Docker container with traefik and port in browser URL

Habak · May 22, 2021, 7:23pm

Hello everybody,
First I am running traefik with usual ports (80/443) and a docker container with the following labels:

version: "3.7"

services:

  traefik:
    container_name: traefik
    image: traefik:livarot
    restart: always
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
	  .........................

  web:
    image:.............

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.web-rtr.entrypoints=https"
      - "traefik.http.routers.web-rtr.rule=Host(`test.abc.net`)"
      - "traefik.http.routers.web-rtr.tls=true"
      - "traefik.http.routers.web-rtr.service=web-svc"
      - "traefik.http.services.web-svc.loadbalancer.server.port=8080"

Everything is fine. I get connection to the container.

Now I want to use the URL with a especially port like "test.abc.net:9999" as browser input.
So I have added an new entrypoint to traefik and change the entrypoint of the container like:

version: "3.7"

services:

  traefik:
    container_name: traefik
    image: traefik:livarot
    restart: always
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
	  - --entryPoints.web.address=:9999
	  .........................

  web:
    image:.............

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.web-rtr.entrypoints=web"
      - "traefik.http.routers.web-rtr.rule=Host(`test.abc.net`)"
      - "traefik.http.routers.web-rtr.tls=true"
      - "traefik.http.routers.web-rtr.service=web-svc"
      - "traefik.http.services.web-svc.loadbalancer.server.port=8080"

It does not matter if I use "test.abc.net" or "test.abc.net:9999" as browser input, I don´t get a connection to the container.
What am I missing?
Many thanks you for your help.

cakiwi · May 22, 2021, 8:10pm

This router is using tls still so it would only work on https:// are you using an http:// by any chance ?

Habak · May 22, 2021, 8:32pm

I use: https://test.abc.net or https://test.abc.net:9999.

cakiwi · May 22, 2021, 8:34pm

I see you created a new entrypoint but did you also expose it in the ports: section of your compose file ?

Habak · May 22, 2021, 8:46pm

In the compose file I wrote the ports like:

services:

  traefik:
    container_name: traefik
    image: traefik:livarot
    restart: always
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entryPoints.web.address=:9999
	  .........................
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 9999
        published: 9999
        protocol: tcp
        mode: host

cakiwi · May 22, 2021, 10:55pm

It looks like that should work to me.

What response are you getting when you try and connect?

Try enabling the access log and see if the request is logged.
Is there any warnings or errors in the trafik log?

Habak · May 23, 2021, 10:20am

I get the following error: 404 page not found

The access.log:

172.19.0.1 - - [23/May/2021:12:03:45 +0200] "GET / HTTP/2.0" 302 5 "-" "-" 7 "web-rtr@docker" "-" 0ms
172.19.0.1 - - 

[23/May/2021:12:03:45 +0200] "GET / HTTP/2.0" 404 19 "-" "-" 8 "-" "-" 0ms
172.19.0.1 - monitor [23/May/2021:12:03:47 

+0200] "GET /api/overview HTTP/2.0" 200 442 "-" "-" 9 "traefik-rtr@docker" "-" 3ms

And the traefik-log-file is (log-Level: WARN):

{"level":"info","msg":"I have to go...","time":"2021-05-23T12:03:08+02:00"}
{"level":"info","msg":"Stopping server 

gracefully","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"debug","msg":"Waiting 10s seconds 

before killing connections.","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"debug","msg":"Waiting 10s seconds before killing connections.","time":"2021-05-

23T12:03:08+02:00"}
{"entryPointName":"http","level":"debug","msg":"Waiting 10s seconds before killing 

connections.","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"error","msg":"accept tcp [::]:443: 

use of closed network connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"error","msg":"Error while starting server: http: Server closed","time":"2021-05-

23T12:03:08+02:00"}
{"entryPointName":"http","level":"error","msg":"accept tcp [::]:80: use of closed network 

connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"http","level":"error","msg":"Error while starting 

server: http: Server closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"http","level":"error","msg":"Error 

while starting server: http: Server closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"error","msg":"Error while starting server: http: Server closed","time":"2021-05-

23T12:03:08+02:00"}
{"entryPointName":"web","level":"error","msg":"accept tcp [::]:9999: use of closed network 

connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"error","msg":"Error while starting 

server: http: Server closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"error","msg":"Error 

while starting server: http: Server closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"error","msg":"close tcp [::]:9999: use of closed network connection","time":"2021-05-

23T12:03:08+02:00"}
{"entryPointName":"https","level":"error","msg":"close tcp [::]:443: use of closed network 

connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"debug","msg":"Entry point web 

closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"http","level":"error","msg":"close tcp [::]:80: use of 

closed network connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"http","level":"debug","msg":"Entry 

point http closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"debug","msg":"Entry point 

https closed","time":"2021-05-23T12:03:08+02:00"}
{"level":"info","msg":"Server stopped","time":"2021-05-

23T12:03:08+02:00"}
{"level":"info","msg":"Shutting down","time":"2021-05-23T12:03:08+02:00"}

I don´t understand what´s going wrong.

cakiwi · May 24, 2021, 12:10am

It looks like the redirect came from the service. You can see the 302 came from web-rtr@docker.

