Configuring any HTTP port with Let'sencrypt certificates

yash · April 12, 2023, 2:21pm

There are a few solutions on Internet related to the problem I am facing, But I couldn't follow them as they have different environment or setup and I am newbie to take solutions from them and incorporate within my environment.
So, I am working on a problem of forwarding the incoming requests from the internet to the services running on my server. For example, I have a server serving a webpage on 127.0.0.1:5000 and many other like this. Using Traefik reverse proxy, I forwarded the requests coming from internet on my domain - mydomain.com (for example).
And this setup works fine. Below are the files that I have used:
docker-compose.yml:

version: '3'

services:

  reverse-proxy:
    restart: always
    image: traefik:v2.9
    ports:
    - "443:443"
    - "80:80"
    volumes:
    - ./traefik.toml:/etc/traefik/traefik.toml
    - /var/run/docker.sock:/var/run/docker.sock
    - ./services.toml:/etc/traefik/services.toml
    - ./acme.json:/acme.json

    labels:
    - "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`)" 
    - "traefik.http.routers.api.service=api@internal"
    - "traefik.http.routers.api.entrypoints=http"
    - "traefik.http.routers.api.middlewares=auth"
    - "traefik.http.middlewares.auth.basicauth.users=user:$$;;;$$;;;;;"

    - "traefik.http.routers.nas.entrypoints=http,https"
    - "traefik.http.routers.nas.rule=Host(`page1.mydomain.com`)"
    - "traefik.http.routers.nas.service=nas@file"
    - "traefik.http.routers.nas.tls=true"
    - "traefik.http.routers.nas.tls.certresolver=wilson"

services.toml:

[http]
  [http.services]
    [http.services.nas]
      [http.services.nas.loadBalancer]
        [[http.services.nas.loadBalancer.servers]]
          url = "http://127.0.0.1:5000"

traefik.toml:

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"

[api]

[providers.docker]
  endpoint = "unix:///var/run/docker.sock"

[providers.file]
  filename = "/etc/traefik/services.toml"


[certificatesResolvers.wilson.acme]
  email = "mymail@mydomain.com"
  storage = "acme.json"
  [certificatesResolvers.wilson.acme.httpChallenge]
    entryPoint = "http"

The above are the files that I have used. The localhost is serving a single webpage using python server on port 5000.

I am able to access this locally hosted webpage on http://page1.mydomain.com:5000/. But I want to deploy it on HTTPs with Let'sencrypt certificate. I have tried many things but couldn't succeed as I am new using Traefik.

I would be helpful if someone could help in deploying the forwarded domain name on HTTPs on port 5000 or forwarding the localhost:5000 to https://page1.mydomain.com:443.

bluepuma77 · April 13, 2023, 7:50am

LetsEncrypt needs domain validation. For httpChallenge you need port 80, for tlsChallenge you need port 443. Only dnsChallenge enables other ports, but it’s usually a bit more complicated to set up.

You want to forward to 127.0.0.1/localhost, but that will probably not work. Localhost within a Docker container like Traefik is not the localhost of the server, on which your target service might be listening.

yash · April 13, 2023, 8:06am

Thanks for your answer @bluepuma77.
But The service running is on localhost on my server directly.

bluepuma77 · April 13, 2023, 1:32pm

Traefik is running in a Docker container, then I would not expect this to work:

Topic		Replies	Views
Problem with Lets Encrypt. ACME Fails Traefik v2 docker , letsencrypt-acme	3	3456	March 11, 2022
Setting up HTTPS with Lets Encrypt on Traefik and getting errors Traefik v2 docker , letsencrypt-acme	0	2244	March 13, 2020
HTTPS let's encrypt not working Traefik v2 docker , letsencrypt-acme	2	4370	November 15, 2019
SSH forwarding with reverse proxy (Traefik) Traefik v3 (latest) letsencrypt-acme , tcp , cli	3	1823	September 3, 2024
Secondary domain(s) with redirect to primary domain Traefik v2 docker , letsencrypt-acme	9	1456	February 28, 2020

Configuring any HTTP port with Let'sencrypt certificates

Related topics