"bad request" apache2 error w traefik 2.5 & webtrees 1.7.19 docker images

toft · January 29, 2022, 5:52am

I am trying to use traefik as reverse proxy to direct HTTPS internet traffic to a web app called webtrees. Both traefik and webtrees are running in docker containers.

I set the traefik container port 443:8081 and webtrees container port 8081:443 hoping that traefik takes incoming 443 traffic, sends it to the webtrees service which receives it internally on 8081 but mapped to the container's port 443. But of course it's not working (or I wouldn't be posting).

Webtrees runs apache2 which is throwing a "Bad Request...you're speaking plain HTML to an SSL-enabled server port..." error when I connect. So, seems like traefik is indeed routing to webtrees but not as HTTPS?

# traefik.toml static config file created 23-jan-2022:

[entryPoints]
  [entryPoints.websecure]
    address = ":443"
    [entryPoints.websecure.http]
      [entryPoints.websecure.http.tls]
        certResolver = "lets-encrypt"
  [entrypoints.webtrees]
    address = ":8081"

[api]
  dashboard = true
#  dynamic api config (for dashboard) in traefik's yaml file

[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  #domain = "mrmr.pro"
  watch = true
  network = "dweb"
  #exposedbydefault = false

[certificatesResolvers.lets-encrypt.acme]
  email = "redacted@protonmail.ch"
  storage = "acme.json"
  [certificatesResolvers.lets-encrypt.acme.tlsChallenge]

[log]
  level = "ERROR"
  filePath = "/logs/traefik.log"

[accessLog]
  filePath = "/logs/traefik-access.log"

# docker-compose.yml for traefik v2.x reverse proxy container
# created 23-jan-2022

# NB: Host rule uses backticks to quote!  So nonintuitive!

version: '3'

services:
  traefik:
    image: traefik:v2.5
    restart: always
  # Here's the docker network we created: 
    networks:
      - dweb
    ports:
      - 443:8081
    labels:
      - traefik.enable=true
      - traefik.docker.network=dweb
      - traefik.http.routers.api.rule=Host(`traefik.mydom.pro`)
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.api.middlewares=auth
      - traefik.http.routers.api.tls=true
      - traefik.http.routers.api.tls.certresolver=lets-encrypt
      - traefik.http.middlewares.auth.basicauth.users=redacted:$$apr2$$6sNEg4kB$KnvnKHdlDeUK.wIXw/
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
      - /opt/traefik/logs:/logs
    container_name: traefik

networks:
  dweb:
    external: true

And finally the webtrees yml file:

# docker-compose.yml for webtrees 
# written 05-jan-2022 by fgb
version: '2'
services:
             webtrees:
                     image: dtjs48jkt/webtrees:v1.7.10
                     ports:
                       # - 443:443
                             - 8081:443
                     depends_on:
                             - db
                     volumes:
                             - /var/www/html/webtrees/data:/var/www/html/data
                             - /var/www/html/webtrees:/var/www/html
                     environment:
                             GROUP_ID: 501
                     networks:
                             - dweb
                             - internal
                     labels:
                             - traefik.enable=true
                             - traefik.http.routers.webtrees.rule=Host(`boohoo.mydom.pro`)
                             - traefik.http.routers.webtrees.tls=true
                             - traefik.http.routers.webtrees.tls.certresolver=lets-encrypt
                             - traefik.docker.network=dweb
             db:
                     image: mariadb:latest
                     restart: always
                     volumes:
                             - /var/lib/mysql:/var/lib/mysql
                     environment:
                             MYSQL_ROOT_PASSWORD: redacted@hooha
                     ports:
                             - 3306:3306
                     networks:
                             - internal
                     labels:
                             - traefik.enable=false
networks:
            dweb:
                    external: true
            internal:

Any suggestions appreciated.

toft · January 30, 2022, 9:39pm

This issue has been solved. As the author I would delete this post but can't see how to do that, sorry.

Topic		Replies	Views
Traefik v2.0 does not work for me with any other port other than 80 Traefik v2 docker	5	5346	July 1, 2023
Bad gateway when using auth username and password Traefik v2 docker	1	461	June 1, 2023
400 Bad Request The plain HTTP request was sent to HTTPS port Traefik v2 docker	1	3101	March 17, 2023
HTTP works fine, but HTTPS not Traefik v2 docker	2	453	March 18, 2020
Cant get the HTTP out of træfik Traefik v2 docker , tcp	8	2443	April 13, 2020

"bad request" apache2 error w traefik 2.5 & webtrees 1.7.19 docker images

Related topics