Bad Gateway - container IP changed after some time

David1 · July 29, 2021, 7:38am

Hello,

I'm using traefik v2 for a couple of containers. Most of them are working without a problem. All are running with a lets encrypt cert.

I'm running a standard notes instance, what is behaving weird. When I started the container it is working well, after some time 8h-72h, the IP of the container is somehow changed (will call it broken ip) and traefik cant route anymore. The ip change is shown in the traefik ui, i cant find the change in the docker network inspect.

This will result in a bad gateway and the container is not reachable from the outside anymore. I can reach it from the server via the broken ip and the working ip. My current fix is to restart the container, after this it is working for a while...
I dont know how to continue...

Broken:

Working:

root@v22019015010380916:/var/docker# curl http://172.19.0.6:3000/auth/params
{"error":{"message":"Please provide an email address."}}root@v22019015010380916:/var/docker# ^C
root@v22019015010380916:/var/docker# curl http://192.168.128.8:3000/auth/params
{"error":{"message":"Please provide an email address."}}root@v22019015010380916:/var/docker#

Docker-compose:

version: '3.2'

networks:
  proxy:
    external: true
  backend:
    external: false
    
services:
  syncing-server-js:
    image: standardnotes/syncing-server-js:latest
    depends_on:
      - db
      - cache
    entrypoint: [
      "./wait-for.sh", "db", "3306",
      "./wait-for.sh", "cache", "6379",
      "./docker/entrypoint.sh", "start-web"
    ]
    env_file: .env
    environment:
      PORT: 3000
    networks:
      - backend

  syncing-server-js-worker:
    image: standardnotes/syncing-server-js:latest
    depends_on:
      - db
      - cache
      - syncing-server-js
    entrypoint: [
      "./wait-for.sh", "db", "3306",
      "./wait-for.sh", "cache", "6379",
      "./wait-for.sh", "syncing-server-js", "3000",
       "./docker/entrypoint.sh", "start-worker"
    ]
    env_file: .env
    environment:
      PORT: 3000
    networks:
      - backend

  api-gateway:
    image: standardnotes/api-gateway:latest
    depends_on:
      - auth
      - syncing-server-js
    env_file: docker/api-gateway.env
    ports:
      - ${EXPOSED_PORT}:3000
    environment:
      PORT: 3000
      AUTH_JWT_SECRET: '${AUTH_JWT_SECRET}'
    entrypoint: [
      "./wait-for.sh", "auth", "3000",
      "./wait-for.sh", "syncing-server-js", "3000",
      "./docker/entrypoint.sh", "start-web"
    ]
    networks:
      - backend
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.standardnotesserver-router.rule=Host(`notes.abc.de`)"
      - "traefik.http.routers.standardnotesserver-router.entrypoints=websecure"
      - "traefik.http.routers.standardnotesserver-router.tls.certresolver=mytlschallenge"
      - "traefik.http.services.standardnotesserver-service.loadbalancer.server.port=3000"

  auth:
    image: standardnotes/auth:latest
    depends_on:
      - db
      - cache
      - syncing-server-js
    entrypoint: [
      "./wait-for.sh", "db", "3306",
      "./wait-for.sh", "cache", "6379",
      "./wait-for.sh", "syncing-server-js", "3000",
      "./docker/entrypoint.sh", "start-web"
    ]
    env_file: docker/auth.env
    environment:
      PORT: 3000
      DB_HOST: '${DB_HOST}'
      DB_REPLICA_HOST: '${DB_REPLICA_HOST}'
      DB_PORT: '${DB_PORT}'
      DB_DATABASE: '${DB_DATABASE}'
      DB_USERNAME: '${DB_USERNAME}'
      DB_PASSWORD: '${DB_PASSWORD}'
      DB_DEBUG_LEVEL: '${DB_DEBUG_LEVEL}'
      DB_MIGRATIONS_PATH: '${DB_MIGRATIONS_PATH}'
      REDIS_URL: '${REDIS_URL}'
      AUTH_JWT_SECRET: '${AUTH_JWT_SECRET}'
    networks:
      - backend

