Docker container with traefik and port in browser URL

Hello everybody,
First I am running traefik with usual ports (80/443) and a docker container with the following labels:

version: "3.7"

services:

  traefik:
    container_name: traefik
    image: traefik:livarot
    restart: always
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
	  .........................

  web:
    image:.............

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.web-rtr.entrypoints=https"
      - "traefik.http.routers.web-rtr.rule=Host(`test.abc.net`)"
      - "traefik.http.routers.web-rtr.tls=true"
      - "traefik.http.routers.web-rtr.service=web-svc"
      - "traefik.http.services.web-svc.loadbalancer.server.port=8080"

Everything is fine. I get connection to the container.

Now I want to use the URL with a especially port like "test.abc.net:9999" as browser input.
So I have added an new entrypoint to traefik and change the entrypoint of the container like:

version: "3.7"

services:

  traefik:
    container_name: traefik
    image: traefik:livarot
    restart: always
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
	  - --entryPoints.web.address=:9999
	  .........................

  web:
    image:.............

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.web-rtr.entrypoints=web"
      - "traefik.http.routers.web-rtr.rule=Host(`test.abc.net`)"
      - "traefik.http.routers.web-rtr.tls=true"
      - "traefik.http.routers.web-rtr.service=web-svc"
      - "traefik.http.services.web-svc.loadbalancer.server.port=8080"

It does not matter if I use "test.abc.net" or "test.abc.net:9999" as browser input, I don´t get a connection to the container.
What am I missing?
Many thanks you for your help.

This router is using tls still so it would only work on https:// are you using an http:// by any chance ?

I use: https://test.abc.net or https://test.abc.net:9999.

I see you created a new entrypoint but did you also expose it in the ports: section of your compose file ?

In the compose file I wrote the ports like:

services:

  traefik:
    container_name: traefik
    image: traefik:livarot
    restart: always
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entryPoints.web.address=:9999
	  .........................
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 9999
        published: 9999
        protocol: tcp
        mode: host

It looks like that should work to me.

What response are you getting when you try and connect?

Try enabling the access log and see if the request is logged.
Is there any warnings or errors in the trafik log?

I get the following error: 404 page not found

The access.log:

172.19.0.1 - - [23/May/2021:12:03:45 +0200] "GET / HTTP/2.0" 302 5 "-" "-" 7 "web-rtr@docker" "-" 0ms
172.19.0.1 - - 

[23/May/2021:12:03:45 +0200] "GET / HTTP/2.0" 404 19 "-" "-" 8 "-" "-" 0ms
172.19.0.1 - monitor [23/May/2021:12:03:47 

+0200] "GET /api/overview HTTP/2.0" 200 442 "-" "-" 9 "traefik-rtr@docker" "-" 3ms

And the traefik-log-file is (log-Level: WARN):

{"level":"info","msg":"I have to go...","time":"2021-05-23T12:03:08+02:00"}
{"level":"info","msg":"Stopping server 

gracefully","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"debug","msg":"Waiting 10s seconds 

before killing connections.","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"debug","msg":"Waiting 10s seconds before killing connections.","time":"2021-05-

23T12:03:08+02:00"}
{"entryPointName":"http","level":"debug","msg":"Waiting 10s seconds before killing 

connections.","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"error","msg":"accept tcp [::]:443: 

use of closed network connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"error","msg":"Error while starting server: http: Server closed","time":"2021-05-

23T12:03:08+02:00"}
{"entryPointName":"http","level":"error","msg":"accept tcp [::]:80: use of closed network 

connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"http","level":"error","msg":"Error while starting 

server: http: Server closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"http","level":"error","msg":"Error 

while starting server: http: Server closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"error","msg":"Error while starting server: http: Server closed","time":"2021-05-

23T12:03:08+02:00"}
{"entryPointName":"web","level":"error","msg":"accept tcp [::]:9999: use of closed network 

connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"error","msg":"Error while starting 

server: http: Server closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"error","msg":"Error 

while starting server: http: Server closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"error","msg":"close tcp [::]:9999: use of closed network connection","time":"2021-05-

23T12:03:08+02:00"}
{"entryPointName":"https","level":"error","msg":"close tcp [::]:443: use of closed network 

connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"web","level":"debug","msg":"Entry point web 

closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"http","level":"error","msg":"close tcp [::]:80: use of 

closed network connection","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"http","level":"debug","msg":"Entry 

point http closed","time":"2021-05-23T12:03:08+02:00"}
{"entryPointName":"https","level":"debug","msg":"Entry point 

https closed","time":"2021-05-23T12:03:08+02:00"}
{"level":"info","msg":"Server stopped","time":"2021-05-

23T12:03:08+02:00"}
{"level":"info","msg":"Shutting down","time":"2021-05-23T12:03:08+02:00"}

I don´t understand what´s going wrong.

