Attempt to rewrite minimal Traefik example to use TLS does not work

(also posted at docker compose - Attempt to rewrite minimal Traefik example to use TLS does not work - Stack Overflow)

The minimal example from
https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/
works on my local machine. However, when I try to adapt this to use TLS I run into an issue. I'm a Traefik newbie, so I might be doing a stupid mistake.

This is my attempt:

version: "3.3"

services:

  traefik:
    image: "traefik:v2.8"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--accesslog=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
    ports:
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`127.0.0.1`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"

So the major modification is to use "traefik.http.routers.whoami.entrypoints=websecure" instead of "traefik.http.routers.whoami.entrypoints=web"

Running

$ curl -k https://127.0.0.1

I get

404 page not found

The traefik log shows no routing related issues and the internal traefik setup for routing etc shown using curl https://127.0.0.1:8080/api/rawdata | jq . looks the same as the one of the working example, except the changed port.

You must explicitly define a network for your docker containers, just add:

    networks:
      - rproxy

to both your traefik container and your whoami container

then define the network at the bottom of dockercompose.yml

networks:
  rproxy:
    name: rproxy
    external: true

Without a network defined in the compose a project wide default network is created and all service are connected to it.

This looks really straight forward, it should be working as far as I can tell.

TLS is not enabled on the entrypoint. So you can add that on the entrypoint OR on the router.

Thanks! Setting TLS on the router fixed it. Setting the network did not fix it, also would have surprised me because the example without TLS worked.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.