Can traefik routing external https(443) -> traefik -> internal http(80)?

Traefik Traefik v2
,
1

I'm a new traefik user.
My question is that can traefik routing external https(443) traffic to internal http(80) service?
I want to set up traefik https server (using let's encrypt) and routing internal http service using docker.

docker-compose.yml

version: '3.8'

services:
  other_service_a:
    ports:
      - 80:80
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.other_service_a.rule=Host(`domain.com`) && Path(`/service_a`)"

  other_service_b:
    ports:
      - 3000:3000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.other_service_b.rule=Host(`domain.com`) && Path(`/service_b`)"
      
  traefik:
    image: traefik:latest
    restart: unless-stopped
    command:
      - "--log.level=DEBUG"
      - "--accesslog=/var/log/access.log"
      - "--log=/var/log/traefik.log"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=true"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=xxxxxxxxx@gmail.com"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - 443:443
      - 8080:8080
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik_log:/var/log"

I'm expected this (see below)

  1. https://domain.com/service_a -> Can access service_a
  2. https://domain.com/service_b -> Can access service_b

But is not working.
Am I wrong?
Maybe.... traefik can't route TLS traffic to HTTP traffic?
Please help me.

Thank you for reading.

2

Your routers are not tls enabled. You can do this for the entrypoint in general.

Adding the following command line option will do that.

--entrypoints.websecure.http.tls.certResolver=mytlschallenge

If you prefer you can enable tls on a per router basis too:

1 Like
3

Thank you for your help.
I tried to add traefik command like this.

  traefik:
    command:
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls.certResolver=mytlschallenge"

But it is not working.
Maybe the reason is traefik external traffic is TLS enabled but service_b is not enabled TLS.
(My question is this. Can traefik route TLS traffic to non-TLS traffic?
In other words, can traefik listen to 443/https forwarding to 3000/http?

Next, I tried this.

  other_service_b:
    ports:
      - 3000:3000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.other_service_b.rule=Host(`domain.com`) && Path(`/path`)"
      - "traefik.http.routers.other_service_b.entrypoints=websecure"
      - "traefik.http.routers.other_service_b.tls.certresolver=mytlschallenge"

Access https://domain.com/path
But the blank (white) page is loaded.
By the way, access http://internal_ip:3000 is correct working. Forwarding from traefik is not working.

Thanks.

4

Does anyone help this?

5

No http status codes? http 200, 404, 500 etc ?

Does http://internal_ip:3000/path return the same thing. As you do not have any middleware that is what would be received on the backend.

This is probably the most common use case. Yes it is supported.

1 Like
6

@cakiwi
Thank you for your response.

HTTP 404 error occurred (white page).

Should I define middleware?

http://internal_ip:3000/
is working.

http://internal_ip:3000/path
doesn't work.

internal service is http://internal_ip:3000/ .
I want to set up traefik routing like here

https://domain.com/path -> http://internal_ip:3000/

Please teach me....

Thanks.

7

Yes. You will want to use stripprefix middlware.
Your contianer will need label to define the middleware and for the router to use the middleware.

- "traefik.http.middlwares.strip_a.stripprefix.prefixes=/service_a"
- "traefik.http.routers.other_service_a.middlewares=strip_a"
1 Like
8

@cakiwi
I tried your advice.
But, it's not working.

docker-compose logs traefik result is

traefik_1             | time="2020-10-05T17:23:36Z" level=error msg="field not found, node: middlwares" providerName=docker container=service_a-service_a-3e46122acaaa0f94e153c2d9cc7e6ecf090ae561ac6e887c7b99f10735592d1c
traefik_1             | time="2020-10-05T17:23:36Z" level=info msg="Skipping same configuration" providerName=docker
traefik_1             | time="2020-10-05T17:23:36Z" level=error msg="field not found, node: middlwares" providerName=docker container=service_a-service_a-3e46122acaaa0f94e153c2d9cc7e6ecf090ae561ac6e887c7b99f10735592d1c

level=error msg="field not found, node: middlwares" is very concern...

9

Seems to typo middlwares. middlewares is correct.
And..

Is this need .stripprefix?
I think
- "traefik.http.routers.other_service_a.middlewares=strip_a"
is correct because this overview example explain here

- "traefik.http.routers.router1.middlewares=foo-add-prefix@docker"

I tried these fix but it's not working...
It returns HTTP 404 response only.

traefik is very difficult...

hm... my internal service is listening 3000/tcp.
Do I need to specify 3000/tcp using middleware?

10

Sorry. Some typos. I will update now.

If the container exports only port 3000 then traefik docker provider will use that port. If none or multiple are exported then you need to specify.

  - "traefik.http.services.service01.loadbalancer.server.port=foobar"
11

Thank you update but not yet fixed middlwares (correctly middlewares)

What kind of state export port?

  1. in docker-compose.yml -> ports: 3000:3000 ?
  2. in docker-compose.yml -> expose: "3000" ?
  3. in Dockerfile -> EXPOSE 3000 ?
  4. in container -> launch listening port 3000/tcp program(service, daemon) ?
  5. other ?

I want to clarify this.

Thanks.

12

#3 What the container exposes. 1 & 2 are publishing as per docker commands.

If you repost your updated compose I can take another look. Tomorrow EDT. Or someone else will.

1 Like
13

Very Thank you for your some good advice :bowing_man:
I've tested this simple nginx and traefik using docker-compose and success it.

This is not traefik issue. I'm trying to set up Rocket.Chat based this docker-compose.yml
https://github.com/RocketChat/Rocket.Chat/blob/develop/docker-compose.yml
(traefik service is commented out, so I remove # to enable traefik service).
I will ask this Rocket.Chat forum continue.

Thanks.

1 Like
14

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.