Invalid rule Host(`my.domain.com) && Path(`/notifications/hub`) Vaultwarden

sand3rk · August 3, 2022, 11:03am

Error in Portainer Traefik log:

time="2022-08-03T12:53:09+02:00" level=error msg="invalid rule Host(`my.domain.com') && Path(`/notifications/hub`), error: 1:55: raw string literal not terminated" entryPointName=websecure routerName=bitwarden-websocket-https@docker
time="2022-08-03T12:53:09+02:00" level=error msg="error while parsing rule Host(`my.domain.com') && Path(`/notifications/hub`): 1:55: raw string literal not terminated" entryPointName=websecure routerName=bitwarden-websocket-https@docker

Other non-websocket proxy's are working fine.

Traefik docker-compose.yml:

version: "3.9"
services:
  traefik:
    image: traefik:v2.8.1
    container_name: traefik
    restart: always
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
      - socket_proxy
    ports:
      - 80:80
      - 443:443
    command:
      # default commands
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443

      # Socket-proxy
      - --providers.docker.endpoint=tcp://socket-proxy:2375
      
      # Redirect to SSL
      #- --entryPoints.web.http.redirections.entryPoint.to=websecure     # ^ If trying to access service using port 80 redirect to 443
      #- --entryPoints.web.http.redirections.entryPoint.scheme=https     # ^ If trying to access service using http redirect to https
      #- --entryPoints.web.http.redirections.entrypoint.permanent=true  

      # Logging
      #- --log=true
      #- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      #- --accessLog=true
      #- --accessLog.filePath=/traefik.log
      #- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      #- --accessLog.filters.statusCodes=400-499

      # Enable the dashboard
      #- --api.dashboard=true

      # Cloudflare
      # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
      - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
      #- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory 
      - --certificatesResolvers.dns-cloudflare.acme.email=
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90
    environment:
      - CF_API_EMAIL=
      - CF_API_KEY=
      - CF_DNS_API_TOKEN=
    volumes:
      - /etc/localtime:/etc/localtime:ro
      #- /var/run/docker.sock:/var/run/docker.sock:ro
      #- /home/sander/containers/traefik.yml:/traefik.yml:ro
      - /home/sander/containers/cc/traefik/acme.json:/acme.json
      - /home/sander/containers/cc/traefik/traefik.log:/traefik.log
    labels:
      - traefik.enable=true
      # Dashboard:
      #- traefik.docker.network=proxy
      #- "traefik.http.routers.traefik.rule=Host(`my.domain.com`)"
      #- "traefik.http.routers.traefik.entrypoints=websecure"
      #- "traefik.http.routers.traefik.tls.certresolver=dns-cloudflare"
      #- "traefik.http.routers.traefik.service=api@internal"

      # FIRST RUN? Wait a few minutes before wildcard certificate is in acme.json
      #- "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
      - "traefik.http.routers.traefik-rtr.tls.domains[0].main=domain.com" 
      - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.domain.com"
#      - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$SECONDDOMAINNAME" # Pulls main cert for second domain
#      - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$SECONDDOMAINNAME" # Pulls wildcard cert for second domain

Bitwarden docker-compose.yml

# docker-compose.yml
version: '3.9'

services:
  bitwarden:
    image: vaultwarden/server:latest
    container_name: bitwardenrs
    restart: always
    volumes:
      - /home/sander/containers/cc/bitwarden-data/:/data
    environment:
#      - ADMIN_TOKEN=
      - WEBSOCKET_ENABLED=true
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.bitwarden-ui-https.tls.certresolver=dns-cloudflare
      - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
      - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
      - traefik.http.routers.bitwarden-ui-https.rule=Host(`my.domain.com`)
      - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-ui-https.tls=true
      - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui
      - traefik.http.routers.bitwarden-ui-http.rule=Host(`my.domain.com`)
      - traefik.http.routers.bitwarden-ui-http.entrypoints=web
      - traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https
      - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui
      - traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
      #- traefik.http.routers.bitwarden-websocket-https.tls.certresolver=dns-cloudflare
      - "traefik.http.routers.bitwarden-websocket-https.rule=Host(`my.domain.com) && Path(`/notifications/hub`)"
      - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-websocket-https.tls=true
      - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
      - "traefik.http.routers.bitwarden-websocket-http.rule=Host(`my.domain.com`) && Path(`/notifications/hub`)"
      - traefik.http.routers.bitwarden-websocket-http.entrypoints=web
      - traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https
      - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
      - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012

swiver · August 11, 2022, 12:11am

You may only use backticks when you quote your host. The log is very clear when it says raw string literal not terminated, you have not provided a second backtick somewhere in your config.

Your error relates to this non-terminated backtick on this line:

  - "traefik.http.routers.bitwarden-websocket-https.rule=Host(`my.domain.com) && Path(`/notifications/hub`)"

Topic		Replies	Views
Error while parsing rule Host Traefik v3 (latest) dashboard-api	2	17	December 19, 2024
Traefik loading old rules? Traefik v3 (latest) docker	5	68	August 4, 2024
What's wrong with my configuration Traefik v2 docker	10	1426	February 12, 2023
Error while parsing rule Host() && (PathPrefix(): 1:24: expected ')', found newline Traefik v2 consul-catalog	4	9858	August 17, 2020
Docker provider applies unexpected rule Traefik v2 docker	2	668	July 16, 2021

Invalid rule Host(`my.domain.com) && Path(`/notifications/hub`) Vaultwarden

Related topics