Failing to setup different destinations for acme-challenges

Traefik Traefik v2 (latest)
, ,
1

I'm failing to route acme-challenges to different endpoints depending on the host name. I have the built-in certprovider configured like this

[http.routers.acme]
    entryPoints = ["web"]
    rule = "PathPrefix(`/.well-known/acme-challenge/`)"
    priority = 999
    service = "acme-http"

[http.services.acme-http.loadBalancer]
    [[http.services.acme-http.loadBalancer.servers]]
        url = "http://127.0.0.1:10081/"

Then I have an additional router configured like this:

[http.routers.subdomain1]
    entryPoints = ["web"]
    rule = "Host(`subdomain.example.com`) && PathPrefix(`/.well_known/acme-challenge/`)"
    priority = 1000
    service = "svc-subdomain-http"

[http.routers.subdomain2]
    entryPoints = ["web"]
    rule = "Host(`subdomain.example.com`)"
    priority = 1
    middlewares = ["http2https"]
    service = "svc-subdomain-http"

[http.services]
    [http.services.svc-subdomain-http.loadBalancer]
        [[http.services.svc-subdomain-http.loadBalancer.servers]]
        url = "http://172.26.10.95/"

I would expect the acme-challenges for subdomain.example.com hit the svc-subdomain-http service while all other challenges go to the built-in service.

HTTPS redirection works fine. However, all acme-challenges hit the built-in service. In the logs I can only find this error message:

time="2020-10-12T00:37:00+02:00" level=debug msg="Unable to split host and port: address subdomain.example.com: missing port in address. Fallback to request host." providerName=le.acme

This is the request:

time="2020-10-12T00:37:02+02:00" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":
\"/.well-known/acme-challenge/ZvKLsVY3iZ-e05lfjIVo-5SJLfSYfIqXPqvmj8DeDSs\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"Pr
otoMinor\":1,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate\"
],\"Accept-Language\":[\"en-GB,en-US;q=0.9,en;q=0.8\"],\"Cache-Control\":[\"max-age=0\"],\"Connection\":[\"keep-alive\"],\"Cookie\":[\"MWA_LANGUAGE=en\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozill
a/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36\"],\"X-Forwarded-Host\":[\"subdomain.example.com\"],\"X-Forwarded-Port\":[\"80\"],\"X-Forwarde
d-Proto\":[\"http\"],\"X-Forwarded-Server\":[\"example\"],\"X-Real-Ip\":[\"x.x.x.x\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"subdomain.example.com\",\"Form\":null,\"PostForm\":null,\"Mult
ipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"x.x.x.x:60972\",\"RequestURI\":\"/.well-known/acme-challenge/ZvKLsVY3iZ-e05lfjIVo-5SJLfSYfIqXPqvmj8DeDSs\",\"TLS\":null}"

Traefik runs in Docker with network mode host. There is port forwarding from the router involved.

How can I fix this?

2

Found the typo... duh!

3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.