Hi all, I'm having two errors. It's funny that everything works, but I see errors in console, wanted to create a bug, but decided to put my configuration here first.
- Middleware does not exist - I have a middleware which is configured in a file, traefik itself and frontend described as services in docker-compose file, for some reasons front-end service can't find middleware declared in a file. Previously I declared middleware under traefik services but got the same error. I thought that was an expected behavior so I put meddleware in file. But still got an error.
- Once I implemented let's encrypt resolver I started getting "accept tcp [::]:80:" errors when starting the server. But I successfully obtain certs, idk what's wrong.
Errors:
shakemill_proxy.1.pf6i07bexlyw@ip-172-31-37-122.eu-west-1.compute.internal | time="2021-02-21T01:21:24Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
shakemill_proxy.1.pf6i07bexlyw@ip-172-31-37-122.eu-west-1.compute.internal | time="2021-02-21T01:21:24Z" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=web
shakemill_proxy.1.pf6i07bexlyw@ip-172-31-37-122.eu-west-1.compute.internal | time="2021-02-21T01:21:24Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=websecure
shakemill_proxy.1.pf6i07bexlyw@ip-172-31-37-122.eu-west-1.compute.internal | time="2021-02-21T01:21:24Z" level=error msg="Error while starting server: accept tcp [::]:443: use of closed network connection" entryPointName=websecure
shakemill_proxy.1.pf6i07bexlyw@ip-172-31-37-122.eu-west-1.compute.internal | time="2021-02-21T01:21:24Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
shakemill_proxy.1.pf6i07bexlyw@ip-172-31-37-122.eu-west-1.compute.internal | time="2021-02-21T01:21:24Z" level=error msg="Error while starting server: http: Server closed" entryPointName=websecure
shakemill_proxy.1.pf6i07bexlyw@ip-172-31-37-122.eu-west-1.compute.internal | time="2021-02-21T01:21:25Z" level=error msg="middleware \"wwwtohttps@file\" does not exist" entryPointName=websecure routerName=shakemill-frontend-https@docker
shakemill_proxy.1.qp1cl6d0gcmz@ip-172-31-37-122.eu-west-1.compute.internal | time="2021-02-21T01:21:36Z" level=info msg="Configuration loaded from flags."
conf file:
http:
middlewares:
wwwtohttps:
redirectRegex:
permanent: true
regex: "^https?://(?:www\\.)?(.+)"
replacement: "https://${1}"
docker-compose:
version: "3.5"
services:
proxy:
image: traefik:v2.4
ports:
- 80:80
- 443:443
networks:
- traefik-public
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- letsencrypt:/letsencrypt
- ./traefik-conf.yml:/traefik-conf.yml
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Referring to a dynamic configuration file
- --providers.file.filename=/traefik-conf.yml
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
# Entrypoints
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
# Redirect http -> https
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
# Let's encrypt
- --certificatesresolvers.${STACK_NAME?Variable not set}-resolver.acme.tlschallenge=true
# Uncomment the next line for using fake let's encrypt certificates
- --certificatesresolvers.${STACK_NAME?Variable not set}-resolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
# Email for certificates
- --certificatesresolvers.${STACK_NAME?Variable not set}-resolver.acme.email=schukinpeter@gmail.com
# Path to certificate storage, here is a global volume
- --certificatesresolvers.${STACK_NAME?Variable not set}-resolver.acme.storage=/letsencrypt/acme.json
deploy:
placement:
constraints:
- node.role == manager
labels:
# Enable Traefik for this service, to make it available in the public network
- traefik.enable=true
# Use the traefik-public network (declared below)
- traefik.docker.network=traefik-public
# This public Traefik will only use services with this label
- traefik.constraint-label=${STACK_NAME?Variable not set}
# Dashboard URL rule
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.rule=Host(`${DOMAIN?Variable not set}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
# Entry point
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.entrypoints=websecure
# Link traefik with api
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.service=api@internal
# Enable auth
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.middlewares=${STACK_NAME?Variable not set}-auth
# A name of a TLS resolver
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.tls.certResolver=${STACK_NAME?Variable not set}-resolver
# Redirect www -> non-www
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.middlewares=wwwtohttps@file
# Auth credentials
- traefik.http.middlewares.${STACK_NAME?Variable not set}-auth.basicauth.users=admin:$$apr1$$pPnYrI4S$$AGuxYWHAds2.AqoXH2gyw1
# Dummy service for Swarm port detection
- traefik.http.services.${STACK_NAME?Variable not set}-proxy.loadbalancer.server.port=80
frontend:
image: registry.gitlab.com/schukinpeter/shakemill/shakemill-ui
networks:
- traefik-public
deploy:
labels:
# Enable Traefik for this service
- traefik.enable=true
# Add a constraint to only use services with the label for this stack
- traefik.constraint-label-stack=${STACK_NAME?Variable not set}
# Add https entrypoint
- traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.entrypoints=websecure
# Host rule, also need for obtaining https certs
- traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.rule=Host(`${DOMAIN?Variable not set}`,`www.${DOMAIN?Variable not set}`)
# Certsresolvers for https
- traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.tls.certresolver=${STACK_NAME?Variable not set}-resolver
# Redirect www -> non-www
- traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.middlewares=wwwtohttps@file
# Point to a port that this service exposes
- traefik.http.services.${STACK_NAME?Variable not set}-frontend.loadbalancer.server.port=3000
networks:
traefik-public:
external: true
volumes:
letsencrypt: