ilteen
March 21, 2024, 10:37am
1
I have a django application that is used for time tracking at my institution. It's running as a docker container, with an apache web server in front of it (it does http basic auth using ldap and then redirects to http://django:80/ ).https://localhost , I always get "too many redirects". What did I do wrong?
version: '3'
services:
web:
depends_on:
- django
- traefik
expose:
- "${VIRTUAL_PORT}"
networks:
- default
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.chronocommand.rule=Host(`localhost`)"
- "traefik.docker.network=proxy"
- "traefik.http.routers.chronocommand.entrypoints=web,websecure"
django:
expose:
- "80"
ports:
- "8080:80"
- "8000:8000"
- "3000:3000"
volumes:
- ./Services/Chronocommand:/src
traefik:
image: "traefik:v3.0"
ports:
- "80:80"
- "443:443"
- "8888:8080" # Traefik dashboard
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./Services/DevTraefik/:/etc/traefik
networks:
proxy:
external: true
this is my traefik config:
api:
dashboard: true
insecure: true
global:
checkNewVersion: true
sendAnonymousUsage: false
entryPoints:
web:
address: :80
websecure:
address: :443
http:
tls: true
providers:
docker:
exposedByDefault: false
file:
directory: /etc/traefik
watch: true
How do you implement TLS with localhost? You just ignore the browser cert error?
Check the browser developer tools network tab, what is happening on network layer, what URLs are in play?
You can also check Traefik debug log and access log. Which component is sending the redirect?
And when going to production, make sure to remove all the ports from all containers except Traefik.
ilteen
March 21, 2024, 11:07am
3
Yes, for now I just ignore the cert warning in the browser.
The traefik debug log shows 2024-03-21 12:05:33 2024-03-21T11:05:33Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 3dae9183a267f800 multiple times.
And the only url in play is localhost.
Enable Traefik access log in JSON format to see if the response comes from Traefik itself or the target service.
ilteen
March 21, 2024, 1:26pm
5
This is the access log:
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 1 "websecure-chronocommand@docker" "http://172.22.0.3:80" 7ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 2 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 3 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 4 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 5 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 6 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 7 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 8 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 9 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 10 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 11 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 12 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 13 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 14 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 15 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 16 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 17 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 18 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 19 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:03 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 20 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 21 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 22 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 23 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 24 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 25 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 26 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 27 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 28 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 29 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 30 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 31 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 32 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 33 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 34 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 35 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 36 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 37 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 38 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 39 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
192.168.65.1 - - [21/Mar/2024:13:26:04 +0000] "GET / HTTP/2.0" 302 277 "-" "-" 40 "websecure-chronocommand@docker" "http://172.22.0.3:80" 0ms
Enable Traefik access log in JSON format to see if the response comes from Traefik itself or the target service.
That shows the status differentiated into OriginStatus (from target) and DownstreamStatus (from Traefik).
