Hi,
I am experiencing a very strange issue when I am accessing my services from within my LAN, more specifically my WLAN.
But let me start at the beginning:
- I am hosting a couple of services within docker containers that are exposed through traefik.
- The server is located within my local network that is connected to the internet via my ISPs router.
- Cloudflare dynamic DNS is used (Only DNS, requests are not proxied through Cloudflare)
- A wildcard SSL certificate is obtained via Let's Encrypt.
So far all good, my services are reachable from the internet perfectly fine. Same is true for devices that have a wired connection to my router.
However, when accessed from within my WLAN, no connection can be made because each request results in a connection reset. This behavior is consistent for different devices, operating systems and browsers/client applications.
The traefik logs however seem to indicate that the requests where processed successfully.
I conclude this from the logs like "begin ServeHttp on request", "Forwarding this request to URL ...", "completed ServeHttp on request".
However, none of the backend services seem to receive the requests. Do these logs actually indicate success?
The very same devices can access all of my services without problems if I connect them to my LAN via cable or connect to the services from the Internet.
Now to the final part, if I add an entry to those devices hosts files to directly point to the LAN IP of my server, the connection again works.
Does anybody have ideas what could cause this issue or how to debug it?
I would have assumed, that it is an issue with my router, but I basically used the same setup with nginx instead of traefik before, where this was never an issue.
Any log files that contained traces of the requests (docker logs, traefik access log, backend service logs) either showed success messages or no traces at all.
The most detailed client logs I could gather where Chrome's internal (chrome://net-export) ones which show a connection reset during the SSL handshake after certificate validation.