Bad gateway with almost all containers

Hi the community

I'm new to traefik configuration and I can't get it working as reverse proxy, always get the "bad gateway" error...
Looking for others topics, I wonder about some misconfiguration in my server (just a new Raspberry PI4 with debian 10 and docker + docker-compose)
Going to my new container with IP:port works, but try to access with sub.domain.com doesn't work with error "bad gateway". I also added the port with label into my docker compose:

      labels:
        - "traefik.http.routers.jeedom.rule=Host(`home.nico.si`)"
        - "traefik.http.services.jeedom.loadbalancer.server.port=8084"

Also, when I add the "whoami" test container, this work, without forcing the port value into label...

My complete docker compose config

Is there something wrong in my config ? Thanks :slight_smile:

Hi, bad gateway usually indicates a problem communicating with your backend service. Have you enabled debug logging in traefik and checked the logs? You could be trying to establish a HTTP connection to an HTTPS port.

Only HTTP until now... I added debug messages, so, lot of text I'm not sure how to analyze, but it doesn't look like an error ?

time="2021-09-07T00:26:22+02:00" level=debug
 msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request"
 Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},
  \"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,
  \"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],
  \"Accept-Encoding\":[\"gzip, deflate\"],
  \"Accept-Language\":[\"fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7\"],
  \"Cache-Control\":[\"max-age=0\"],\"Connection\":[\"keep-alive\"],
  \"Upgrade-Insecure-Requests\":[\"1\"],
  \"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36\"],
  \"X-Forwarded-Host\":[\"home.nico.si\"],\"X-Forwarded-Port\":[\"80\"],
  \"X-Forwarded-Proto\":[\"http\"],\"X-Forwarded-Server\":[\"d434582742d5\"],
  \"X-Real-Ip\":[\"192.168.1.254\"]},\"ContentLength\":0,\"TransferEncoding\":null,
  \"Host\":\"home.nico.si\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,
  \"RemoteAddr\":\"192.168.1.254:56136\",\"RequestURI\":\"/\",\"TLS\":null}"

That's just the request and headers from your browser, there's more in there that could be a clue as to what is happening. Look for the router configuration for the jeedom service, make sure its pointing at the correct port. Make sure an entrypoint was chosen. After the request from your logs that you pasted you should also see where traefik forwarded the request to.

In your docker compose you don't need the port configuration for each service, that is for mapping a host port to a container port but in this case you're going to reverse proxy through traefik to the container. The container still listens on its configured port and is available inside the docker network (local_net). Point your loadbalancer at the port the service is listening on.

Jeedom is a php+apache container and the default port is 80 ... But traefik also listen to port 80, do you mean they both can use port 80 without conflict ? Another point is, I used the link 192.168.1.21:8084 to double-check that my container jeedom is up and running, that's why it is usefull to have different port mapping for each container.
I will dive deep into traefik logs tonight, looking for the correct | grep formula to catch the only relevant log, thanks for helping :slight_smile:

Each container has its own network stack. They have their own network interface, route table, ip address, etc. You can have many containers on the same system listening on port 80 as long as you're not trying to bind them all to the same host port.

If you want to leave 8084 you can but the Jeedum container is still listening on port 80 on its own interface. You'll need to point your load balancer at port 80 (container port) not port 8084 (host port).

1 Like

Hi @bronzevanish thanks for this help :slight_smile:
Now I can reach some containers, using the right port and not the "host" mapped port. That means, I can have several web servers listening port 80 into their own container, and Traefik can reach all of them (by hosname ? or by IP ? ) without having specific mapping.
I can let the host port mapping anyway if I want to check the container without traefik, using the host IP + specific container port.

Considering Traefik debug logs, there are few clue, just confirm that the request was begin / forwarding / completed, but, the error is due to "connection redused", it is the good url / port indeed, I need to investigate into the targeted container ?

msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request"
msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL"
msg="'502 Bad Gateway' caused by: dial tcp 172.20.0.5:8581: connect: connection refused"
msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request"

502 Bad Gateway and Connection refused usually means the port is not open. Either the IP 172.20.0.5 isn't the right one for your container or 8581 is not the port the container is listening on. You should be able to reference the container by its name, jeedum, ofelia, etc. It "resolves" like DNS on the internal docker networks. Definitely check the logs in the container to see whats going on. Docker inspect the container to look at the network configuration.