  auth-worker:
    image: standardnotes/auth:latest
    depends_on:
      - db
      - cache
      - auth
    entrypoint: [
      "./wait-for.sh", "db", "3306",
      "./wait-for.sh", "cache", "6379",
      "./wait-for.sh", "auth", "3000",
      "./docker/entrypoint.sh", "start-worker"
    ]
    env_file: docker/auth.env
    environment:
      PORT: 3000
      DB_HOST: '${DB_HOST}'
      DB_REPLICA_HOST: '${DB_REPLICA_HOST}'
      DB_PORT: '${DB_PORT}'
      DB_DATABASE: '${DB_DATABASE}'
      DB_USERNAME: '${DB_USERNAME}'
      DB_PASSWORD: '${DB_PASSWORD}'
      DB_DEBUG_LEVEL: '${DB_DEBUG_LEVEL}'
      DB_MIGRATIONS_PATH: '${DB_MIGRATIONS_PATH}'
      REDIS_URL: '${REDIS_URL}'
      AUTH_JWT_SECRET: '${AUTH_JWT_SECRET}'
    networks:
      - backend

  db:
    image: mariadb:10.3.12
    environment:
      MYSQL_DATABASE: '${DB_DATABASE}'
      MYSQL_USER: '${DB_USERNAME}'
      MYSQL_PASSWORD: '${DB_PASSWORD}'
      MYSQL_ROOT_PASSWORD: '${DB_PASSWORD}'
    ports:
      - 3306
    command: --default-authentication-plugin=mysql_native_password --character-set-server=utf8 --collation-server=utf8_general_ci
    volumes:
      - ./data/mysql:/var/lib/mysql
      - ./data/import:/docker-entrypoint-initdb.d
    networks:
      - backend

  cache:
    image: redis:6.0-alpine
    volumes:
      - ./data/redis/:/data
    ports:
      - 6379
    networks:
      - backend

  standardnotes-extensions:
    container_name: standardnotes-extensions
    build: . # https://github.com/moookino/snext/blob/master/Dockerfile
    # https://stackoverflow.com/questions/50453931/docker-compose-build-context-from-git-repository-with-dockerfile-inside-folder
    environment:
      - URL=notes-ext.abc.de # https://github.com/iganeshk/standardnotes-extensions/blob/master/env.sample
      - USERNAME=davidrot
      - TOKEN=d483b1769ceb86e8dc113c406db6bdffa3e7e5b1
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.standardnotesextserver-router.rule=Host(`notes-ext.abc.de`)"
      - "traefik.http.routers.standardnotesextserver-router.entrypoints=websecure"
      - "traefik.http.routers.standardnotesextserver-router.tls.certresolver=mytlschallenge"
      - "traefik.http.services.standardnotesextserver-service.loadbalancer.server.port=8043"
      - "traefik.http.routers.standardnotesextserver-router.middlewares=corsheaders"
      # CORS
      - "traefik.http.middlewares.corsheaders.headers.accesscontrolallowmethods=GET,POST,PATCH,OPTIONS"
      - "traefik.http.middlewares.corsheaders.headers.accesscontrolalloworiginlist=*"
      - "traefik.http.middlewares.corsheaders.headers.accessControlAllowHeaders=Content-Type"

volumes:
  db:

docker inspect network proxy (broken state):

