An issue with route to different services running on the same node

Traefik Traefik v2 (latest)
1

Hi,

So, I'm having an issue. I have two services running on the same VPN with wildcard SSL certificate.
When I connect to the consul first then all later connections to the traefik are redirected to the consul. However, if I first connect to traefik then all connection to the consul are return with "404 page not found". In short, it's not possible to have both pages open at the same time. Beside this, all works as it should, no issue with redirection from http to https, certificate or authentication. Separately, each service works at it's best but not together.

Here is my complete all_dynamic.yml configuration file.

[http]
  [http.routers]
    [http.routers.catchall]
      entrypoints = ["web"]
      rule = "HostRegexp(`{host:.+}`)"
      middlewares = ["redirect_to_https"]
      service = "noop"

    [http.routers.traefik_https]
      entrypoints = ["web-secure"]
      rule = "Host(`traefik.sre-test.me`)"
      middlewares = ["auth"]
      service = "api@internal"
      [http.routers.traefik_https.tls]

  [http.middlewares]
    [http.middlewares.redirect_to_https.redirectScheme]
      scheme = "https"
      permanent = true

    [http.middlewares.auth.basicAuth]
      users = ["traefik:$apr1$R74sSIc.$5QQnTtXYaX60NKNrXFUYl."]

  [http.services]
    [http.services.noop.loadBalancer]
      [[http.services.noop.loadBalancer.servers]]
        url = "127.0.0.1"

[tcp]
  [tcp.routers]
    [tcp.routers.consul]
      entrypoints = ["web-secure"]
      rule = "HostSNI(`consul.sre-test.me`)"
      service = "consul"
    [tcp.routers.consul.tls]
        passthrough = true
  [tcp.services]
    [tcp.services.consul.loadBalancer]
      [[tcp.services.consul.loadBalancer.servers]]
        address = "10.53.132.76:8000"
      [[tcp.services.consul.loadBalancer.servers]]
        address = "10.53.132.77:8000"
      [[tcp.services.consul.loadBalancer.servers]]
        address = "10.53.132.78:8000"

[tls]
  [[tls.certificates]]
    certFile = "/data01/cert/wild.sre-test.me.pem"
    keyFile = "/data01/cert/wild.sre-test.me-key.pem"

Cheers,
BB

2

Can you give a bit more info please? In particular, how do you test: what exactly do you do and what you are observing. Also please provide a bit more details on cosul setup, what is the use of port 8000 and how tls is setup for it in consul.

3

Port 8000 is used by consul to provide secure connection to K/V store. This part works as expected with no issue at all. The problem is with kind of exclusion when I try to open this two pages at the same time: https://consul.sre-test.me and https://traefik.sre-test.me. Perhaps will be easier to show some pictures for better understanding.
Step 1. Open traefik page:

traefik-1
traefik-1743×166 9.03 KB

Step 2. Open consul page:
consul-1

But when I start in oposit direction, the consul page is open first, then things looks different:

Cheers,
BB

4

Step 1. Open consul page:
consul-2
Step 2. Open traefik page:
traefik-2
Take a look at address here and page content.

5

Thanks for the pic they help. At the risk of repeating myself, how did you setup TLS on consul? I would apreciate if you could answer this, even if you feel it's irrelevant.

6

Sure, no problem, here is complete consul configuration:

server = true
ui = true
bootstrap_expect = 3
node_name = "is-srecore01t"
retry_join = ["10.53.132.76","10.53.132.77","10.53.132.78"]
datacenter = "dc1-test"
primary_datacenter = "dc1-test"
acl = {
  enabled = true
  default_policy = "deny"
  enable_token_persistence = true
  tokens = {
    default = "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
  }
}
cert_file = "/data01/cert/wild.sre-test.me.pem"
key_file = "/data01/cert/wild.sre-test.me-key.pem"
ca_file = "/data01/cert/meCA2.pem"
verify_server_hostname = true
protocol = 3
data_dir = "/data01/consul/data"
client_addr = "127.0.0.1"
bind_addr = "10.53.132.76"
addresses = {
  https = "10.53.132.76"
 }
ports = {
  https = 8000
}
log_level = "info"
rejoin_after_leave = true
leave_on_terminate = true
disable_remote_exec = true
disable_update_check = true
7

Try clearing browser cache / restarting browser / using incognito mode. Make sure that if you are using toml configuration with traefik you do not have the file named all_dynamic.yml (note extension).

I tried your configuations, and it works, so I cannot reproduce your result. Which means the problem somewhere in what you are not showing.

The changes I made to your config:

Commented out middleware auth, both definiton and reference, changed the ip address, commented out 2 out of three load balacnced tcp servers.

Can see consul at https://consul.sre-test.me/ui/dc1-test/services and traefik at https://traefik.sre-test.me/dashboard/#/tcp/services/consul@file