I am trying to migrate from version 1.7.x to 2.3.x. I have been following the Blog by Anand at Smart Home beginner,
He uses Cloudflare which i thought i would make the jump to but i get tons of wired issues so i pulled it back to stay with GoDaddy for now and got the same issues so thought let me stick with fixing GoDaddy first before creating unknown issues caused by the change of service.
I restored to the config file to just try and get a comparable setup to migrate from then i could moved to the Docker CLI spin up and eventually think about moving to Cloudflare for the protection
Thanks in advance for any help trying to get this resolved.
Environment
Domain host is: GoDaddy
Docker version: 19.03.13
Docker host OS & version:linux x86_64 Ubuntu 20.04.1 LTS
ISP: Virgin Media
Old config
Traefik 1 docker version = 1.7.20
traefik.toml
real domain names have been changed
debug = true
logLevel = "WARN" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
defaultEntryPoints = ["http", "https"]
InsecureSkipVerify = true
# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations
[web]
address = ":8093"
[web.auth.basic]
usersFile = "/shared/.htpasswd"
[entryPoints.traefik]
address = ":8093"
[entryPoints.traefik.auth.basic]
# get md5 from htpasswd or http://www.htaccesstools.com/htpasswd-generator/
usersFile = "/shared/.htpasswd"
[api]
entryPoint = "traefik"
dashboard = true
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[file]
directory = "/etc/traefik/rules/"
watch = true
# Let's encrypt configuration
[acme]
email = "user@email.com" #any email id will work
storage="/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging=true
onDemand = false #create certificate when container is created
onHostRule = true
#caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
#[acme.httpChallenge]
#entryPoint = "http"
[acme.dnsChallenge]
provider = "godaddy"
delayBeforeCheck = 30
[[acme.domains]]
# sans = "plex.manningmadness.com"
main = "myexample.com"
# Connection to docker host system (docker.sock local .95)
[docker]
# endpoint = "unix:///var/run/docker.sock"
domain = "myexample.com.com"
watch = true
# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false
# # Metrics definition
# [metrics]
# # To enable Traefik to export internal metrics to Prometheus
# [metrics.prometheus]
# # Name of the related entry point
# entryPoint = "traefik"
# # Buckets for latency metrics
# buckets = [0.1,0.3,1.2,5.0]
Traefik 2.3 docker version: v2.3.2
traefik.yml
# Static Configuration
global:
checkNewVersion: true
sendAnonymousUsage: true
log:
level: Debug
accessLog:
filePath: "/traefik.log"
bufferingSize: 100
filters:
statusCodes: # Show client error type codes
- "400-499"
api:
dashboard: true
# pilot:
# token: "xxxxxxxxxxxxxxxxxxxx"
entryPoints:
http:
address: ":80"
http:
redirections: # global redirect, remove and set at router level if needed
entrypoint:
to: https
scheme: https
https:
address: ":443"
http:
tls:
# options:
# # - "/config/tls-opts.yml"
# - "/config/tls-opts@file"
certResolver: dns-godaddy
domains:
- main: "myexample.com"
# sans:
# - "*.myexample.com"
traefik:
address: ":8093"
providers:
docker:
endpoint: "tcp://socket_proxy:2375"
# defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\" }}.$DOMAINNAME1`)"
exposedByDefault: false
network: t2_proxy
file:
directory: "/rules"
watch: true
certificatesResolvers:
dns-godaddy:
acme:
email: "user@email.com"
storage: "/acme/acme.json"
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
httpChallenge:
# used during the challenge
entryPoint: https
dnsChallenge:
provider: godaddy
delayBeforeCheck: 15
resolvers:
- "8.8.8.8:53"
# - "173.201.74.17:53"```
Traefik 2.3 log
time="2020-11-16T17:39:49Z" level=debug msg="Adding tracing to middleware" middlewareName=middlewares-secure-headers@file entryPointName=https routerName=traefik-rtr@docker
time="2020-11-16T17:39:49Z" level=debug msg="Creating middleware" routerName=traefik-rtr@docker middlewareName=middlewares-rate-limit@file middlewareType=RateLimiterType entryPointName=httpstime="2020-11-16T17:39:49Z" level=debug msg="U>
