Can't access to whoami on my test server

Traefik Traefik v3 (latest)
1

Hello,

I try to configure an api using docker and traefik on my vps server.

When I try to connect to the whoami service I get an connexion refused

Here is my traefik config file

entryPoints:
  web:
    address: ":80"
  web-secure:
    address: ":443"

certificatesResolvers:
  letsencrypt:
    acme:
      email: myadress@gmail.com
      storage: /certs/acme.json
      httpChallenge:
        entryPoint: web

http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
        permanent: true

Here is my docker config:

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    environment:
      - TZ=Europe/Brussels # Change this to your timezone
    networks:
      - traefik-proxy
    ports:
      - 80:80 # HTTP entryPoints
      - 443:443 # HTTPS entryPoints
      - 8080:8080 # Dashbaord WebGui
    volumes:
      - ./traefik.yml:/traefik.yml:ro
      - letsencrypt:/certs
    command:
      - --api.dashboard=true
      - --log.level=INFO
      - --api.insecure=true
      - --providers.docker
      #- --log.filepath=/var/log/traefik.log
      - --accesslog=true
      #- --accesslog.filepath=/var/log/traefik-access.log
      - --providers.docker.network=traefik-proxy
      - --providers.docker.exposedByDefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=web-secure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      # remove next line when using Traefik v2
      - --entrypoints.websecure.asDefault=true
      - --entrypoints.websecure.http.tls.certresolver=letsencrypt
      - --certificatesresolvers.letsencrypt.acme.email=mail@example.com
      - --certificatesresolvers.letsencrypt.acme.tlschallenge=true
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.rule=Host(`traefik.srv.mydomain.be`)
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth
      - traefik.http.middlewares.myauth.basicauth.users=test:test
  whoami:
    image: traefik/whoami:latest
    container_name: whoami
    ports:
      - '8083:8083'
    networks:
      - traefik-proxy # or your frontend network
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`whoami.srv.mydomain.be`)
      - traefik.http.routers.whoami.entrypoints=web-secure
      - traefik.http.routers.whoami.tls.certresolver=letsencrypt
      - traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
      - traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://$${1}
      - traefik.http.routers.mywhoami.middlewares=mywwwredirect
  


networks:
  traefik-proxy:
    external: true
  backend:

volumes:
  letsencrypt:

I'm a noob with traefik and letsencrypt so be indulgent please :slight_smile:

2

Top tips for newbies:

  1. Understand difference of static config (entrypoints, providers, certResolvers) and dynamic config (http, tcp)
  2. Decide for one static config, traefik.yml or command:, not both
  3. Dynamic config goes in separate file, loaded with providers.file, or in Docker labels, loaded with providers.docker
  4. Only Traefik should use ports:, all other target services should be connected via Docker network, not reachable externally
  5. Note that basicauth does not use plaint-text passwords, they need to be encrypted
  6. DRY, place things like http-to-https redirect and TLS globally on entrypoint

Finally, compare to simple Traefik example.

Add the full request URL to the post, that does not work for you.

And add the full error message you get.

1 Like