Dockers are coming but not able to access my service

Please Help!!!

Docker run command I use to deploy my service in general

sudo docker run -d --name insta_ui -v /tmp/app-logs:/var/tmp -e APP_ENV=qa -e INSTRUMENTATION_KEY=xyz -p 80:3000 2319bc8a033f

I want to enable HTTPS using Traefik, Docker-compose, letsencrypt

configuration files:

/etc/traefik/docker-compose.yml

version: '3.4'
services:
  traefik:
    image: traefik:2.1
    restart: always
    ports:
      - '80:3000'
      - '443:3000'
    networks:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/traefik/traefik.toml:/etc/traefik/traefik.toml
      - /etc/traefik/acme.json:/etc/traefik/acme.json
      - /etc/traefik/:/etc/traefik
    container_name: traefik

  insta_ui:
    image: 112797660224.dkr.ecr.ap-south-1.amazonaws.com/insta_ui:latest
    restart: always
    networks:
      - web
      - default
    expose:
      - "3000"
    labels:
      - "traefik.docker.network=web"
      - "traefik.enable=true"
      - "traefik.port=3000"
      - "traefik.http.routers.insta_ui.rule=Host(`portal.instalogist.in`)"
      - "traefik.http.routers.insta_ui.tls=true"
      - "traefik.http.routers.insta_ui.tls.certresolver=lets-encrypt"
environment:
      - APP_ENV=qa
      - INSTRUMENTATION_KEY=xyz
    volumes:
      - /tmp/app-logs:/var/tmp
networks:
  web:
    external: true

/etc/traefik/traefik.toml

[log]
  level = "WARN"

[providers]
  [providers.docker]
    exposedByDefault = false
  [providers.file]
    directory = "/etc/traefik/dynamic"

[entryPoints]
  [entryPoints.http]
    address = ":80"
  [entryPoints.https]
    address = ":443"

[certificatesResolvers.lets-encrypt.acme]
  caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
  storage = "/etc/traefik/acme.json"
  email = "contact@instalogist.com"
  [certificatesResolvers.lets-encrypt.acme.tlsChallenge]

/etc/traefik/dynamic/force-https.toml

[http.routers]
  [http.routers.force-https]
    entryPoints = ["http"]
    middlewares = ["force-https"]
    rule = "HostRegexp(`{any:.+}`)"
    service = "noop"

[http.middlewares]
  [http.middlewares.force-https.redirectScheme]
    scheme = "https"

[http.services]
  [http.services.noop.loadBalancer]

Outout of sudo docker-compose up

ubuntu@ip-172-31-17-119:/etc/traefik$ sudo docker-compose up 
Creating traefik            ... done
Creating traefik_insta_ui_1 ... done
Attaching to traefik, traefik_insta_ui_1
traefik     | time="2021-10-09T20:31:34Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.toml"
insta_ui_1  | 
insta_ui_1  | > insta_admin_portal@0.1.0 start /insta_admin_portal
insta_ui_1  | > next start
insta_ui_1  | 
insta_ui_1  | ready - started server on 0.0.0.0:3000, url: http://localhost:3000
insta_ui_1  | info  - Loaded env from /insta_admin_portal/.env
insta_ui_1  | info  - Using webpack 4. Reason: custom webpack configuration in next.config.js https://nextjs.org/docs/messages/webpack5
insta_ui_1  | APP_ENV = qa
insta_ui_1  | Firebase Mode Activated!

Problem
Screenshot from 2021-10-10 02-11-42

Any help would be highly appriciated, Thanks

@sandeepbarange,

You need to add labels to your insta_ui service in docker-compose.

Untested example:

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.instalogist.rule=Host(`portal.instalogist.in`)"
      - "traefik.http.routers.instalogist.service=api@internal"
      - "traefik.http.routers.instalogist.tls.certresolver=lets-encrypt"
      - "traefik.http.routers.instalogist.entrypoints=https"
      - "traefik.http.services.instalogist.loadbalancer.server.port=3000"

Maybe you also want to update to traefik 2.5.
Your entrypoints are set to ports 80 and 443, so there is no need to exposte port 3000 in your traefik container.

services:
  traefik:
    image: traefik:2.5 # updated to latest version 2.5
    restart: unless-stopped # (keeps stopped container stopped after reboot)
    ports:
      - '80:80'
      - '443:443'
    networks:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/traefik/traefik.toml:/etc/traefik/traefik.toml
      - /etc/traefik/acme.json:/etc/traefik/acme.json
      - /etc/traefik/:/etc/traefik
    container_name: traefik

Regards,
Wolfgang

@wollomatic Thank you so much for your response, but now I am getting a different error

/etc/traefik$ sudo docker-compose up
Recreating traefik            ... done
Recreating traefik_insta_ui_1 ... done
Attaching to traefik_insta_ui_1, traefik
traefik     | time="2021-10-10T14:23:27Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.toml"
traefik     | time="2021-10-10T14:23:27Z" level=error msg="Cannot start the provider *file.Provider: /etc/traefik/dynamic/force-https.toml: loadBalancer cannot be a standalone element (type *dynamic.ServersLoadBalancer)"
insta_ui_1  | 
insta_ui_1  | > insta_admin_portal@0.1.0 start /insta_admin_portal
insta_ui_1  | > next start
insta_ui_1  | 
insta_ui_1  | ready - started server on 0.0.0.0:3000, url: http://localhost:3000
insta_ui_1  | info  - Loaded env from /insta_admin_portal/.env
insta_ui_1  | info  - Using webpack 4. Reason: custom webpack configuration in next.config.js https://nextjs.org/docs/messages/webpack5
insta_ui_1  | APP_ENV = qa
insta_ui_1  | Firebase Mode Activated!

Updated docker-compose.yml

version: '3.4'

services:
  traefik:
    image: traefik:2.5
    restart: unless-stopped
    ports:
      - '80:80'
      - '443:443'
    networks:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/traefik/traefik.toml:/etc/traefik/traefik.toml
      - /etc/traefik/acme.json:/etc/traefik/acme.json
      - /etc/traefik/:/etc/traefik
    container_name: traefik

  insta_ui:
    image: 112797660224.dkr.ecr.ap-south-1.amazonaws.com/insta_ui:latest
    restart: always
    networks:
      - web
      - default
    labels:
      - "traefik.docker.network=web"
      - "traefik.enable=true"
      - "traefik.http.routers.insta_ui.rule=Host(`portal.instalogist.in`)"
      - "traefik.http.routers.insta_ui.tls=true"
      - "traefik.http.routers.insta_ui.tls.certresolver=lets-encrypt"
      - "traefik.http.routers.insta_ui.service=api@internal"
      - "traefik.http.routers.insta_ui.entrypoints=https"
      - "traefik.http.services.insta_ui.loadbalancer.server.port=3000"
    environment:
      - APP_ENV=qa
      - INSTRUMENTATION_KEY=xyz
    volumes:
      - /tmp/app-logs:/var/tmp
networks:
  web:
    external: true

Seems there is a problem with the force-https.toml file. Without looking at this file here is how I do the redirection from http to https:
Add some more labels to traefik in docker-compose.yaml:

      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

Still no luck!

Have a query:

  1. Doesn't it involve any domain verification from the LetsEncrypt side before issuing the certificate? because, it's not mentioned in any article? Can any Traefik deployment request certificate for a domain be mentioned in configuration?

It will be a great help if someone can point me to a working sample on Git or on any other platform.

Thanks

I just uploaded this example deployment on github. Hope it helps:
https://github.com/wollomatic/simple-traefik

Regards,
Wolfgang