Can traefik routing external https(443) -> traefik -> internal http(80)?

falconws · October 1, 2020, 4:51pm

I'm a new traefik user.
My question is that can traefik routing external https(443) traffic to internal http(80) service?
I want to set up traefik https server (using let's encrypt) and routing internal http service using docker.

docker-compose.yml

version: '3.8'

services:
  other_service_a:
    ports:
      - 80:80
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.other_service_a.rule=Host(`domain.com`) && Path(`/service_a`)"

  other_service_b:
    ports:
      - 3000:3000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.other_service_b.rule=Host(`domain.com`) && Path(`/service_b`)"
      
  traefik:
    image: traefik:latest
    restart: unless-stopped
    command:
      - "--log.level=DEBUG"
      - "--accesslog=/var/log/access.log"
      - "--log=/var/log/traefik.log"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=true"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=xxxxxxxxx@gmail.com"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - 443:443
      - 8080:8080
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik_log:/var/log"

I'm expected this (see below)

https://domain.com/service_a -> Can access service_a
https://domain.com/service_b -> Can access service_b

But is not working.
Am I wrong?
Maybe.... traefik can't route TLS traffic to HTTP traffic?
Please help me.

Thank you for reading.

cakiwi · October 1, 2020, 5:13pm

Your routers are not tls enabled. You can do this for the entrypoint in general.

Adding the following command line option will do that.

--entrypoints.websecure.http.tls.certResolver=mytlschallenge

If you prefer you can enable tls on a per router basis too:

falconws · October 2, 2020, 12:55am

Thank you for your help.
I tried to add traefik command like this.

  traefik:
    command:
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls.certResolver=mytlschallenge"

But it is not working.
Maybe the reason is traefik external traffic is TLS enabled but service_b is not enabled TLS.
(My question is this. Can traefik route TLS traffic to non-TLS traffic?
In other words, can traefik listen to 443/https forwarding to 3000/http?

Next, I tried this.

  other_service_b:
    ports:
      - 3000:3000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.other_service_b.rule=Host(`domain.com`) && Path(`/path`)"
      - "traefik.http.routers.other_service_b.entrypoints=websecure"
      - "traefik.http.routers.other_service_b.tls.certresolver=mytlschallenge"

Access https://domain.com/path
But the blank (white) page is loaded.
By the way, access http://internal_ip:3000 is correct working. Forwarding from traefik is not working.

Thanks.

falconws · October 5, 2020, 1:56pm

Does anyone help this?

cakiwi · October 5, 2020, 3:32pm

No http status codes? http 200, 404, 500 etc ?

Does http://internal_ip:3000/path return the same thing. As you do not have any middleware that is what would be received on the backend.

This is probably the most common use case. Yes it is supported.

falconws · October 5, 2020, 4:10pm

@cakiwi
Thank you for your response.

HTTP 404 error occurred (white page).

Should I define middleware?

http://internal_ip:3000/
is working.

http://internal_ip:3000/path
doesn't work.

internal service is http://internal_ip:3000/ .
I want to set up traefik routing like here

https://domain.com/path -> http://internal_ip:3000/

Please teach me....

Thanks.

cakiwi · October 5, 2020, 4:44pm

Yes. You will want to use stripprefix middlware.
Your contianer will need label to define the middleware and for the router to use the middleware.

- "traefik.http.middlwares.strip_a.stripprefix.prefixes=/service_a"
- "traefik.http.routers.other_service_a.middlewares=strip_a"

falconws · October 5, 2020, 5:28pm

@cakiwi
I tried your advice.
But, it's not working.

docker-compose logs traefik result is

traefik_1             | time="2020-10-05T17:23:36Z" level=error msg="field not found, node: middlwares" providerName=docker container=service_a-service_a-3e46122acaaa0f94e153c2d9cc7e6ecf090ae561ac6e887c7b99f10735592d1c
traefik_1             | time="2020-10-05T17:23:36Z" level=info msg="Skipping same configuration" providerName=docker
traefik_1             | time="2020-10-05T17:23:36Z" level=error msg="field not found, node: middlwares" providerName=docker container=service_a-service_a-3e46122acaaa0f94e153c2d9cc7e6ecf090ae561ac6e887c7b99f10735592d1c

level=error msg="field not found, node: middlwares" is very concern...

falconws · October 5, 2020, 5:49pm

Seems to typo middlwares. middlewares is correct.
And..

Is this need .stripprefix?
I think
- "traefik.http.routers.other_service_a.middlewares=strip_a"
is correct because this overview example explain here

- "traefik.http.routers.router1.middlewares=foo-add-prefix@docker"

I tried these fix but it's not working...
It returns HTTP 404 response only.

traefik is very difficult...

hm... my internal service is listening 3000/tcp.
Do I need to specify 3000/tcp using middleware?

cakiwi · October 5, 2020, 6:49pm

Sorry. Some typos. I will update now.

If the container exports only port 3000 then traefik docker provider will use that port. If none or multiple are exported then you need to specify.

  - "traefik.http.services.service01.loadbalancer.server.port=foobar"

falconws · October 6, 2020, 12:26am

Thank you update but not yet fixed middlwares (correctly middlewares)

What kind of state export port?

in docker-compose.yml -> ports: 3000:3000 ?
in docker-compose.yml -> expose: "3000" ?
in Dockerfile -> EXPOSE 3000 ?
in container -> launch listening port 3000/tcp program(service, daemon) ?
other ?

I want to clarify this.

Thanks.

cakiwi · October 6, 2020, 1:23am

#3 What the container exposes. 1 & 2 are publishing as per docker commands.

If you repost your updated compose I can take another look. Tomorrow EDT. Or someone else will.

falconws · October 7, 2020, 5:49am

Very Thank you for your some good advice
I've tested this simple nginx and traefik using docker-compose and success it.

This is not traefik issue. I'm trying to set up Rocket.Chat based this docker-compose.yml
https://github.com/RocketChat/Rocket.Chat/blob/develop/docker-compose.yml
(traefik service is commented out, so I remove # to enable traefik service).
I will ask this Rocket.Chat forum continue.

Thanks.

system · October 10, 2020, 5:49am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik dispatcher infront of other traefik instances Traefik v2 (latest) docker , letsencrypt-acme	8	1500	January 13, 2022
Traefik behind Traefik Traefik v2 (latest) docker , tcp	1	761	April 6, 2023
Having traefik serving internal and external services (public / private)? Traefik v2 (latest) docker , middleware	0	2207	April 14, 2020
Difficulties to route traffic to external host Traefik v2 (latest) docker , file	1	542	October 30, 2020
Run traefik behind traefik reverse proxy Traefik v2 (latest) docker , letsencrypt-acme , tcp	4	6519	October 17, 2023

Can traefik routing external https(443) -> traefik -> internal http(80)?

Related Topics