Hello,
I'm trying to get this to work on a home localserver, but no meaningful errors show up. I'm not sure if I need to change something on the machine itself or my config is incorrect.
I'm using Ubuntu Desktop 20.04, it's basically a fresh install.
When I run docker hello-world or any docker cli command for running containers, I am able to access things just fine, but when I try my docker-compose files, I get
Error code: SEC_ERROR_INADEQUATE_KEY_USAGE :
I'm guessing something with my resolver is incorrect? I tried a lot of different things, but am unsure.
Below are the files that I'm working through to get it to work.
version: '3.7'
services:
dockerproxy:
container_name: dockerproxy
image: tecnativa/docker-socket-proxy
privileged: true
restart: always
logging:
driver: journald
environment:
CONTAINERS: 1
restart: always
networks:
- traefik
ports:
- 2375
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
traefik:
image: traefik:v2.5
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
depends_on:
- dockerproxy
ports:
- "80:80"
- "443:443"
- "8080:8080"
networks:
- default
- traefik
- serverpublic
- serverprivate
volumes:
- /etc/localtime:/etc/localtime:ro
- ./config:/configurations
- ./traefik.yml:/etc/traefik/traefik.yml:ro
- ./logs/traefik.log:/traefik.log
- ./acme/acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# Services - Dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik-rtr.middlewares=middlewares-rate-limit@file,user-auth@file"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.services.traefik.loadbalancer.server.port=8070"
networks:
traefik:
external: true
serverpublic:
external: true
serverprivate:
external: true
traefik.yml
# Traefik v2.5 - traefik.yml 2021
api:
dashboard: true
# Writing Logs to a File, in JSON
log:
level: DEBUG
filePath: "log-file.log"
format: json
# Configuring a buffer of 100 lines
accessLog:
filePath: "log-access.log"
bufferingSize: 100
# Configure metrics for prometheus
metrics:
prometheus: {}
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "tcp://dockerproxy:2375"
network: "traefik"
exposedByDefault: false
certificatesResolvers:
letsencrypt:
acme:
email: a@gmail.com
storage: acme.json
keyType: EC384
httpChallenge:
entryPoint: http
http:
acme:
email: a@gmail.com
storage: acme.json
httpChallenge:
entryPoint: http
configuration/dynamic.yml
# traefik dynamic config/rules
http:
middlewares:
https_redirect:
redirectScheme:
scheme: https
permanent: true
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
user-auth:
basicAuth:
users:
- "royadmin:$$password"
middlewares-rate-limit:
rateLimit:
average: 100
burst: 50
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12
Then below is another separate service, that I'm trying to test, but going to the local server IP shows the same Error Code as I mentioned above:
Basic Page Service, just an html page for testing
version: '3.7'
services:
# homex is Caddy instance listening to port 80 and serving an index.html.
homex:
build:
context: .
dockerfile: ./dockerfiles/home-dockerfile
networks:
- traefik
- serverpublic
labels:
- "traefik.enable:true"
- "traefik.http.routers.homex.rule=Host(`localhost`)"
- "traefik.http.routers.homex.entrypoints=https"
- "traefik.http.routers.homex.tls.certresolver=letsencrypt"
networks:
traefik:
external: true
serverpublic:
external: true
Here is a traceback when I do run Traefik w/the docker-compose.yml
Starting dockerproxy ... done
Starting traefik ... done
Attaching to dockerproxy, traefik
dockerproxy | [WARNING] 296/204816 (1) : Can't open server state file '/var/lib/haproxy/server-state': No such file or directory
dockerproxy | Proxy dockerbackend started.
dockerproxy | Proxy dockerfrontend started.
dockerproxy | [NOTICE] 296/204816 (1) : New worker #1 (8) forked
traefik | time="2021-10-24T13:48:17-07:00" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yml"
dockerproxy | 172.26.0.5:57914 [24/Oct/2021:20:48:17.459] dockerfrontend dockerbackend/dockersocket 0/0/0/4/4 200 1046 - - ---- 1/1/0/0/0 0/0 "GET /v1.24/version HTTP/1.1"
dockerproxy | 172.26.0.5:57914 [24/Oct/2021:20:48:17.464] dockerfrontend dockerbackend/dockersocket 0/0/0/1/1 200 12881 - - ---- 1/1/0/0/0 0/0 "GET /v1.24/containers/json?limit=0 HTTP/1.1"
dockerproxy | 172.26.0.5:57914 [24/Oct/2021:20:48:17.466] dockerfrontend dockerbackend/dockersocket 0/0/0/1/1 200 9752 - - ---- 1/1/0/0/0 0/0 "GET /v1.24/containers/a456f49a4f73a3292b45a1461091a35869df5e633de6e841d0dca26512836bfa/json HTTP/1.1"
dockerproxy | 172.26.0.5:57914 [24/Oct/2021:20:48:17.467] dockerfrontend dockerbackend/dockersocket 0/0/0/1/1 200 6718 - - ---- 1/1/0/0/0 0/0 "GET /v1.24/containers/ab644f8795bd0e860496580bab303f86c176b1ee4872f3f34241510bd8c7c2fe/json HTTP/1.1"
dockerproxy | 172.26.0.5:57914 [24/Oct/2021:20:48:17.468] dockerfrontend dockerbackend/dockersocket 0/0/0/0/0 200 7739 - - ---- 1/1/0/0/0 0/0 "GET /v1.24/containers/c552360b115fa00063f6ab998790925b642abe3369f1721f69df1d6a01ad73a7/json HTTP/1.1"
dockerproxy | 172.26.0.5:57914 [24/Oct/2021:20:48:17.468] dockerfrontend dockerbackend/dockersocket 0/0/0/0/0 200 7366 - - ---- 1/1/0/0/0 0/0 "GET /v1.24/containers/aa08018aa3a644b86e33eb2f79898e91bf16bc35b7669bbce6ea673e84681b56/json HTTP/1.1"
Finally, I was looking at this: RedirectScheme - Traefik
Would I specify that, redirect from http to https, as a label on any new services I add or how do I test it?
If I'm missing anything else, please let me know.