ECS Routing Issues

tblount · November 22, 2024, 4:10pm

Hi all,

I am having trouble with my Traefik proxy settings and I'm hoping you can help.
I intend to have a web application where the end user routes to an ALB which then passes the request to Traefik which should then route the request to an ECS task based on the path of the request and establish a websocket connection with a specific port on the ECS task.

I have set up Traefik config as below:
traefik.yml

api:
  dashboard: true
  insecure: true

entryPoints:
  web:
    address: ":80"
    forwardedHeaders:
      insecure: true
  websecure:
    address: ":443"
  traefik:
    address: ":8080"

providers:
  ecs:
    clusters:
      - "my-cluster"
    region: "us-east-1"
    exposedByDefault: false
    refreshSeconds: 15
    autoDiscoverClusters: true
  file:
    directory: "/etc/traefik/dynamic"
    watch: true

log:
  level: "DEBUG"

accessLog: {}

ping:
  entryPoint: "web"

dynamic/dynamic-conf.yml

http:
  middlewares:
    user-port-selector:
      redirectRegex:
        regex: "^/user/([^/]+)\\?port=(\\d+)$"
        replacement: "/user/${1}:${2}"
    ws-headers:
      headers:
        customRequestHeaders:
          Connection: "Upgrade"
          Upgrade: "websocket"

  routers:
    user-router:
      rule: "PathPrefix(`/user/`)"
      service: "user-service"
      entryPoints:
        - "websecure"
      middlewares:
        - "user-port-selector"
        - "ws-headers"

  services:
    user-service:
      loadBalancer:
        passHostHeader: true

Labels on my ECS task

            "dockerLabels": {
                "traefik.http.middlewares.ws-headers.headers.customrequestheaders.Upgrade": "websocket",
                "traefik.enable": "true",
                "traefik.http.services.user-service.loadbalancer.passHostHeader": "true",
                "traefik.http.routers.user-router.rule": "PathPrefix(`/user/{%GROUP%}`)",
                "traefik.http.services.user-service.loadbalancer.server.port": "8000",
                "traefik.http.routers.user-router.service": "user-service",
                "traefik.http.routers.user-router.entrypoints": "websecure",
                "traefik.http.middlewares.ws-headers.headers.customrequestheaders.Connection": "Upgrade",
                "traefik.http.routers.user-router.middlewares": "ws-headers"

I was aiming to start tasks with a specific 'group' tag which I can then have as the end of my path but I am open to alternative ways of getting the user request to the right task.
So far I managed to get the dashboard up and can see that the ECS provider can has made a connection to the task but when I have a bastion try to curl Traefik with the below request I get a 404 error.

curl -v -H "Connection: Upgrade" \
     -H "Upgrade: websocket" \
     -H "Sec-WebSocket-Key: dummy123" \
     -H "Sec-WebSocket-Version: 13" \
     http://<traefik-private-ip>/user/<group>

Any help to get this working would be much appreciated,
Thanks in advance.

Topic		Replies	Views
Traefik ECS provider is not forwarding client IP with AWS ALB Traefik v2 ecs , cli	2	1170	March 23, 2022
Traefik 2.3 RC not able to talk to ECS Traefik v2 ecs	0	990	August 10, 2020
Traefik ECS Problem Traefik v1 ecs	2	684	January 23, 2020
Intermittent Response and Routing from Traefik in AWS ECS/Fargate Traefik v2 ecs , docker	0	906	June 7, 2022
Traefik 502 Bad Gateway with WSS on AWS ECS Fargate Traefik v2 ecs	1	707	September 29, 2022

ECS Routing Issues

Related topics