It looks like the redirect came from the service. You can see the 302 came from web-rtr@docker.

So your router is working fine.

If you change the assesslog to json format there is much more information included such as entrypoint and scheme.

Thank you for the advice.
If I try: Host(test.abc.net:9999) the access.log is

{"ClientAddr":"172.19.0.1:51282","ClientHost":"172.19.0.1","ClientPort":"51282","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":96350,"OriginContentSize":19,"OriginDuration":14753,"OriginStatus":404,"Overhead":81597,"RequestAddr":"test.abc.net:9999","RequestContentSize":0,"RequestCount":1,"RequestHost":"test.abc.net","RequestMethod":"GET","RequestPath":"/","RequestPort":"9999","RequestProtocol":"HTTP /2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2021-05-24T14:38:07.95429444+02:00","entryPointName":"web","level":"info","msg":"","time":"2021-05-24T14:38:07+02:00"}

With host without port (Host(test.abc.net)) the access.log is

{"ClientAddr":"172.19.0.1:34122","ClientHost":"172.19.0.1","ClientPort":"34122","ClientUsername":"-","DownstreamContentSize":5,"DownstreamStatus":302,"Duration":262508,"OriginContentSize":5,"OriginDuration":187330,"OriginStatus":302,"Overhead":75178,"RequestAddr":"test.abc.net:9999","RequestContentSize":0,"RequestCount":1,"RequestHost":"test.abc.net","RequestMethod":"GET","RequestPath":"/","RequestPort":"9999","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"web-rtr@docker","StartLocal":"2021-05-24T14:48:54.84964465+02:00","entryPointName":"web","level":"info","msg":"","time":"2021-05-24T14:48:54+02:00"}
{"ClientAddr":"172.19.0.1:51936","ClientHost":"172.19.0.1","ClientPort":"51936","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":90877,"OriginContentSize":19,"OriginDuration":24779,"OriginStatus":404,"Overhead":66098,"RequestAddr":"test.abc.net","RequestContentSize":0,"RequestCount":2,"RequestHost":"test.abc.net","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2021-05-24T14:48:54.944731503+02:00","entryPointName":"https","level":"info","msg":"","time":"2021-05-24T14:48:54+02:00"}

I can't figure it out. The traefik-log-file errors are the same as in my previous post.

You have a redirect configured in there somewhere. More than partial snips of the configuration is needed to help you.

Post the full traefik command line and configuration as well as all the configures traefik labels.

The "docker-compose.yml" file is:

version: "3.7"

networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

services:

  traefik:
    container_name: traefik
    image: traefik:livarot
    restart: always
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entryPoints.web.address=:9999
      - --api=true
      - --api.dashboard=true
      - --api.debug=true
      - --log=true
      - --log.filePath=/traefik.log
      - --log.format=json
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/access.log
      - --accessLog.format=json
      - --accesslog.fields.names.StartUTC=drop
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      # tls
      - --entrypoints.https.http.tls.options=tls-opts@file
      - --providers.docker.network=t2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
      - --providers.file.watch=true # Only works on top level files in the rules folder
      # lets-encrypt-Zertifikat
      - --certificatesresolvers.lets-encrypt.acme.email=user@abc.net
      - --certificatesresolvers.lets-encrypt.acme.storage=acme.json
      # used during the challenge
      - --certificatesresolvers.lets-encrypt.acme.tlschallenge=true
      - --entrypoints.https.http.tls.certresolver=lets-encrypt
      - --entrypoints.https.http.tls.domains[0].main=abc.net
      - --entrypoints.https.http.tls.domains[0].sans=*.abc.net
	  
    networks:
      t2_proxy:
    security_opt:
      - no-new-privileges:true
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 9999
        published: 9999
        protocol: tcp
        mode: host
    volumes:
      - $DOCKERDIR/traefik/rules:/rules # file provider directory
      - /var/run/docker.sock:/var/run/docker.sock:ro 
      - $DOCKERDIR/traefik/acme/acme.json:/acme.json # cert location 
      - $DOCKERDIR/traefik/traefik.log:/traefik.log
      - $DOCKERDIR/traefik/access.log:/access.log
      - $DOCKERDIR/secrets:/secrets
      - /etc/localtime:/etc/localtime:ro
    environment:
      - TZ=Europe/Berlin
    labels:
      - "traefik.enable=true"
      # HTTP-to-HTTPS Redirect
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.abc.net`)"
      - "traefik.http.routers.traefik.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.abc.net`)"
      - "traefik.http.routers.traefik-rtr.tls=true"
      #- "traefik.http.routers.traefik-rtr.tls.options=tls-opts@file"
      - "traefik.http.routers.traefik-rtr.tls.certresolver=lets-encrypt"
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      ## Middlewares
      - "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file"