So your router is working fine.

If you change the assesslog to json format there is much more information included such as entrypoint and scheme.

Habak · May 24, 2021, 1:06pm

Thank you for the advice.
If I try: Host(test.abc.net:9999) the access.log is

{"ClientAddr":"172.19.0.1:51282","ClientHost":"172.19.0.1","ClientPort":"51282","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":96350,"OriginContentSize":19,"OriginDuration":14753,"OriginStatus":404,"Overhead":81597,"RequestAddr":"test.abc.net:9999","RequestContentSize":0,"RequestCount":1,"RequestHost":"test.abc.net","RequestMethod":"GET","RequestPath":"/","RequestPort":"9999","RequestProtocol":"HTTP /2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2021-05-24T14:38:07.95429444+02:00","entryPointName":"web","level":"info","msg":"","time":"2021-05-24T14:38:07+02:00"}

With host without port (Host(test.abc.net)) the access.log is

{"ClientAddr":"172.19.0.1:34122","ClientHost":"172.19.0.1","ClientPort":"34122","ClientUsername":"-","DownstreamContentSize":5,"DownstreamStatus":302,"Duration":262508,"OriginContentSize":5,"OriginDuration":187330,"OriginStatus":302,"Overhead":75178,"RequestAddr":"test.abc.net:9999","RequestContentSize":0,"RequestCount":1,"RequestHost":"test.abc.net","RequestMethod":"GET","RequestPath":"/","RequestPort":"9999","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"web-rtr@docker","StartLocal":"2021-05-24T14:48:54.84964465+02:00","entryPointName":"web","level":"info","msg":"","time":"2021-05-24T14:48:54+02:00"}
{"ClientAddr":"172.19.0.1:51936","ClientHost":"172.19.0.1","ClientPort":"51936","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":90877,"OriginContentSize":19,"OriginDuration":24779,"OriginStatus":404,"Overhead":66098,"RequestAddr":"test.abc.net","RequestContentSize":0,"RequestCount":2,"RequestHost":"test.abc.net","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2021-05-24T14:48:54.944731503+02:00","entryPointName":"https","level":"info","msg":"","time":"2021-05-24T14:48:54+02:00"}

I can't figure it out. The traefik-log-file errors are the same as in my previous post.

cakiwi · May 24, 2021, 4:44pm

You have a redirect configured in there somewhere. More than partial snips of the configuration is needed to help you.

Post the full traefik command line and configuration as well as all the configures traefik labels.

Habak · May 25, 2021, 5:49pm

The "docker-compose.yml" file is:

version: "3.7"

networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

services:

  traefik:
    container_name: traefik
    image: traefik:livarot
    restart: always
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entryPoints.web.address=:9999
      - --api=true
      - --api.dashboard=true
      - --api.debug=true
      - --log=true
      - --log.filePath=/traefik.log
      - --log.format=json
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/access.log
      - --accessLog.format=json
      - --accesslog.fields.names.StartUTC=drop
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      # tls
      - --entrypoints.https.http.tls.options=tls-opts@file
      - --providers.docker.network=t2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
      - --providers.file.watch=true # Only works on top level files in the rules folder
      # lets-encrypt-Zertifikat
      - --certificatesresolvers.lets-encrypt.acme.email=user@abc.net
      - --certificatesresolvers.lets-encrypt.acme.storage=acme.json
      # used during the challenge
      - --certificatesresolvers.lets-encrypt.acme.tlschallenge=true
      - --entrypoints.https.http.tls.certresolver=lets-encrypt
      - --entrypoints.https.http.tls.domains[0].main=abc.net
      - --entrypoints.https.http.tls.domains[0].sans=*.abc.net
	  
    networks:
      t2_proxy:
    security_opt:
      - no-new-privileges:true
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 9999
        published: 9999
        protocol: tcp
        mode: host
    volumes:
      - $DOCKERDIR/traefik/rules:/rules # file provider directory
      - /var/run/docker.sock:/var/run/docker.sock:ro 
      - $DOCKERDIR/traefik/acme/acme.json:/acme.json # cert location 
      - $DOCKERDIR/traefik/traefik.log:/traefik.log
      - $DOCKERDIR/traefik/access.log:/access.log
      - $DOCKERDIR/secrets:/secrets
      - /etc/localtime:/etc/localtime:ro
    environment:
      - TZ=Europe/Berlin
    labels:
      - "traefik.enable=true"
      # HTTP-to-HTTPS Redirect
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.abc.net`)"
      - "traefik.http.routers.traefik.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.abc.net`)"
      - "traefik.http.routers.traefik-rtr.tls=true"
      #- "traefik.http.routers.traefik-rtr.tls.options=tls-opts@file"
      - "traefik.http.routers.traefik-rtr.tls.certresolver=lets-encrypt"
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      ## Middlewares
      - "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file"

