Hi, moved to Traefik quite recently after using NPM for a long time - so far I'm loving Traefik very much.
But I got a strange issue
so my setup is as following (as a preface - I'm using traefik not in Docker, and non of my services are in docker, they're all on VMs/LXCs with their own IPs)
- I have a home lab with a local DNS and broadcasting it via my router.
- I got a public domain going to my home lab -
XYZ.com
and port forwarded from my router to my Traefik VM (previously my NPM VM) - I had (on NPM) a local domain -
local.XYZ.com
that suppose to serve services ONLY on local network - All public services were accessibly on
1.XYZ.com, 2.XYZ.com
and all local services on3.local.XYZ.com
and so on - ALL services (both public and internal) had a valid LE cert and redirected from http -> https
In my current setup -
I've replaced NPM with Traefik
I could not find a way to set up a *.local.XYZ.com
setup (if anybody knows, please if you could share?)
In the meantime I've set ALL services on my public domain XYZ.com
, and added a ipAllowList
middleware only for the local services (figured I'd solve this issue like that)
The issue that happened - is that SOMETIMES (I could not figure a reproducible way to make that happen) even though I'm on my local network - accessing any of the local services, I'd still get a 403 Forbidden error (after several minutes it passes, so if I use a different browser, but not always) - which makes me think that I've setup something wrong and make me nervous as well to host all those on my public domain to start with..
Thank you for reading so far, next i'll post of snippets from my setup to help you see the current place i'm in:
entryPoints:
entryPoints:
websecure:
address: :443
proxyProtocol:
insecure: false
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.1/24"
forwardedHeaders:
insecure: false
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.1/24"
http:
tls:
certResolver: cloudflare
domains:
- main: "*.XYZ.com"
sans:
- "XYZ.com"
middleware:
http:
middlewares:
local-iplist:
ipAllowList:
sourceRange:
- "127.0.0.1/32"
- "192.168.1.1/24"
internal service and router:
services:
serviceA:
loadBalancer:
servers:
- url: "http://ip:port"
routers:
routerA:
rule: "Host(`serviceA.XYZ.com`)"
entryPoints:
- websecure
middlewares:
- local-iplist
service: "serviceA"
If anybody needs anymore information, please reply and i'll add it promptly.
Thank you in advance.