Error connecting from Traefik to a service running on a diferent swarm node

This is my stack file:

version: '3.3'

services:

  traefik:
    image: traefik:v2.9.6
    ports:
      - 80:80
      - 443:443
    deploy:
      placement:
        constraints:
          - 'node.hostname == arasaac2'
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
        - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
        - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
        - traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
        - traefik.http.routers.traefik-public-http.entrypoints=http
        - traefik.http.routers.traefik-public-http.middlewares=https-redirect
        - traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable not set}`)
        - traefik.http.routers.traefik-public-https.entrypoints=https
        - traefik.http.routers.traefik-public-https.tls=true
        - traefik.http.routers.traefik-public-https.service=api@internal
        - traefik.http.routers.traefik-public-https.tls.certresolver=le
        - traefik.http.routers.traefik-public-https.middlewares=admin-auth
        - traefik.http.services.traefik-public.loadbalancer.server.port=8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-public-certificates:/certificates
    command:
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=traefik-public
      - --providers.docker.swarmmode
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      - --certificatesresolvers.le.acme.tlschallenge=true
      - --accesslog
      - --log=DEBUG
      - --api
    networks:
      - traefik-public

  web1:
    image: 'nginx'
    networks:
      - traefik-public
    deploy:
      restart_policy:
        condition: on-failure
      placement:
        constraints:
          - 'node.hostname == swarmtest'
      replicas: 1
      labels:
        - traefik.enable=true
        - traefik.http.routers.web1.entrypoints=http
        - traefik.docker.network=traefik-public
        - traefik.http.services.web1.loadbalancer.server.port=80
        - traefik.http.services.web1.loadbalancer.server.scheme=http
        - traefik.http.routers.web1.tls=false
        # - traefik.http.routers.web1.tls.certresolver=production
        - traefik.http.routers.web1.rule=Host(`web1.arasaac.org`)

volumes:
  traefik-public-certificates:

networks:
  traefik-public:
    external: true

When traefik and web1 are running on the manager node (hostname: arasaac2) everything works ok. If I move web1 service to a worker node I get a 504 error. These are the logs from traefik:

proxy_traefik.1.6sld8nuc0wo6@arasaac2    | 10.0.0.2 - - [26/Apr/2023:11:05:12 +0000] "GET / HTTP/1.1" 499 21 "-" "-" 27 "web1@docker" "http://10.0.5.30:80" 3925ms
proxy_traefik.1.6sld8nuc0wo6@arasaac2    | 10.0.0.2 - - [26/Apr/2023:11:05:16 +0000] "GET / HTTP/1.1" 504 15 "-" "-" 28 "web1@docker" "http://10.0.5.30:80" 30000ms

I ping from traefik container to web1 succesfully.

Configuration looks okay to me. You checked that the nginx instance is running?

Have you tested that your Docker network works correctly? We have a vSwitch which reduces the TCP MTU. Short messages below 1400 Bytes always worked, but larger messages failed. Had to modify the Docker network, solution somewhere here in the forum.

Update: probably needs swarmmode=true. (Docs)

Just solved! One machine was a vmware instance. I had to change a port to make it work:
docker swarm init --data-path-port=7789

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.