Hi,
I am using Traefik inside a podman pod with the docker provider. The docker-provider is connected to the podman socket (this works fine).
If a new container is started, podman recognizes it, and tries to call letsencrypt. After about 30 seconds I get the following error message:
cannot get ACME client get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory\": dial tcp 172.65.46.172:443: i/o timeout
So I try wget from inside the traefik container and it works fine:
podman exec -it traefik wget -O - -S https://acme-staging-v02.api.letsencrypt.org/directory
Connecting to acme-v02.api.letsencrypt.org (172.65.46.172:443)
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Jul 2021 16:36:52 GMT
Content-Type: application/json
Content-Length: 658
Connection: close
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
...body removed...
So I think it isn't a networking (routing or firewall) problem. What are my thinking errors?
traefik.yml
log:
level: DEBUG
api:
insecure: true
dashboard: true
providers:
docker: {}
certificatesResolvers:
letsencrypt:
acme:
email: my-mail@example.com # REPLACED
storage: acme.json
tlsChallenge: {}
caserver: https://acme-staging-v02.api.letsencrypt.org/directory
podman:
podman network create traefik_backbone -ip-range 10.0.1.0/24
podman pod create --name traefik_pod --network traefik_backbone
podman container run --rm --name traefik --pod traefik_pod --expose 8080 --expose 8000 \
--volume /srv/podman/traefik/config/traefik.yml:/etc/traefik/traefik.yml \podman container run --rm --name traefik --pod traefik_pod --expose 8080 --expose 8000 \
--volume /srv/podman/traefik/config/traefik.yml:/etc/traefik/traefik.yml \
--volume /srv/podman/podman.sock:/var/run/docker.sock \
traefik:2.4