Getting 500: Unsupported protocol scheme when trying to access AMP

So, I'm trying to setup traefik to reverse proxy from https to an internal server, on http, running CubeCoders AMP (control panel for gameservers).
Not the servers themselves, just to the web-based control panel, running on http.

I get the following debug info:

traefik  | 2024-10-05T10:14:09Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: cbf29ce484222325
traefik  | 2024-10-05T10:14:09Z DBG github.com/traefik/traefik/v3/pkg/server/service/proxy.go:100 > 500 Internal Server Error error="unsupported protocol scheme \"\""

Error being:

500 Internal Server Error error="unsupported protocol scheme \"\""

Now, I already do something similar, to another webtool, running on http where it works perfect. So perhaps something specific is required by AMP, I just don't know what and the error message doesn't really help me.

If anyone has experience with this or know if I need to set any headers or middleware to solve that error, please share.

My config is as follows:
router:

  routers:
    to-amp:
      rule: "Host(`amp.myhostname.com`)"
      tls:
        certResolver: letsencrypt
      service: amp

Service:

  services:
    amp:
      loadBalancer:
        servers:
          -url: "http://192.168.1.231:8080"

Enable and check Traefik debug log (doc) and Traefik access log in JSON format (doc).

JSON access log will tell you if the error status is coming from target service (OriginStatus) or only from Traefik (DownstreamStatus).

Ok, I then get:

{"ClientAddr":"192.168.1.1:65171","ClientHost":"192.168.1.1","ClientPort":"65171","ClientUsername":"myname","DownstreamContentSize":21,"DownstreamStatus":500,"Duration":77698187,"OriginContentSize":21,"OriginDuration":57839,"OriginStatus":500,"Overhead":77640348,"RequestAddr":"amp.hostname.com","RequestContentSize":0,"RequestCount":6,"RequestHost":"amp.hostname.com","RequestMethod":"GET","RequestPath":"/favicon.ico","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"to-amp@file","ServiceAddr":"","ServiceName":"amp@file","ServiceURL":"","StartLocal":"2024-10-05T20:47:44.972403326Z","StartUTC":"2024-10-05T20:47:44.972403326Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-10-05T20:47:45Z"}

500 on both Origin and Downstream.

That means your target service is creating error status 500. Check the logs of the service.

Replace target service with ’traefik/whoami` Docker image to see the http headers.

Ok, I get the exact same error with whoami.
I'm not using the docker integration, just setting it up as a remote url. Same issue.
I can access the host directly, on my internal network, just fine, but through Traefik I get the same http 500.

Compare to working simple Traefik example.

I don't really see anything different besides not using the docker connection.
I'm not really sure where to go from here.

@bluepuma77 my friend, how would you setup the dynamic config to the whoami container, if it wasn't running on the same host as traefik?
So no docker discovery. And http on whoami but https webendpoint on traefik?

This is basically what I am attempting and failing to do

Check simple Traefik external example, you probably don’t need the middleware and the Docker Swarm stuff.

I really don't get it. I have the exact same, very simple setup.

Complete dynamic config file (with some header experiments that hasn't helped):

# http routing section
http:
  middlewares:
    test-auth:
      basicAuth:
        usersFile: "/etc/traefik/auth"
    testHeaders:
      headers:
        customRequestHeaders:
          X-Forwarded-Proto: https
          Scheme: https
          X-Forwarded-For: 192.168.1.1
          X-Real-IP: 192.168.1.1
          X-AMP-Scheme: https
          Connection: Upgrade
  serversTransports:
    insecure:
      insecureSkipVerify: true
    noHttp2:
      disableHTTP2: true
  routers:
    to-dashboard:
      rule: "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      service: api@internal
      middlewares:
        - "test-auth"
      tls:
        certResolver: letsencrypt
    to-whoami:
      rule: "Host(`whoami.example.com`)"
      middlewares:
        - "testHeaders"
      tls:
        certResolver: letsencrypt
      service: whoami
  services:
    whoami:
      loadBalancer:
        serversTransport: insecure
        servers:
          -url: "192.168.1.134:32769"

whoami docker-compose:

version: "3.3"

services:
  whoami:
    restart: always
    image: "traefik/whoami"
    container_name: "simple-service"
    environment:
      - WHOAMI_PORT_NUMBER=32769
    ports:
      - "32769:32769"

traefik docker-compose:

version: "3.3"

services:
  traefik:
    restart: always
    image: "traefik:v3.1.5"
    container_name: "traefik"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "./traefik.yml:/etc/traefik/traefik.yml"
      - "./logs:/logs"
      - "./conf/dynamic.yml:/etc/traefik/dynamic_config.yml"
      - "./conf/authfile:/etc/traefik/auth"

Still getting unsupported protocol scheme "" on whoami.
I am lost.

Can you share traefik.yml?

Absolutely.

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
    asDefault: true
    proxyProtocol:
      insecure: true
      trustedIPs:
        - "192.168.1.134"
        - "192.168.1.1"
certificatesResolvers:
  letsencrypt:
    acme:
      email: REDACTED
      storage: /letsencrypt/acme.json
      httpChallenge:
        # used during the challenge
        entryPoint: web
providers:
  file:
    filename: /etc/traefik/dynamic_config.yml
log:
  level: DEBUG
  format: json
  filePath: "/logs/application.log"
accessLog:
  filePath: "/logs/access.log"
  format: json
api:
  insecure: true
  dashboard: true
  debug: true
  disableDashboardAd: true

Do you actually use that?

Just experimentation to try to fix things. Doesn't seem to have made any difference.

What do you think @bluepuma77? Anything wrong in my configs?
I cannot see any issues myself and I know I have had this working previous, on other hardware.
I am completely stuck. The whoami is probably the best example, why on earth will that not work?
What even is "protocol scheme" and why is it blank? I assume that is what the error message means.

500 Internal Server Error error="unsupported protocol scheme \"\""

Looks very much like a "" (empty) string.
This is why I tried to add custom request headers, to try to see if I could just pass some static value but no luck.

To clarify, I am running this on multiple servers.
Server A has traefik running.
Server B has the whoami docker container running.

I can access the whoami service if I goto the local address directly.
It only complains through traefik.

Hello @Nicoolai,

At first glance, in the latest dynamic configuration, the protocol is missing in the server URL definition.

Could you give it another try with the following configuration?

Same issue.
I started that way but wanted to try to see if it worked if I didn't have it.
So normally, I would have the protocol in there and I have it now again.

Are you sure you have all the right files mounted to the right places? Not that somehow an old file is used.

Restarted Traefik?

Freshly installed server, plenty of restarts.
I see it load up all the entrypoints and the routers in application log when I start.
It gets all the certificates for the hosts in the routes.
My other routes also work, it is just whoami (and AMP, my original issue) that has this problem.