Can not reach host service

Hi there!

I am newbie with traefik, so it may be silly question... I have traefik installed at docker swarm and I need to reach a service at the swarm master host but I always got gateway timeout.

My docker-compose.yml:

version: '3.7'

services:
  traefik:
    image: traefik:v2.6
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
    deploy:
      placement:
        constraints:
          - node.labels.traefik-public.traefik-public-certificates == true
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik_traefik
        - traefik.constraint-label=traefik-public
        - traefik.http.middlewares.admin-auth.basicauth.users=...
        - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
        - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
        - traefik.http.routers.traefik-public-http.rule=Host("...")
        - traefik.http.routers.traefik-public-http.entrypoints=http
        - traefik.http.routers.traefik-public-http.middlewares=https-redirect
        - traefik.http.routers.traefik-public-https.rule=Host("...")
        - traefik.http.routers.traefik-public-https.entrypoints=https
        - traefik.http.routers.traefik-public-https.tls=true
        - traefik.http.routers.traefik-public-https.service=api@internal
        - traefik.http.routers.traefik-public-https.tls.certresolver=le
        - traefik.http.routers.traefik-public-https.middlewares=admin-auth
        - traefik.http.services.traefik-public.loadbalancer.server.port=8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-public-certificates:/certificates
      - /srv/traefik/traefik.yml:/etc/traefik/traefik.yml
      - /srv/traefik/conf.d:/etc/traefik/conf.d
    networks:
      - traefik

volumes:
  traefik-public-certificates:

networks:
  traefik:
    driver: overlay
    attachable: true

My /srv/traefik/traefik.yml

providers:
  docker:
    constraints: Label(`traefik.constraint-label`, `traefik-public`)
    exposedByDefault: false
    swarmMode: true
    endpoint: "unix:///var/run/docker.sock"

  file:
    directory: "/etc/traefik/conf.d"
    watch: true

entrypoints:
  http:
    address: ":80"
  https:
    address: ":443"

certificatesresolvers:
  le:
    acme:
      email: ...
      storage: /certificates/acme.json
      tlschallenge: true

accesslog: true
log: true
api: true

My /srv/traefik/conf.d/s3.yml

http:
  routers:
    s3:
      entrypoints:
        - "http"
      rule: "Host(`s3.host.name`)"
      service: "s3"
    swfs:
      entrypoints:
        - "http"
      rule: "Host(`swfs.host.name`)"
      service: "swfs"

  services:
    s3:
      loadBalancer:
        servers:
          - url: "http://10.8.0.1:8333"
    swfs:
      loadBalancer:
        servers:
          - url: "http://10.8.0.1:9333"

I can access services at 10.8.0.1:8333 and 10.8.0.1:9333 directly via network, but not via traefik. Please help, I am stuck.

And sorry for bad English

Hi @axel_verse,
Thanks for your interest in Traefik.

Gateway timeout can occur when Traefik doesn't know how to reach a network.
Did you try to access to the services from the child node/Traefik container directly?

The s3 and swfs are in swarm too or outside of the swarm?

My bad (((
My firewall's default policy was DROP. Allowing access from 172.17.0.0/8 made everything works