckdns.org`)"
- "traefik.http.middlewares.grocy-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.grocy.middlewares=grocy-https-redirect"
- "traefik.http.routers.grocy-secure.entrypoints=https"
- "traefik.http.routers.grocy-secure.rule=Host(`grocy.xxx.duckdns.org`)"
- "traefik.http.routers.grocy-secure.tls=true"
- "traefik.http.routers.grocy-secure.tls.certresolver=http"
- "traefik.http.routers.grocy-secure.service=grocy"
- "traefik.http.services.grocy.loadbalancer.server.port=9283"
- "traefik.docker.network=proxy"
- "traefik.http.services.grocy.loadbalancer.server.scheme=http"
volumes:
homeassistant:
hass-configurator:
portainer_data:
grocy:
networks:
smarthome-frontend:
proxy:
external: true
My traefik.yaml:
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: "./dynamic_conf.yml"
certificatesResolvers:
http:
acme:
email: xxx@gmail.com
storage: acme.json
httpChallenge:
entryPoint: http
# log:
# level: DEBUG
and the dynamic_conf.yaml:
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
http:
middlewares:
secHeaders:
headers:
browserXssFilter: true
contentTypeNosniff: true
frameDeny: true
sslRedirect: true
#HSTS Configuration
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
What do i wrong here?
TIA for your help.