How to Access Internet with forwrard proxy

hello,
at the moment traefik cannot enable plguin ldap auth nor communicate with outside.

in the logs i see:

{“level”: “error”, “error”:{“Op”: “Get”, “URL”: “https://plugins.traefik.io/public/download/github.com/wiltonsr/ldapAuth/v0.1.9”, “Err”:{}}, “method”: “GET”, “url”: “https://plugins.traefik.io/public/download/github.com/wiltonsr/ldapAuth/v0.1.9”, “time”: “2024-12-23T14:23:41Z”, “caller”: “github.com/hashicorp/go-retryablehttp@v0.7.7/client.go:718”, “message”: “Request failed”}

specific that the server on which traefik is installed has been segregated and squid proxy is used to reach the internet.

how can i configure traefik, so that it uses the proxy to be able to reach the internet and get plguins going?

Thank you

Did you try setting the usual env vars?

services:
  traefik:
    image: traefik:v3
    environment:
      - HTTP_PROXY=http://proxy.example.com:3128
      - HTTPS_PROXY=http://proxy.example.com:3128
      - NO_PROXY=localhost,127.0.0.1,.example.com
    …

yes @bluepuma77 i tried and doing docker exec -it traefik sh i see the following:

apk add curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.21/community/x86_64/APKINDEX.tar.gz
(1/9) Installing brotli-libs (1.1.0-r2)
(2/9) Installing c-ares (1.34.3-r0)
(3/9) Installing libunistring (1.2-r0)
(4/9) Installing libidn2 (2.3.7-r0)
(5/9) Installing nghttp2-libs (1.64.0-r0)
(6/9) Installing libpsl (0.21.5-r3)
(7/9) Installing zstd-libs (1.5.6-r1)
(8/9) Installing libcurl (8.11.1-r0)
(9/9) Installing curl (8.11.1-r0)
Executing busybox-1.37.0-r8.trigger
OK: 12 MiB in 26 packages
 curl -v google.it
* Use the proxy variable env NO_PROXY == 'localhost,127.0.0.1,::1'.
* The host google.co.uk:80 has been resolved.
* IPv6: 2a00:1450:4002:402::2003.
* IPv4: 142.250.180.131.
* Try [2a00:1450:4002:402::2003]:80...
* Immediate connection failure for 2a00:1450:4002:402::2003: Network unreachable.
* Try 142,250,180,131:80...

so apk add works and curl doesn't
and then from the logs I see

{“level”: “debug”, “error”: “proxyconnect tcp: dial tcp 10.140.9.13:23128: i/o timeout”, “time”: “2024-12-23T16:02:18Z”, “caller”: “github.com/traefik/traefik/v3/pkg/proxy/httputil/proxy.go:113”, “message”: “504 Gateway Timeout”}
{“level”: “debug”, “error”: “proxyconnect tcp: dial tcp 10.140.9.13:23128: i/o timeout”, “time”: “2024-12-23T16:02:18Z”, “caller”: “github.com/traefik/traefik/v3/pkg/proxy/httputil/proxy.go:113”, “message”: “504 Gateway Timeout”}.

also makes me all backends unreachable with the status 504 Gateway Time-out
Thanks

wget is included in the Traefik image.

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

Hi @bluepuma77
These are my 3 files, also can you tell me which conf can I leave in the static file traefik.yaml, and which ones should I move to a dynamic file under /etc/traefik?

also i wanted to ask if once i edit a dynamic file reload it in traefik , without having to restart traefik itself, since during the restart all the services behind it are made unavailable

docker-compose.yml:

#version: '3.9'

services:
  traefik-mgmt-01:
    image: traefik:latest
    container_name: traefik-mgmt-01
    #environment:
    #  - HTTP_PROXY=http://10.140.9.13:23128
    #  - HTTPS_PROXY=http://10.140.9.132:3128
    #  - NO_PROXY=localhost,127.0.0.1,::1      
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
        #- 5432:5432
      - 9200:9200
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config/:/etc/traefik/
      - /nas/logs/traefik-mgmt-01:/var/log/traefik
      - /etc/hosts:/etc/hosts:ro
    networks:
      - Proxy
    logging:
      driver: "json-file" # Continua a usare json-file
      options:
        tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}"

networks:
  Proxy:
    external: true

traefik.yml:

global:
  checkNewVersion: true
  sendAnonymousUsage: false  # true by default

serversTransport:
  insecureSkipVerify: false
  rootCAs:
    - /etc/traefik/certs/ca.pem

log:
  level: DEBUG
  format: json 
  filePath: /var/log/traefik/traefik-mgmt-01.log

accesslog:
   format: json 
   filePath: /var/log/traefik/traefik-mgmt-01.access

api:
  dashboard: true
  insecure: false

entryPoints:
  web:
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
    address: :80
    forwardedHeaders:
        insecure: true
  websecure:
    address: :443
    forwardedHeaders:
        insecure: true
    transport:
      respondingTimeouts:
        readTimeout: 0
        writeTimeout: 0
        idleTimeout: 0

  postgres:
    address: :5432
    forwardedHeaders:
        insecure: true
  node-exporter:
    address: :9100
    forwardedHeaders:
        insecure: true  
  ping:
    address: ":8080"
ping:
  entryPoint: "ping"
tls:
  Certificates:
    - certFile: /etc/traefik/certs/cert.pem
      keyFile: /etc/traefik/certs/cert-key.pem    
providers:
  docker:
    exposedByDefault: false
    endpoint: 'unix:///var/run/docker.sock'
    watch: true
  file:
    # watch for dynamic configuration changes
    directory: /etc/traefik
    watch: true

metrics:
  prometheus:
    #entryPoint: metrics
    addEntryPointsLabels: true
    addRoutersLabels: true
    addServicesLabels: true
    manualRouting: true
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0

http:
  middlewares:
    remove-referer:
      headers:
        customRequestHeaders:
          Referer: ""
    frame-sameorigin:
      headers:
        customResponseHeaders:
          X-Frame-Options: "SAMEORIGIN"
    auth:
      basicAuth:
        usersFile: "/etc/traefik/conf/.htpasswd"
        removeHeader: false
    blockpath:
      plugin:
          blockpath:
            Regex:
             - ^/user-settings/user-change-password(.*)
             - ^/forgot-password(.*)
    ipwhitelist:
      ipWhiteList:
        sourceRange:
          - "10.0.68.0/24"   
          - "10.0.67.0/24"       
experimental:
  plugins:
    ldapAuth:
      moduleName: "github.com/wiltonsr/ldapAuth"
      version: "v0.1.9"

/etc/traefik/mgmt.yml

http:
  routers:
    traefik-metrics:
      rule: "Host(`rproxy-metrics.***.it`)"
      entryPoints:
        - websecure
      service: prometheus@internal
      tls: true
    traefik-dashboard:
      rule: Host(`rproxy-mgmt.***.it`) #&& (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
      service: api@internal
      entryPoints:
        - websecure
      tls: true
      #middlewares:
      #  - ldapAuth
  services:

Thanks