Can't get round 404 on reverse proxy to trino

I'm trying to set up a reverse proxy to trino in docker compose:

networks:
  proxy:
    name: proxy
    
services:
  traefik:
    image: traefik:v3.0
    ports:
      - 1443:1443
      # - 8181:8181 # dashboard port 
    networks:
      - proxy
    platform: linux/amd64
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    command:
      # - --api.dashboard=true
      # - --api.dashboard.port=8181
      # - --api.insecure=true
      - --log.level=DEBUG
      - --accesslog=true
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false 
      - --providers.docker.network=proxy
      - --entrypoints.websecure.address=:1443
      - --entrypoints.websecure.asDefault=true

  trino:
    container_name: trino
    image: vastdataorg/trino-vast:429
    ports:
      - 18080:8080
    networks:
      - proxy
    platform: linux/amd64
    volumes:
      - ./vast.properties:/etc/trino/catalog/vast.properties:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.mytrino.rule=Host(`trino.localhost`)
      - traefik.http.routers.mytrino.entrypoints=websecure
      - traefik.http.routers.mytrino.middlewares=trino-headers
      - traefik.http.services.mytrino.loadbalancer.server.port=8080

      # Define middleware for headers inline
      - traefik.http.middlewares.trino-headers.headers.customrequestheaders.X-Forwarded-Host=trino.localhost
      - traefik.http.middlewares.trino-headers.headers.customrequestheaders.X-Forwarded-For=${remoteAddr}
      - traefik.http.middlewares.trino-headers.headers.customrequestheaders.X-Forwarded-Proto=https

However, I can't get past:

> curl -k https://trino.localhost:1443
404 page not found

In the traefik logs, I see:

traefik-1  | 172.22.0.1 - - [20/Oct/2024:18:16:40 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 7 "-" "-" 0ms

From what I understand, trino doesn't need special configuration to sit behind a reverse proxy.

Any ideas how to debug?


UPDATE: curl with -v

> curl -v -k https://trino.localhost:1443
* Host trino.localhost:1443 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:1443...
* connect to ::1 port 1443 from ::1 port 55961 failed: Connection refused
*   Trying 127.0.0.1:1443...
* Connected to trino.localhost (127.0.0.1) port 1443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=TRAEFIK DEFAULT CERT
*  start date: Oct 20 21:11:37 2024 GMT
*  expire date: Oct 20 21:11:37 2025 GMT
*  issuer: CN=TRAEFIK DEFAULT CERT
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://trino.localhost:1443/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: trino.localhost:1443]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: trino.localhost:1443
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/2 404
< content-type: text/plain; charset=utf-8
< x-content-type-options: nosniff
< content-length: 19
< date: Sun, 20 Oct 2024 21:14:46 GMT
<
404 page not found
* Connection #0 to host trino.localhost left intact

You use https to connect to Traefik, but there seems to be no TLS or LetsEncrypt active.

1 Like

Thanks @bluepuma77

I just needed to add:

    labels:
      - traefik.enable=true
      - traefik.http.routers.mytrino.rule=Host(`192.168.0.114`)
      - traefik.http.routers.mytrino.entrypoints=websecure

      # Fix missing TLS setup
      - traefik.http.routers.mytrino.tls=true 
      ...

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.