Additional entrypoint for docker container

Traefik Traefik v2
1

Hello!

For a special service I was asked to set up SSL on port 4433.
This was the nginx configuration I was sent:

server {
        server_name your.domain.tld;

        server_tokens off;
        default_type application/json;
        ssl_session_cache shared:SSL:32m;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
        add_header X-Content-Type-Options "nosniff";
        add_header X-XSS-Protection "1; mode=block";

        location /info {
                allow all;
                proxy_pass http://localhost:8080/info;
        }

        location / {
                access_log off;
                include /etc/nginx/tb-balancer.conf;
                proxy_pass http://localhost:8080;
        }

    listen [::]:4433 ssl http2;
    listen 4433 ssl http2;
    ssl_certificate /path/to/your/ssl/fullchain.pem;
    ssl_certificate_key /path/to/your/ssl/privkey.pem;

For traefik I have set up an additional entrypoint for the port 4433 called "tb".
image

Within the service I have added both websecure and the additional entrypoint "tb"

The service is reachable on websecure "https://service.example.org" but not "https://service.example.org:4433"

Here the dashboard

image
image966×879 43.9 KB

What might I have done wrong?

Thank you!

2

Hello @antonionardella,

When you say the service is not reachable, what do you mean?

  • Can you connect to https://service.example.org:4433 (is the TCP port open)?
  • Does https://service.example.org:4433 provide a certificate (is it the correct certificate)?
  • Does https://service.example.org:4433 respond to the request (is it a 404 response? non 404?)

Each of those may indicate different issues.

1 Like
3

Hello and thanks for the reply.

The port 4433 is open.
It does not provide a certificate
It does not reply with 404

All I get is connection timeout

image
image699×329 17 KB

Although the server is not listening to the 4433 port

drng-expo   710    root    3u  IPv6    15278      0t0  TCP *:2112 (LISTEN)
sshd        721    root    3u  IPv4    15854      0t0  TCP *:22 (LISTEN)
node      11866    root   22u  IPv6 68156233      0t0  TCP *:8890 (LISTEN)
docker-pr 16004    root    4u  IPv6 57995754      0t0  TCP *:1236 (LISTEN)
docker-pr 16031    root    4u  IPv6 57994946      0t0  TCP *:1235 (LISTEN)
docker-pr 16066    root    4u  IPv6 57995888      0t0  TCP *:1234 (LISTEN)
docker-pr 17817    root    4u  IPv6 72599576      0t0  TCP *:8082 (LISTEN)
docker-pr 17831    root    4u  IPv6 72599622      0t0  TCP *:443 (LISTEN)
docker-pr 17842    root    4u  IPv6 72599666      0t0  TCP *:80 (LISTEN)
docker-pr 18296    root    4u  IPv6 72601507      0t0  TCP *:14666 (LISTEN)
docker-pr 18329    root    4u  IPv6 72601554      0t0  TCP *:10895 (LISTEN)
docker-pr 18348    root    4u  IPv6 72601599      0t0  TCP *:6061 (LISTEN)
docker-pr 18502    root    4u  IPv6 72602936      0t0  TCP *:9090 (LISTEN)
docker-pr 24104    root    4u  IPv6 59798137      0t0  TCP *:15601 (LISTEN)
docker-pr 24128    root    4u  IPv6 59798230      0t0  TCP *:14265 (LISTEN)
docker-pr 24141    root    4u  IPv6 59798274      0t0  TCP *:1883 (LISTEN)
docker-pr 29870    root    4u  IPv6 58009476      0t0  TCP *:15600 (LISTEN)
docker-pr 29883    root    4u  IPv6 58010424      0t0  TCP *:14268 (LISTEN)
4

Hello @antonionardella,

If you are running Traefik inside docker, you also have to bind the port in docker.

Did you add 4433:4433 to your ports section of your compose file?

1 Like
5

OMG.. of course :man_facepalming:

Time to take some days off.

Sorry and thank you very much!

1 Like
6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.