No domain parsed in provider ACME

Traefik Traefik v2
1

Dear Community,

I'm facing an issue for a couple of days that I cannot solve. This is related to serving a website on let's encrypt using a HostRegexp as a domain. I'm getting this error message:

time="2020-03-11T19:16:11Z" level=debug msg="No domain parsed in provider ACME" routerName=gitlab2@docker rule="HostRegexp(cs-gitlab.hidden.ch, {subdomain:[a-z]+}.cs-gitlab.hidden.ch)" providerName=letsencrypt_resolver.acme

If I convert HostRegexp to Host and supply some fixed subdomains, it works great, so I suspect this is the issue.

I only use docker-compose to configure Traefik. I have one for traefik by itself:

version: '3.4'

services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:v2.1
    restart: always
    command:
      # Minimal configuration
      - --providers.docker
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      # Authorize the web server to have self-signed certificates
      - --serverstransport.insecureskipverify=true
      # Configure Let's Encrypt to automatically generate TLS certificates
      - --certificatesResolvers.letsencrypt_resolver.acme.email=hidden@a.c
      - --certificatesResolvers.letsencrypt_resolver.acme.storage=/ssl/acme.json
      - --certificatesResolvers.letsencrypt_resolver.acme.httpChallenge.entryPoint=web
      # Enable to increase the verbosity of the logs of Traefik
      # - --log.level=DEBUG
    labels:
      # Redirect HTTP to HTTPS
      traefik.http.routers.http_catchall.rule: HostRegexp(`{any:.+}`)
      traefik.http.routers.http_catchall.entrypoints: web
      traefik.http.routers.http_catchall.middlewares: https_redirect
      traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
      traefik.http.middlewares.https_redirect.redirectscheme.permanent: 'true'
    ports:
      # the HTTP port
      - 80:80
      # The HTTPS port
      - 443:443
    volumes:
      - traefik-ssl:/ssl
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  traefik-ssl:

networks:
  default:
    external:
      name: traefik_network

And the second one for an application (here gitlab):

version: '3.4'

services:
  gitlab-certificates-generation:
    build:
      context: ./certs
      dockerfile: Dockerfile
    volumes:
      - 'gitlab-ssl:/ssl'
    entrypoint: openssl req -x509 -nodes -days 3650 -newkey rsa:3072 -keyout /ssl/cs-gitlab.hidden.ch.key | 
      -out /ssl/cs-gitlab.hidden.ch.crt  -subj "/C=CH/ST=hidden/L=hidden/O=hidden/OU=IIUN/CN=cs-gitlab.hidden.ch" 
      -addext "subjectAltName = DNS:cs-gitlab.hidden.ch, DNS:*.cs-gitlab.hidden.ch"

  gitlab:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'cs-gitlab.hidden.ch'
    privileged: true
    depends_on: 
      - gitlab-certificates-generation
    healthcheck:
      disable: true
    environment:
      GITLAB_SSH_PORT: 2200
      GITLAB_OMNIBUS_CONFIG: |
        ..some config..
    ports:
      - '2200:22'
    volumes:
      - 'gitlab-config:/etc/gitlab'
      - 'gitlab-log:/var/log/gitlab'
      - 'gitlab-data:/var/opt/gitlab'
      - 'gitlab-pages:/var/opt/gitlab/gitlab-rails/shared/pages'
      - 'gitlab-ssl:/etc/gitlab/ssl'
    labels:
      - traefik.http.routers.gitlab.rule=HostRegexp(`cs-gitlab.hidden.ch`, `{subdomain:[a-z]+}.cs-gitlab.hidden.ch`)
      - traefik.http.routers.gitlab.tls=true
      - traefik.http.services.gitlab.loadbalancer.server.scheme=https
      - traefik.http.services.gitlab.loadbalancer.server.port=443
      - traefik.http.routers.gitlab.tls.certresolver=letsencrypt_resolver

volumes:
  gitlab-config:
  gitlab-log:
  gitlab-data:
  gitlab-pages:
  gitlab-ssl:

networks:
  default:
    external:
      name: traefik_network

Any help would be greatly appreciated ! Many thanks !

2

Hello,

the automatic detection of the domain wroks with the Host rule (not with HostRegexp)

https://docs.traefik.io/v2.1/https/acme/#domain-definition

So you have to define explicitly the domains

https://docs.traefik.io/v2.1/routing/providers/docker/#routers

    labels:
      - traefik.http.routers.gitlab.rule=HostRegexp(`cs-gitlab.hidden.ch`, `{subdomain:[a-z]+}.cs-gitlab.hidden.ch`)
      - traefik.http.routers.gitlab.tls=true
      - traefik.http.services.gitlab.loadbalancer.server.scheme=https
      - traefik.http.services.gitlab.loadbalancer.server.port=443
      - traefik.http.routers.gitlab.tls.certresolver=letsencrypt_resolver
      - traefik.http.routers.gitlab.tls.domains[0].main=cs-gitlab.hidden.ch
      - traefik.http.routers.gitlab.tls.domains[0].sans=*.cs-gitlab.hidden.ch