iali
December 23, 2024, 2:31pm
1
hello,
at the moment traefik cannot enable plguin ldap auth nor communicate with outside.
in the logs i see:
{“level”: “error”, “error”:{“Op”: “Get”, “URL”: “https://plugins.traefik.io/public/download/github.com/wiltonsr/ldapAuth/v0.1.9” , “Err”:{}}, “method”: “GET”, “url”: “https://plugins.traefik.io/public/download/github.com/wiltonsr/ldapAuth/v0.1.9” , “time”: “2024-12-23T14:23:41Z”, “caller”: “github.com/hashicorp/go-retryablehttp@v0.7.7/client.go:718” , “message”: “Request failed”}
specific that the server on which traefik is installed has been segregated and squid proxy is used to reach the internet.
how can i configure traefik, so that it uses the proxy to be able to reach the internet and get plguins going?
Thank you
Did you try setting the usual env vars?
services:
traefik:
image: traefik:v3
environment:
- HTTP_PROXY=http://proxy.example.com:3128
- HTTPS_PROXY=http://proxy.example.com:3128
- NO_PROXY=localhost,127.0.0.1,.example.com
…
iali
December 23, 2024, 4:08pm
3
yes @bluepuma77 i tried and doing docker exec -it traefik sh i see the following:
apk add curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/community/x86_64/APKINDEX.tar.gz
(1/9) Installing brotli-libs (1.1.0-r2)
(2/9) Installing c-ares (1.34.3-r0)
(3/9) Installing libunistring (1.2-r0)
(4/9) Installing libidn2 (2.3.7-r0)
(5/9) Installing nghttp2-libs (1.64.0-r0)
(6/9) Installing libpsl (0.21.5-r3)
(7/9) Installing zstd-libs (1.5.6-r1)
(8/9) Installing libcurl (8.11.1-r0)
(9/9) Installing curl (8.11.1-r0)
Executing busybox-1.37.0-r8.trigger
OK: 12 MiB in 26 packages
curl -v google.it
* Use the proxy variable env NO_PROXY == 'localhost,127.0.0.1,::1'.
* The host google.co.uk:80 has been resolved.
* IPv6: 2a00:1450:4002:402::2003.
* IPv4: 142.250.180.131.
* Try [2a00:1450:4002:402::2003]:80...
* Immediate connection failure for 2a00:1450:4002:402::2003: Network unreachable.
* Try 142,250,180,131:80...
so apk add works and curl doesn't
and then from the logs I see
{“level”: “debug”, “error”: “proxyconnect tcp: dial tcp 10.140.9.13:23128: i/o timeout”, “time”: “2024-12-23T16:02:18Z”, “caller”: “github.com/traefik/traefik/v3/pkg/proxy/httputil/proxy.go:113”, “message”: “504 Gateway Timeout”}
{“level”: “debug”, “error”: “proxyconnect tcp: dial tcp 10.140.9.13:23128: i/o timeout”, “time”: “2024-12-23T16:02:18Z”, “caller”: “github.com/traefik/traefik/v3/pkg/proxy/httputil/proxy.go:113”, “message”: “504 Gateway Timeout”}.
also makes me all backends unreachable with the status 504 Gateway Time-out
Thanks
wget
is included in the Traefik image.
Share your full Traefik static and dynamic config, and docker-compose.yml
if used.
iali
December 23, 2024, 10:19pm
5
Hi @bluepuma77
These are my 3 files, also can you tell me which conf can I leave in the static file traefik.yaml, and which ones should I move to a dynamic file under /etc/traefik?
also i wanted to ask if once i edit a dynamic file reload it in traefik , without having to restart traefik itself, since during the restart all the services behind it are made unavailable
docker-compose.yml:
#version: '3.9'
services:
traefik-mgmt-01:
image: traefik:latest
container_name: traefik-mgmt-01
#environment:
# - HTTP_PROXY=http://10.140.9.13:23128
# - HTTPS_PROXY=http://10.140.9.132:3128
# - NO_PROXY=localhost,127.0.0.1,::1
restart: unless-stopped
ports:
- 80:80
- 443:443
#- 5432:5432
- 9200:9200
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config/:/etc/traefik/
- /nas/logs/traefik-mgmt-01:/var/log/traefik
- /etc/hosts:/etc/hosts:ro
networks:
- Proxy
logging:
driver: "json-file" # Continua a usare json-file
options:
tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}"
networks:
Proxy:
external: true
traefik.yml:
global:
checkNewVersion: true
sendAnonymousUsage: false # true by default
serversTransport:
insecureSkipVerify: false
rootCAs:
- /etc/traefik/certs/ca.pem
log:
level: DEBUG
format: json
filePath: /var/log/traefik/traefik-mgmt-01.log
accesslog:
format: json
filePath: /var/log/traefik/traefik-mgmt-01.access
api:
dashboard: true
insecure: false
entryPoints:
web:
http:
redirections:
entryPoint:
to: websecure
scheme: https
address: :80
forwardedHeaders:
insecure: true
websecure:
address: :443
forwardedHeaders:
insecure: true
transport:
respondingTimeouts:
readTimeout: 0
writeTimeout: 0
idleTimeout: 0
postgres:
address: :5432
forwardedHeaders:
insecure: true
node-exporter:
address: :9100
forwardedHeaders:
insecure: true
ping:
address: ":8080"
ping:
entryPoint: "ping"
tls:
Certificates:
- certFile: /etc/traefik/certs/cert.pem
keyFile: /etc/traefik/certs/cert-key.pem
providers:
docker:
exposedByDefault: false
endpoint: 'unix:///var/run/docker.sock'
watch: true
file:
# watch for dynamic configuration changes
directory: /etc/traefik
watch: true
metrics:
prometheus:
#entryPoint: metrics
addEntryPointsLabels: true
addRoutersLabels: true
addServicesLabels: true
manualRouting: true
buckets:
- 0.1
- 0.3
- 1.2
- 5.0
http:
middlewares:
remove-referer:
headers:
customRequestHeaders:
Referer: ""
frame-sameorigin:
headers:
customResponseHeaders:
X-Frame-Options: "SAMEORIGIN"
auth:
basicAuth:
usersFile: "/etc/traefik/conf/.htpasswd"
removeHeader: false
blockpath:
plugin:
blockpath:
Regex:
- ^/user-settings/user-change-password(.*)
- ^/forgot-password(.*)
ipwhitelist:
ipWhiteList:
sourceRange:
- "10.0.68.0/24"
- "10.0.67.0/24"
experimental:
plugins:
ldapAuth:
moduleName: "github.com/wiltonsr/ldapAuth"
version: "v0.1.9"
/etc/traefik/mgmt.yml
http:
routers:
traefik-metrics:
rule: "Host(`rproxy-metrics.***.it`)"
entryPoints:
- websecure
service: prometheus@internal
tls: true
traefik-dashboard:
rule: Host(`rproxy-mgmt.***.it`) #&& (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
service: api@internal
entryPoints:
- websecure
tls: true
#middlewares:
# - ldapAuth
services:
Thanks