  calibre-web:
    image: linuxserver/calibre-web
    container_name: web
    restart: unless-stopped
    networks:
      - t2_proxy
    security_opt:
      - no-new-privileges:true
    #ports:
    #  - target: 8087
    #    published: 8083
    #    protocol: tcp
    #    mode: host
    volumes:
      - $BOOKSDIR:/books:rw
      - $DOCKERDIR/calibre:/config
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Europe/Berlin
    labels:
      - "traefik.enable=true"
      #- "traefik.http.routers.calibre-rtr.entrypoints=https"
      - "traefik.http.routers.calibre-rtr.entrypoints=web"
      #- "traefik.http.routers.calibre-rtr.rule=Host(`test.abc.net:9999`)"
      - "traefik.http.routers.calibre-rtr.rule=Host(`test.abc.net`)"
      - "traefik.http.routers.calibre-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.calibre-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.calibre-rtr.service=calibre-svc"
      - "traefik.http.services.calibre-svc.loadbalancer.server.port=8083"

The middleware.yml is:

http:
  middlewares:
    middlewares-basic-https-redirect:
      redirectScheme:
        scheme: https
    middlewares-rate-limit:
      rateLimit:
        average: 100
        burst: 50
    middlewares-basic-auth:
      basicAuth:
        usersFile: "/secrets/.htpasswd"
        realm: "Traefik2 Auth"

and the middleware-chains.toml is:

[http.middlewares]
  [http.middlewares.chain-no-auth]
    [http.middlewares.chain-no-auth.chain]
      middlewares = [ "middlewares-rate-limit", "middlewares-basic-https-redirect@file"]

  [http.middlewares.chain-basic-auth]
    [http.middlewares.chain-basic-auth.chain]
      middlewares = [ "middlewares-rate-limit", "middlewares-basic-auth","middlewares-basic-https-redirect@file"]

and last but not least, the tls-opts-file:

tls:
  options:
    tls-opts:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
      curvePreferences:
        - CurveP521
        - CurveP384
      sniStrict: true

These are all files I use.
Many thanks for your support.

Unfortunately, since no one knows where the error is so far, I would like to ask to post a working configuration.
It is about forwarding a port other than 80 and 443 to a container so that it becomes reachable via the other port.
Thank you very much for your help.

Hello @Habak, sorry its been a busy week.

I haven't looked at your posted configuration yet, but here is a basic service on an alternate port:

docker-compose.yaml
version: "3.8"

services:
  traefik:
    image: "traefik:v2.4"
    command:
    - --entrypoints.websecure.address=:443
    - --entrypoints.websecure.http.tls=true
    - --entrypoints.fournine.address=:9999
    - --providers.docker=true
    - --providers.docker.exposedbydefault=false
    - --accesslog
    - --accesslog.format=json
    - --api
    - --log.level=INFO
    - --log.format=json
    labels:
      traefik.enable: "true"
      traefik.http.routers.api.rule: Host(`traefik.localhost`)
      traefik.http.routers.api.service: api@internal
      traefik.http.routers.api.entrypoints: websecure
    ports:
      - published: 443
        target: 443
      - published: 9999
        target: 9999
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  
  whoami2:
    image: traefik/whoami
    command:
      - --name=two
    labels:
      traefik.enable: "true"
      traefik.http.routers.w2.rule: Host(`two.localhost`)
      traefik.http.routers.w2.entrypoints: fournine
curl test
curl http://two.localhost:9999
Name: two
Hostname: 7643e7fd2092
IP: 127.0.0.1
IP: 172.24.0.2
RemoteAddr: 172.24.0.3:60694
GET / HTTP/1.1
Host: two.localhost:9999
User-Agent: curl/7.68.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.24.0.1
X-Forwarded-Host: two.localhost:9999
X-Forwarded-Port: 9999
X-Forwarded-Proto: http
X-Forwarded-Server: 2c619799ba7e
X-Real-Ip: 172.24.0.1

Hello @cakiwi, unfortunately, I am also very busy at the moment.
Nevertheless, thanks for the example.
Unfortunately, I can not see where the error is with me.
It looks like in your example. Or am I missing something?

Hello @cakiwi,
the issue was the https redirection. Now it works fine.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.