Home page only works some times depending on

ProtocolNebula · January 9, 2023, 7:59pm

Hi,
I'm struggling with a random behavior where the "/" only work under certain conditions and I cannot understand why does not recognize correctly my dashy:

Rule configuration (I tested both and other random tests):

- "traefik.http.routers.{SERVICE}.rule=PathPrefix(`/`)"
- "traefik.http.routers.{SERVICE}.rule=Host(`my.domain.example`, `192.168.0.201`)"

It works for the example whoami docker and SOMETIMES in the dashy container.

If I move it to another docker-compose file with the same network configuration, it does not work except if I just specify one host only (and it only works sometimes).

I also have a transmission in another file which works the whole time ("traefik.http.routers.torrent.rule=PathPrefix(/torrent)").

I don't know what options more to change, is not an issue to share the file, but it only works sometimes, which is also frustrating.

Here the full docker-compose.yml (I've just duplicated the dashy settings). Of course only dashy or whoami runs at the same time:

version: '3.7'

services:
  traefik:
    container_name: traefik
    image: traefik:v2.9
    restart: unless-stopped
    ports:
      - 81:80
      - 444:443
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Europe/Madrid
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /volume2/virtualization/docker/traefik:/etc/traefik
      - /volume2/virtualization/docker/traefik/letsencrypt/:/letsencrypt
    command:
      - '--api=true'
      - '--api.dashboard=true'
      - '--api.insecure=true'
      - '--pilot.dashboard=false'
      - '--global.sendAnonymousUsage=false'
      - '--global.checkNewVersion=false'
      - '--log=true'
      - '--log.level=DEBUG'
      - '--log.filepath=/config/traefik.log'
      - '--providers.docker=true'
      - '--providers.docker.exposedByDefault=false'
      - '--entryPoints.web=true'
      - '--entryPoints.web.address=:8080/tcp'
      - '--entryPoints.web.http.redirections.entryPoint.to=https'
      - '--entryPoints.web.http.redirections.entryPoint.scheme=https'
      ## Please see the Forwarded Header Trust section of the Authelia Traefik Integration documentation.
      # - '--entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7'
      # - '--entryPoints.web.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7'
      - '--entryPoints.web.forwardedHeaders.insecure=false'
      - '--entryPoints.web.proxyProtocol.insecure=false'
      - '--entryPoints.websecure=true'
      - '--entryPoints.websecure.address=:443'
      ## Please see the Forwarded Header Trust section of the Authelia Traefik Integration documentation.
      # - '--entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7'
      # - '--entryPoints.websecure.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7'
      - '--entryPoints.websecure.forwardedHeaders.insecure=false'
      - '--entryPoints.websecure.proxyProtocol.insecure=false'
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
      #- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.letsencrypt.acme.email=nas@domain.example"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    networks:
      - mynetwork
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.nas.domain.example`)"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - traefik.http.routers.dashboard.tls=true
      - "traefik.http.routers.dashboard.service=api@internal"
      # - 'traefik.http.routers.dashboard.middlewares=authelia@docker'
      - traefik.http.routers.dashboard.tls.certresolver=letsencrypt
    # depends_on:
    #   - authelia

  ## whoami - Hacer pruebas de la red y la ruta y los certificados
  whoami:
    container_name: whoami
    image: traefik/whoami
    networks:
      - mynetwork
    labels:
      - "traefik.enable=true"
      # BOTH WORKS HERE
      # - "traefik.http.routers.whoami.rule=Host(`my.domain.example`, `192.168.0.201`)"
      - "traefik.http.routers.whoami.rule=PathPrefix(`/`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
      - "traefik.http.routers.whoami.tls=true"

  dashy:
    image: lissy93/dashy
    container_name: dashy
    restart: "unless-stopped"
    environment:
      - NODE_ENV=production
      - PUID=1026
      - PGID=100
    volumes:
      - /volume2/virtualization/docker/dashy/conf.yml:/app/public/conf.yml
    networks:
      - mynetwork
    ports:
      - 8000:80
    labels:
      - "traefik.enable=true"
      # NO ONE WORKS HERE
      - "traefik.http.routers.home.rule=PathPrefix(`/`)"
      # - "traefik.http.routers.home.rule=Host(`my.domain.example`, `192.168.0.201`)"
      # - "traefik.http.services.home.loadbalancer.server.port=80"
      - "traefik.http.routers.home.entrypoints=websecure"
      - "traefik.http.routers.home.tls.certresolver=letsencrypt"
      - "traefik.http.routers.home.tls=true"

networks:
  mynetwork:
    name: mynetwork
    driver: bridge

The debug console does not provide any issue, and also the log files are not working (maybe permissions, maybe path, I'm trying to solve it apart).

traefik.yml:

global:
  checkNewVersion: false
  sendAnonymousUsage: true
api:
  insecure: true
  dashboard: true
entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: "websecure"
          scheme: "https"
  websecure:
    address: ":443"
certificatesResolvers:
  letsencrypt:
    acme:
      email: "ruben@racs.es"
      storage: "/letsencrypt/acme.json"
      httpChallenge:
        entryPoint: web
      dnsChallenge:
        provider: "manual"
        delayBeforeCheck: "10"
      # domains:
      #   main: "*.racs.es"
providers:
  docker:
    # defaultRule: "Host(`{{ trimPrefix `/` .Name }}.rac2.asuscomm.com`)"
    # defaultRule: "Host(`rac2.asuscomm.com/{{ trimPrefix `/` .Name }}`)"
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: true
    watch: true
  # file:
  #   filename: /etc/traefik/dynamic-config.yml

Thanks for the help in advance.

bluepuma77 · January 9, 2023, 9:44pm

What do you want to achieve? Usually Traefik is used as reverse proxy, have different sub-domains be routed to different applications on the same host.

You can use rule=Host( domain ) for that. The domain will be used to create a LetsEncrypt TLS certificate. If you access the site with IP, you will probably see bold browser warnings.
You can use PathPrefix to place services under a path of a domain, but I can't recommend that as most webapps are implemented with a fixed path and changing it will break their navigation.

Your main problem might be, that you want to use static config via command in docker-compose.yml and via traefik.yml file. Both are not possible together, pick one. And in the file you use two certresolver challenge methods, pick one.

ProtocolNebula · January 9, 2023, 10:57pm

Thanks for reply.

Well, I did this before with nginx (without docker) but technically this is easiest.
Additionally I want to have access in my local network through IP and with domain for internet (just because some routers does not support the public domain and I want to avoid the ports usage).

I wanna proxy some services (sonar, radarr, dashy, transmission and so on) in subfolders.

Additionally, other services such traefik dashboard, code, etc... will be in another subdomain.
I tried to do it with only subfolders, but in any case, I need the dashboard working as "main" service, but preferrably in an external file (transmission is working fine in an external file, but duplicate the settings does not work )

EDIT: Doing more changes, I've re-do the network connection and now seems to be working with other services (code).
Dashy will remain in the main file but I have faith that is fixed.

The remaining think os to get working the internal IP with subfolders and avoiding to re-create all the rules (but is a minor issue in fact, maybe I'll let everyting with ports as I worked until now).

My solution:

Created a network from the terminal docker network create media-shared
Commented all network in all files (theyre wrongly typed).
Added at the bottom of all:

networks:
  default:
    external:
      name: media-shared

system · January 12, 2023, 10:57pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.