Domain name is not reachable from inside the container behind Traefik

Hello all,

I am completely new to Traefik and I am playing with a Traefik handling automatic TLS configuration with Let's Encrypt in my Kamal setup.

My setup essentially works but with one caveat. Requesting the domain name from within the docker container running behind Traefik fails:

Failed to open TCP connection to domainname.com:443 (Connection refused - connect(2) for "domainname.com" port 443) (Errno::ECONNREFUSED)

Basically everything works as expected except going to the container and requesting the domain name under which it runs. It won't resolve.

Here's my Traefik config:

traefik:
  options:
    publish:
      - "80:80"
      - "443:443"
    volume:
      - "/letsencrypt/acme.json:/letsencrypt/acme.json"
    network: "private"
  args:
    entryPoints.web.address: ":80"
    entryPoints.websecure.address: ":443"
    certificatesResolvers.letsencrypt.acme.email: "support@domainname"
    certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json"
    certificatesResolvers.letsencrypt.acme.httpchallenge: true
    certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web

And container labels:

servers:
  web:
    hosts:
      - 165.227.160.200
    labels:
      traefik.http.routers.domainname.rule: Host(`domainname.com`)
      traefik.http.routers.domainname.entrypoints: web
      traefik.http.routers.domainname_secure.entrypoints: websecure
      traefik.http.routers.domainname_secure.rule: Host(`domainname.com`)
      traefik.http.routers.domainname_secure.tls: true
      traefik.http.routers.domainname_secure.tls.certresolver: letsencrypt
    options:
      network: "private"

It's Kamal syntax but I think the arguments and labels are the same.

Anyone having an idea how to make Traefik to resolve the domain to the container if the request origins from within the said container?

Thank you all.

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

Use 3 backticks in front and after config, or select and press </> button, it improves readability and with yaml every space matters.

Connection refused means the port is not open. Where do you run Traefik, any routers to be configure, any firewalls blocking or container ports not open? Domain pointing to the right IP?

Thanks a lot for a quick reply, I wrapped the configuration in ticks.

Share your full Traefik static and dynamic config

This is full Kamal's config, I don't have anything else. There is no compose. Is there a way to ask Traefik for this full configuration?

Connection refused means the port is not open. Where do you run Traefik, any routers to be configure, any firewalls blocking or container ports not open? Domain pointing to the right IP?

Well, it's just Docker on a VPS:

domainname.com -> Traefik -> Application in a Docker container

Note that going to domainname.com in the browser works, the only thing that doesn't work is asking for this name inside the Docker container or the VPS for that matter. It's a bit weird.

I am thinking if it's related to the fact that Traefic only accepts the domain name but not a plain IP (in the browser) since /etc/hosts points locally to an IP.

You have the domain in your local hosts file?

When you request the URL with a client, the domain is used to lookup the IP and then the client connects to the IP and port. But the http request still contains the original domain name and path, which is used to do the domain matching in Traefik.

So in the end I answered my own question :). It really was because of /etc/hosts. And it happened because I initially named the virtual machine like that. DO then automatically created this entry which I haven't realize at that point...

Thanks again for your replies.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.