Cloudflare subdomain, a records not working with traefik

Traefik Traefik v3 (beta)
1

I'm using traefik.

On my local machine, by using /etc/hosts, the traefik could handle subdomain very well, but with cloudflare, it is not working.

Here is what happened when I visit http://whoami.ai-tools-online.xyz

local with hosts:

traefik                   | 172.19.0.1 - - [21/Feb/2023:01:35:46 +0000] "GET / HTTP/1.1" 200 722 "-" "-" 1 "whoami_router@file" "http://whoami:80" 13ms

remote with cloudflare:

traefik                                                  | 172.70.222.109 - - [21/Feb/2023:01:31:53 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 13 "-" "-" 3ms

More info:

/etc/hosts:

127.0.0.1 whoami.weloveparty.domain.local

traefik dynamic config:

http:
  routers:
    whoami_router:
      entryPoints:
        - web
        - websecure
      rule: "Host(`whoami.ai-tools-online.xyz`, `whoami.weloveparty.domain.local`)"
      service: whoami_service

  services:
    whoami_service:
      loadBalancer:
        servers:
          - url: http://whoami:80

docker-compose file:

version: "3.9"

services:
  traefik:
    image: "traefik:v3.0.0-beta2" #"traefik:v2.9.6"
    container_name: "traefik"
    command:
      - "--accesslog=true"
      # - "--accessLog.filePath=/tmp/traefik_log.txt"
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.file.directory=/traefik_dynamic_configs"
      - "--providers.file.watch=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
    ports:
      - "80:80"
      # - "443:443"
      # - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./configs/traefik_dynamic_configs:/traefik_dynamic_configs" # <== Volume for dynamic conf file
    restart: unless-stopped

  whoami:
    image: "traefik/whoami"
    expose: #expose port to other container by using http://whoami:80
      - "80"
    restart: unless-stopped
2

Here is the cloudflare community's progress, the bug not get solved yet:

https://community.cloudflare.com/t/subdomain-multiple-a-records-is-not-working/476124

3

When you use provider.docker, you can assign labels to whoami for Configuration Discovery. Place Traefik and the services on the same Docker network, no need for a dynamic config file, see example.

A lot of people have issues setting up Cloudflare, I think it really depends on your configuration. Do you just use it for DNS or do you proxy everything, is proxy protocol enabled?

Enable Traefik debug log and access log in JSON format for more info. Check during a request what‘s happening. Is Cloudflare sending the correct Host header? Without Traefik can not match a router.

4

Finally, I solved this problem by delete duplicated traefik config files (traefik reads everything under a config folder no matter what ".xx" suffix that file has.

For example, my docker config is:

  traefik:
    image: "traefik:v3.0.0-beta2" #"traefik:v2.9.6"
    container_name: "traefik"
    command:
      - "--accesslog=true"
      # - "--accessLog.filePath=/tmp/traefik_log.txt"
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.file.directory=/traefik_dynamic_configs"
      - "--providers.file.watch=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
    ports:
      - "80:80"
      # - "443:443"
      #- "8081:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./configs/traefik_dynamic_configs:/traefik_dynamic_configs" # <== Volume for dynamic conf file
    restart: unless-stopped

Under the traefik_dynamic_configs folder, should always have one single config file !!!

By the way, the traefik config could be:

```
  rule: "Host(`whoami.ai-tools-online.xyz`) || Host(`whoami.weloveparty.domain.local`) || Path(`/hi`)"
```

--- by yingshaoxo