  calibre-web:
    image: linuxserver/calibre-web
    container_name: web
    restart: unless-stopped
    networks:
      - t2_proxy
    security_opt:
      - no-new-privileges:true
    #ports:
    #  - target: 8087
    #    published: 8083
    #    protocol: tcp
    #    mode: host
    volumes:
      - $BOOKSDIR:/books:rw
      - $DOCKERDIR/calibre:/config
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Europe/Berlin
    labels:
      - "traefik.enable=true"
      #- "traefik.http.routers.calibre-rtr.entrypoints=https"
      - "traefik.http.routers.calibre-rtr.entrypoints=web"
      #- "traefik.http.routers.calibre-rtr.rule=Host(`test.abc.net:9999`)"
      - "traefik.http.routers.calibre-rtr.rule=Host(`test.abc.net`)"
      - "traefik.http.routers.calibre-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.calibre-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.calibre-rtr.service=calibre-svc"
      - "traefik.http.services.calibre-svc.loadbalancer.server.port=8083"

The middleware.yml is:

http:
  middlewares:
    middlewares-basic-https-redirect:
      redirectScheme:
        scheme: https
    middlewares-rate-limit:
      rateLimit:
        average: 100
        burst: 50
    middlewares-basic-auth:
      basicAuth:
        usersFile: "/secrets/.htpasswd"
        realm: "Traefik2 Auth"

and the middleware-chains.toml is:

[http.middlewares]
  [http.middlewares.chain-no-auth]
    [http.middlewares.chain-no-auth.chain]
      middlewares = [ "middlewares-rate-limit", "middlewares-basic-https-redirect@file"]

  [http.middlewares.chain-basic-auth]
    [http.middlewares.chain-basic-auth.chain]
      middlewares = [ "middlewares-rate-limit", "middlewares-basic-auth","middlewares-basic-https-redirect@file"]

and last but not least, the tls-opts-file:

tls:
  options:
    tls-opts:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
      curvePreferences:
        - CurveP521
        - CurveP384
      sniStrict: true

These are all files I use.
Many thanks for your support.

Habak · May 29, 2021, 1:29pm

Unfortunately, since no one knows where the error is so far, I would like to ask to post a working configuration.
It is about forwarding a port other than 80 and 443 to a container so that it becomes reachable via the other port.
Thank you very much for your help.

cakiwi · May 29, 2021, 6:51pm

Hello @Habak, sorry its been a busy week.

I haven't looked at your posted configuration yet, but here is a basic service on an alternate port:

docker-compose.yaml

version: "3.8"

services:
  traefik:
    image: "traefik:v2.4"
    command:
    - --entrypoints.websecure.address=:443
    - --entrypoints.websecure.http.tls=true
    - --entrypoints.fournine.address=:9999
    - --providers.docker=true
    - --providers.docker.exposedbydefault=false
    - --accesslog
    - --accesslog.format=json
    - --api
    - --log.level=INFO
    - --log.format=json
    labels:
      traefik.enable: "true"
      traefik.http.routers.api.rule: Host(`traefik.localhost`)
      traefik.http.routers.api.service: api@internal
      traefik.http.routers.api.entrypoints: websecure
    ports:
      - published: 443
        target: 443
      - published: 9999
        target: 9999
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  
  whoami2:
    image: traefik/whoami
    command:
      - --name=two
    labels:
      traefik.enable: "true"
      traefik.http.routers.w2.rule: Host(`two.localhost`)
      traefik.http.routers.w2.entrypoints: fournine

curl test

curl http://two.localhost:9999
Name: two
Hostname: 7643e7fd2092
IP: 127.0.0.1
IP: 172.24.0.2
RemoteAddr: 172.24.0.3:60694
GET / HTTP/1.1
Host: two.localhost:9999
User-Agent: curl/7.68.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.24.0.1
X-Forwarded-Host: two.localhost:9999
X-Forwarded-Port: 9999
X-Forwarded-Proto: http
X-Forwarded-Server: 2c619799ba7e
X-Real-Ip: 172.24.0.1

Habak · June 2, 2021, 6:11pm

Hello @cakiwi, unfortunately, I am also very busy at the moment.
Nevertheless, thanks for the example.
Unfortunately, I can not see where the error is with me.
It looks like in your example. Or am I missing something?

Habak · June 19, 2021, 7:03pm

Hello @cakiwi,
the issue was the https redirection. Now it works fine.

system · June 22, 2021, 7:04pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use same domainname but with different port Traefik v2 docker	3	623	September 26, 2021
Route another port als 80 oder 443 Traefik v2 docker	2	419	September 20, 2021
How to manage multiple ports exposed on port 80 with docker? Traefik v2 docker	5	7316	September 23, 2019
Expose 2 dockerized react apps on port 80 with Traefik Traefik v2 docker	7	2535	September 25, 2022
Traefik (kinda) working with only one container Traefik v2 docker	5	1199	April 8, 2022

Docker container with traefik and port in browser URL

Related Topics