Gateway timeout after some reverted changes

Hi,

I was testing to add a new container, and since I was not having the time to finish, I temporarly reverted by my config to the last working version, but now when I try to access my previously working services, it just says "Gateway Timeout".

If I try to access them directly(without going through Traefik), it seems to work.

version: "3.9"

services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
      - "--certificatesresolvers.myresolver.acme.email=hello@world.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "8080:8080"
      - "443:443"
    environment:
      - "OVH_ENDPOINT=ovh-eu"
      - "OVH_APPLICATION_KEY=A"
      - "OVH_APPLICATION_SECRET=B"
      - "OVH_CONSUMER_KEY=C"
    volumes:
      - config-letsencrypt:/letsencrypt
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.test.com`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.force-secure.redirectscheme.scheme=https"
      - "traefik.http.middlewares.force-secure.redirectscheme.permanent=true"
      - traefik.http.routers.http-catchall.rule=HostRegexp(`{any:.+}`)
      - traefik.http.routers.http-catchall.entrypoints=web
      - traefik.http.routers.http-catchall.middlewares=force-secure

  emby:
    image: lscr.io/linuxserver/emby:latest
    container_name: emby
    environment:
      - PUID=1028
      - PGID=100
      - TZ=Europe/Zurich
    volumes:
      - config-emby:/config
      - media:/data/
    ports:
      - 8096:8096
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.emby.rule=Host(`emby.test.com`)"
      - "traefik.http.routers.emby.entrypoints=websecure"
      - "traefik.http.routers.emby.tls.certresolver=myresolver"
      - "traefik.http.services.emby.loadbalancer.server.port=8096"
    restart: unless-stopped

  transmission:
    image: lscr.io/linuxserver/transmission:version-3.00-r8
    container_name: transmission
    environment:
      - PUID=1028
      - PGID=100
      - TZ=Europe/Zurich
    volumes:
      - config-transmission:/config
      - downloads:/downloads
      - movies:/movies
      - software:/software
    ports:
      - 9091:9091
      - 51413:51413
      - 51413:51413/udp
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.transmission.rule=Host(`transmission.test.com`)"
      - "traefik.http.routers.transmission.entrypoints=websecure"
      - "traefik.http.routers.transmission.tls.certresolver=myresolver"
      - "traefik.http.services.transmission.loadbalancer.server.port=9091"

  medusa:
    image: lscr.io/linuxserver/medusa:latest
    container_name: medusa
    environment:
      - PUID=1028
      - PGID=100
      - TZ=Europe/London
    volumes:
      - config-medusa:/config
      - downloads:/downloads
      - tvshows:/tv
    ports:
      - 8081:8081
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.medusa.rule=Host(`medusa.test.com`)"
      - "traefik.http.routers.medusa.entrypoints=websecure"
      - "traefik.http.routers.medusa.tls.certresolver=myresolver"
      - "traefik.http.services.medusa.loadbalancer.server.port=8081"

  ddns-updater:
    image: qmcgaw/ddns-updater
    container_name: ddns-updater
    volumes:
      - config-ddns:/updater/data
    ports:
      - 8007:8007/tcp
    environment:
      - PERIOD=5m
      - CONFIG=
      - UPDATE_COOLDOWN_PERIOD=5m
      - PUBLICIP_FETCHERS=all
      - PUBLICIP_HTTP_PROVIDERS=all
      - PUBLICIPV4_HTTP_PROVIDERS=all
      - PUBLICIPV6_HTTP_PROVIDERS=all
      - PUBLICIP_DNS_PROVIDERS=all
      - PUBLICIP_DNS_TIMEOUT=3s
      - HTTP_TIMEOUT=10s

      # Web UI
      - LISTENING_PORT=8007
      - ROOT_URL=/

      # Backup
      - BACKUP_PERIOD=0 # 0 to disable
      - BACKUP_DIRECTORY=/updater/data

      # Other
      - LOG_LEVEL=info
      - LOG_CALLER=hidden
      - SHOUTRRR_ADDRESSES=
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ddns-updater.rule=Host(`ddns.test.com`)"
      - "traefik.http.routers.ddns-updater.entrypoints=websecure"
      - "traefik.http.routers.ddns-updater.tls.certresolver=myresolver"
      - "traefik.http.services.ddns-updater.loadbalancer.server.port=8007"

  heimdall:
    image: lscr.io/linuxserver/heimdall:latest
    environment:
      - PUID=1028
      - PGID=100
      - TZ=Europe/London
    volumes:
      - config-heimdall:/config
    ports:
      - 444:443
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.heimdall.rule=Host(`home.test.com`)"
      - "traefik.http.routers.heimdall.entrypoints=websecure"
      - "traefik.http.routers.heimdall.tls.certresolver=myresolver"
      - "traefik.http.routers.heimdall.tls=true"
      - "traefik.http.services.heimdall.loadbalancer.server.port=443" 
      - "traefik.http.services.heimdall.loadbalancer.server.scheme=https"


volumes:
  tvshows:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/media/tvshows"
  movies:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/media/movies"
  media:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/media"
  software:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/media/software"
  config-emby:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/config/emby"
  config-ddns:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/config/ddns"
  downloads:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/work/torrent/downloads"
  config-transmission:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/config/transmission"
  config-medusa:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/config/medusa"
  config-letsencrypt:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/config/letsencrypt"
  config-heimdall:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/config/heimdall"
  config-wireguard:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.0.60,nolock,rw,soft"
      device: ":/volume2/apps/config/wireguard"

What did I manage to mess up? Since I was trying to setup wireguard, I did tried some network stuff, but I'm totally sure that the docker-compose file I reverted back too is the same as the one working. Is there some cache somewhere that I should remove?

In the logs I see this:

time="2023-07-03T19:36:37Z" level=debug msg="'504 Gateway Timeout' caused by: dial tcp 10.0.0.14:8081: i/o timeout"

But in portainer, if I check my home-stack_default network, it says 10.0.3.0/24, so I guess this ip (10.0.0.14) is not the proper one?

Hum, I just found the solution:

If I now force traefik to use the default network:
- "--providers.docker.network=home-stack_default"

it does work. But if somebody could explain why it started to use another network and how it decided to stick with it, I would gladly take its explanations :wink:

I recommend to use a dedicated Docker network, not rely on Docker default networks, see simple Traefik example.