[
    {
        "Name": "proxy",
        "Id": "96d0baf9756e9cfa0043f03c806e0bad6b0fa15eb66f2fe6f77511656526f370",
        "Created": "2020-01-15T17:08:22.589670502+01:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.19.0.0/16",
                    "Gateway": "172.19.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "099c96b0e0f9469984c8a8e7ca6bed41e588c14090739b10dabf326159b91f4c": {
                "Name": "traefik",
                "EndpointID": "528fd26b618da85c0a81acc4046bc9ca421d954d04be8584e85a261474d79b04",
                "MacAddress": "02:42:ac:13:00:02",
                "IPv4Address": "172.19.0.2/16",
                "IPv6Address": ""
            },
            "16ed577d0c7b1f175ce94b9d45a90c09ba5c80ae371775a356b3bac912da125d": {
                "Name": "standardnotes_api-gateway_1",
                "EndpointID": "17360fed46bb5d7e8a9210b69a94e8f9cbc6bd29803bb639f9979046ecf73059",
                "MacAddress": "02:42:ac:13:00:06",
                "IPv4Address": "172.19.0.6/16",
                "IPv6Address": ""
            },
            "1e5c070fbaebdebf860751bed3df306ee2486e8140158326ba676cb044c98968": {
                "Name": "ratgebergeldat_rgg_1",
                "EndpointID": "f1fa6bf1366479f8380feac78ef1d40639067dae7f50d2a53af94cbd599780a2",
                "MacAddress": "02:42:ac:13:00:07",
                "IPv4Address": "172.19.0.7/16",
                "IPv6Address": ""
            },
            "5c4a1901626faa512829a8001cdec02216c4e08d3118348f221f8a79df55669c": {
                "Name": "standardnotes-extensions",
                "EndpointID": "b42bb877896233053819c9a65715e08c8ae352baadc1e9d127cf8e3125319de6",
                "MacAddress": "02:42:ac:13:00:05",
                "IPv4Address": "172.19.0.5/16",
                "IPv6Address": ""
            },
            "703e90971e992778198e633eaaeec6d8285cf6c126f8d86e415cc077472fdc02": {
                "Name": "nextcloud",
                "EndpointID": "23931a9e6abd801d149a9a5785cd95a0840bc33335ef5fa599d89ab3ef7df355",
                "MacAddress": "02:42:ac:13:00:08",
                "IPv4Address": "172.19.0.8/16",
                "IPv6Address": ""
            },
            "b26f2c22a4c8fcb575b8e1013d309a49bc5c951b0d0c8619038d648b111ef5e3": {
                "Name": "website-ftp",
                "EndpointID": "c59696e903098ffa507c176259f67d2a408532c137f0d123ab4c295ddb6634f8",
                "MacAddress": "02:42:ac:13:00:09",
                "IPv4Address": "172.19.0.9/16",
                "IPv6Address": ""
            },
            "b841cb580918a311f13614e5ee47ff23e4e756bf8822c57078908a2d4c09d176": {
                "Name": "website-http",
                "EndpointID": "edd3b10e469dea039ce2190a923de17821da75d46d976630528a8ed8602a0ca6",
                "MacAddress": "02:42:ac:13:00:0a",
                "IPv4Address": "172.19.0.10/16",
                "IPv6Address": ""
            },
            "e22839ee05e7b33e424057d4003579da76b6cf7d5cada953cba0feb79c641b1f": {
                "Name": "gitlab",
                "EndpointID": "af6cedc57158306dd757fa4eb152282acfdebdc9d1582c5f7ed8b5353ff4e68f",
                "MacAddress": "02:42:ac:13:00:04",
                "IPv4Address": "172.19.0.4/16",
                "IPv6Address": ""
            },
            "e49486aec22d515942cd07f7dedee4c52dbcbd20aac93b0b56846110b3519486": {
                "Name": "usertrack-server",
                "EndpointID": "e8fbe92ea4ebd55dc2b331c420b38297a3264417835356d36af4528b127b27a6",
                "MacAddress": "02:42:ac:13:00:03",
                "IPv4Address": "172.19.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

cakiwi · July 31, 2021, 1:32am

The container is on two networks, traefik does not know which one to use. There is a parameter for the docker provider to identify which network to use or it can be done via a label.

provider.docker.network

traefik.docker.network

David1 · August 1, 2021, 7:28am

Thanks for the response. I will try and mark your answer as the solution if it is working.

system · August 4, 2021, 7:28am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik error 504 bad gateway Traefik v2 (latest) docker	1	765	October 28, 2019
Bad Gateway: Finding Wrong IP's routed to Traefik v2 (latest) docker	0	1994	December 17, 2020
Random containers give Bad Gateway Traefik v2 (latest) docker	4	1280	December 7, 2022
Bad gateway on docker service Traefik v2 (latest) docker	18	2055	June 2, 2023
Bad gateway with almost all containers Traefik v2 (latest) docker	7	12533	September 14, 2021

Bad Gateway - container IP changed after some time

Related Topics