Hi,
I am trying to use Traefik as a reverse proxy for some docker containers but I am stuk with an 521 Web server is down error.
This is the docker-compose.yml I am using:
version: "3"
services:
traefik:
container_name: traefik
image: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
environment:
- CF_API_EMAIL=${CLOUDFLARE_EMAIL}
- CF_API_KEY=${CLOUDFLARE_API_KEY}
ports:
- 80:80
- 433:433
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./acme/acme.json:/acme.json
networks:
- web_proxy
command:
# Global settings
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=false
# Entrypoints
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
# Dashboard
- --api=true
- --api.dashboard=true
- --api.insecure=false
- --api.debug=false
# Log
- --log=true
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
# Certificate
- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server
- --certificatesResolvers.dns-cloudflare.acme.email=${CLOUDFLARE_EMAIL}
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
# Docker provider
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.exposedByDefault=false
- --providers.docker.network=web_proxy
- --providers.docker.swarmMode=false
- --providers.docker.defaultRule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAIN`)
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=dns-cloudflare"
- "traefik.http.routers.traefik.entrypoints=websecure"
# Basic auth
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=$TRAEFIK_USER_PASSWORD"
networks:
web_proxy:
external:
name: web_proxy
I am spinning up Portainer to test the revere proxing:
version: '3'
services:
portainer:
image: portainer/portainer
container_name: portainer
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/data
restart: unless-stopped
ports:
- 9000:9000 # Just to be sure Portainer is working
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.service=portainer"
- "traefik.http.routers.portainer.tls.certresolver=dns-cloudflare"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
networks:
- web_proxy
networks:
web_proxy:
external:
name: web_proxy
Now, after starting Traefik certificates are successfully generated and in my acme.json I find:
{
"dns-cloudflare": {
"Account": {
"Email": "redacted@gmail.com",
"Registration": {
"body": {
"status": "valid",
"contact": [
"mailto:redacted@gmail.com"
]
},
"uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/15512779"
},
"PrivateKey": "redacted",
"KeyType": "4096"
},
"Certificates": [
{
"domain": {
"main": "traefik.domain.com"
},
"certificate": "redacted",
"key": "redacted",
"Store": "default"
},
{
"domain": {
"main": "portainer.domain.com"
},
"certificate": "redacted",
"key": "redacted",
"Store": "default"
}
]
}
}
But if I hit traefik.domain.com or portainer.domain.com there is a Cloudflare page with the 521 error. Portainer is working because I can see the dashboard going to ip:9000.
If I access ip:80 I get a 404 error.
I have been using nginx-proxy to proxy my containers for a while now so I do not think there is something wrong with my cloudflare configuration but I may be wrong.
The logs of traefik container are: https://pastebin.com/hrgMxm9K