I'm trying to get Crafty Controller working so I can host some Minecraft servers for my friends. I've been able to verify that all my containers are running properly, but when I try accessing the dashboard at crafty.mydomain.com I get a page that says "Bad Gateway." If I access the dashboard from crafty.mydomain.com:8443 (the default port for the secure dashboard) I got the dashboard with its default self-signed certificate.
Or I did when the problem first manifested. While double-checking things before posting this I'm now getting a 404 page at the bare subdomain and all browsers I try are rejecting the self-signed certificate (I could click through to the portal in some browsers before).
Clearly I'm missing something in my routing/networking config, but I'm enough of a newbie to not have it be obvious to me.
api: dashboard: true serversTransport: insecureSkipVerify: true entryPoints: web: address: ":80" http: redirections: entryPoint: to: websecure websecure: address: ":443" http: middlewares: - secureHeaders@file tls: certResolver: letsencrypt providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false file: filename: /configurations/dynamic.yml certificatesResolvers: letsencrypt: acme: email: email@example.com storage: acme.json keyType: EC384 httpChallenge: entryPoint: web
# Dynamic configuration http: middlewares: secureHeaders: headers: sslRedirect: true forceSTSHeader: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 31536000 user-auth: basicAuth: users: - "redacted:redacted" tls: options: default: cipherSuites: - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 minVersion: VersionTLS12
My Traefic docker-compose.yml
version: "3.8" services: traefik: image: "traefik:latest" container_name: traefik restart: unless-stopped security_opt: - "no-new-privileges:true" networks: - proxy ports: - "80:80" - "443:443" volumes: - "/etc/localtime:/etc/localtime:ro" - "/var/run/docker.sock:/var/run/docker.sock:ro" - "./data/traefik.yml:/traefik.yml:ro" - "./data/acme.json:/acme.json" - "./data/configurations:/configurations" labels: - traefik.enable=true - traefik.docker.network=proxy - traefik.http.routers.traefik-secure.entrypoints=websecure - traefik.http.routers.traefik-secure.rule=Host(`traefik.mydomain.com`) - traefik.http.routers.traefik-secure.service=api@internal - traefik.http.routers.traefik-secure.middlewares=user-auth@file networks: proxy: external: true
And my Crafty Controller docker-compose.yml:
version: '3' services: crafty: container_name: crafty_container image: registry.gitlab.com/crafty-controller/crafty-4:4.2.1 restart: unless-stopped environment: - TZ=redacted ports: - "8000:8000" # HTTP - "8443:8443" # HTTPS - "8123:8123" # DYNMAP - "19132:19132/udp" # BEDROCK - "25500-25600:25500-25600" # MC SERV PORT RANGE volumes: - ./backups:/crafty/backups - ./logs:/crafty/logs - ./servers:/crafty/servers - ./config:/crafty/app/config - ./import:/crafty/import labels: - traefik.enable=true - traefik.docker.network=proxy - "traefik.http.routers.crafty.tls=true" - "traefik.http.routers.crafty.tls.certresolver=letsencrypt" - "traefik.http.routers.crafty.service=crafty" - traefik.http.routers.crafty.entrypoints=websecure - "traefik.http.services.crafty.loadbalancer.server.scheme=https" - "traefik.http.services.crafty.loadbalancer.server.port=8443" - traefik.http.routers.crafty.rule=Host(`crafty.mydomain.com`) - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto = https" networks: - proxy networks: proxy: external: true
I'm not using swarm mode, and a lot of the fancier settings are pulled from a tutorial I found, with a bit of tweaking.
This feels like it should be an easy fix, but I'm neither skilled enough at parsing the docs nor experienced enough with Traefik in general to know what I should do here. I'd ask the Crafty Controller folks, but the devs claim that none of them use Traefik themselves and both the install docs and reverse proxy configuration docs look like they should work (the Traefik config was provided by a member of their community), but clearly aren't working with how I attempted to merge them with my existing Traefik config.
So, what am I doing wrong? Hopefully it's something simple and/or obvious, but I seem to have reached the limits of my knowledge. All help is appreciated, thanks. And sorry for the wall of text, but I'm not sure what information is unnecessary for this problem, hence me providing everything I currently can.