time="2020-11-16T17:39:49Z" level=debug msg="Adding tracing to middleware" middlewareName=middlewares-rate-limit@file entryPointName=https routerName=traefik-rtr@docker
time="2020-11-16T17:39:49Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-11-16T17:39:49Z" level=debug msg="No default certificate, generating one"
time="2020-11-16T17:39:49Z" level=debug msg="No domain parsed in provider ACME" providerName=dns-godaddy.acme routerName=authelia-rtr@docker rule="HostHeader(authelia.myexample.com
)"
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Domains ["myexample.com"] need ACME certificates generation for domains "myexample.com"." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Loading ACME certificates [myexample.com]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Building ACME client..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="No ACME certificate generation required for domains ["myexample.com"]." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="No ACME certificate generation required for domains ["myexample.com"]." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="No ACME certificate generation required for domains ["myexample.com"]." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="No ACME certificate generation required for domains ["myexample.com"]." providerName=dns-godaddy.acme
time="2020-11-16T17:39:50Z" level=debug msg="Using DNS Challenge provider: godaddy" providerName=dns-godaddy.acme
time="2020-11-16T17:39:50Z" level=debug msg="Using HTTP Challenge provider." providerName=dns-godaddy.acme
time="2020-11-16T17:39:50Z" level=debug msg="legolog: [INFO] [myexample.com] acme: Obtaining bundled SAN certificate"
time="2020-11-16T17:39:51Z" level=debug msg="legolog: [INFO] [myexample.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/155803414"
time="2020-11-16T17:39:51Z" level=debug msg="legolog: [INFO] [myexample.com] acme: Could not find solver for: tls-alpn-01"
time="2020-11-16T17:39:51Z" level=debug msg="legolog: [INFO] [myexample.com] acme: use http-01 solver"
time="2020-11-16T17:39:51Z" level=debug msg="legolog: [INFO] [myexample.com] acme: Trying to solve HTTP-01"
time="2020-11-16T17:39:51Z" level=debug msg="Serving default certificate for request: "myexample.com""
time="2020-11-16T17:39:51Z" level=debug msg="Remote error http://authelia:9091/api/verify?rd=https://authelia.myexample.com. StatusCode: 401" middlewareName=middlewares-authelia@file middlewareType=ForwardedAuthType
time="2020-11-16T17:39:51Z" level=debug msg="Serving default certificate for request: "myexample.com""
time="2020-11-16T17:39:51Z" level=debug msg="Remote error http://authelia:9091/api/verify?rd=https://authelia.myexample.com. StatusCode: 401" middlewareName=middlewares-authelia@file middlewareType=ForwardedAuthType
time="2020-11-16T17:39:51Z" level=debug msg="Serving default certificate for request: "myexample.com""
time="2020-11-16T17:39:52Z" level=debug msg="Serving default certificate for request: "myexample.com""
time="2020-11-16T17:39:52Z" level=debug msg="Remote error http://authelia:9091/api/verify?rd=https://authelia.myexample.com. StatusCode: 401" middlewareName=middlewares-authelia@file middlewareType=ForwardedAuthType
time="2020-11-16T17:39:52Z" level=debug msg="Remote error http://authelia:9091/api/verify?rd=https://authelia.myexample.com. StatusCode: 401" middlewareName=middlewares-authelia@file middlewareType=ForwardedAuthType
time="2020-11-16T17:39:57Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/155803414"
time="2020-11-16T17:39:57Z" level=debug msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/155803414"
time="2020-11-16T17:39:57Z" level=error msg="Unable to obtain ACME certificate for domains "myexample.com" : unable to generate a certificate for the domains [myexample.com]: error: one or more domains had a problem:\n[myexample.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from https://myexample.com/.well-known/acme-challenge/knWSqg3mkHD_Wgsggsm6f2BOZrfvAGQWsT7pjj0UbrVM [xxx.xxx.xxx.xxx]: 401, url: \n" providerName=dns-godaddy.acme