Getting 404 response despite seemingly correct router setup

Traefik Traefik v3 (latest)
,
1

Hi,

I'm really scratching my head on this one, hoping someone could provide a friendly pointer to the thing I'm obviously missing.

some context: I'm setting up a VPS to host some services, using Traefik 3 as frontend. Traefik as well as the workloads run in independent docker compose stacks on this VPS, sharing a common docker network ("traefik").

I've tried doing a very minimal setup to get going with a new instance of authelia on a subdomain of mine and I cannot, for the life of me, get my requests routed to it. The service and route get created as expected - verified through logs and dashboard as you can see below -, the Traefik container can get to the detected service address, but no bueno.

Here's a dashboard screenshot of the router:

photo_2024-09-02_23-37-47
photo_2024-09-02_23-37-471029×936 62.5 KB

Here's a relevant access log snippet:

{
    "ClientAddr": "1.2.3.4:33198",
    "ClientHost": "1.2.3.4",
    "ClientPort": "33198",
    "ClientUsername": "-",
    "DownstreamContentSize": 19,
    "DownstreamStatus": 404,
    "Duration": 28332,
    "GzipRatio": 0,
    "OriginContentSize": 0,
    "OriginDuration": 0,
    "OriginStatus": 0,
    "Overhead": 28332,
    "RequestAddr": "login.example.com",
    "RequestContentSize": 0,
    "RequestCount": 197,
    "RequestHost": "login.example.com",
    "RequestMethod": "GET",
    "RequestPath": "/",
    "RequestPort": "-",
    "RequestProtocol": "HTTP/2.0",
    "RequestScheme": "https",
    "RetryAttempts": 0,
    "StartLocal": "2024-09-02T21:08:50.985375098Z",
    "StartUTC": "2024-09-02T21:08:50.985375098Z",
    "TLSCipher": "TLS_AES_128_GCM_SHA256",
    "TLSVersion": "1.3",
    "entryPointName": "https",
    "level": "info",
    "msg": "",
    "time": "2024-09-02T21:08:50Z"
}

Here's my static config

# traefik.yaml
api:
  dashboard: true
  insecure: true

log:
  level: TRACE

accessLog:
  addInternals: true
  format: json

providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    network: traefik
    constraints: 'LabelRegex(`publicName`, `.+`)'
    defaultRule: 'Host(`{{ index .Labels "publicName" }}`)'
    watch: true

  file:
    directory: /etc/traefik/dynamic
    watch: true

entryPoints:
  http:
    address: ':80'
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https

  https:
    address: ':443'
    http3: {}

http:
  routers:
    dashboard:
      rule: Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
      service: api@internal

And here's the relevant log lines from the Docker provider setting up the authelia router:

traefik_1  | 2024-09-02T21:28:18Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"routers":{"authelia-authelia":{"rule":"Host(`login.example.com`)","service":"authelia-authelia"}},"services":{"authelia-authelia":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.24.0.3:9091"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=docker
traefik_1  | 2024-09-02T21:28:18Z DBG  > No entryPoint defined for this router, using the default one(s) instead entryPointName=["http","https"] routerName=authelia-authelia
entryPointName=http routerName=authelia-authelia@docker serviceName=authelia-authelia@docker
traefik_1  | 2024-09-02T21:28:18Z DBG  > Creating server entryPointName=http routerName=authelia-authelia@docker serverName=d0f918a881967889 serviceName=authelia-authelia@docker target=http://172.24.0.3:9091
using the default one(s) instead entryPointName=["http","https"] routerName=authelia-authelia
entryPointName=http routerName=authelia-authelia@docker serviceName=authelia-authelia@docker
traefik_1  | 2024-09-02T21:40:35Z DBG  > Creating server entryPointName=http routerName=authelia-authelia@docker serverName=d0f918a881967889 serviceName=authelia-authelia@docker target=http://172.24.0.3:9091

I'm at a complete loss as to what I'm missing and hope someone can help me out a bit.

Thanks in advance!

Cheers

2

Can you describe your high level setup again? Which server is running where, which proxies to where?

3

It's all running on the same machine. Both Traefik and the workload run as independent docker compose stacks, which share the same docker network ("traefik"). The Traefik container exposes ports 80 and 443, the workload container exposes nothing.

I can even verify Traefik can talk to the workload... if I run wget from within the Traefik container trying to access the load balancer target of the authelia-authelia@docker service, I get the result I'm expecting.

4

in the meantime while this was hidden for a day for being flagged as spam, I found the cause of the issue: the https entrypoint did not have a tls configuration in its http options, so traefik wouldn't route traffic through it coming in from the https entrypoint (and the http one just immediately redirects to https, so...)

this was fixed by adding a default tls config to the http options of the https entrypoint (I got tls configured elsewhere in my dynamic config)

# snip
  https:
    address: ':443'
    http3: {}
    http:
      tls: {}
# snip
5

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.