One more docker with identical config leads to Gateway tiemout for that docker

Traefik Traefik v2
1

Hi there,
I've been using traefik to route to several subdomains and it all works swell.
I decided to add a wordpress + mysql dockers in same yml file.
I litteraly copied the traefik labels configuration from another docker and modified it to wordpress purpose, and I'm just getting a gateway timeout message.
I checked traefik logs, nothing.

The wordpress instance shows up well on its local network port, but not using subdomain.mydomain.org.

wordpress:
    image: wordpress
    restart: unless-stopped
    secrets:
      - mysqlwordpress_password
    container_name: wordpress
    labels:
      - com.centurylinklabs.watchtower.enable=true
      - traefik.enable=true
      - traefik.http.routers.wordpress.rule=Host(`wordpress.${DOMAINNAME}`)
      - traefik.http.routers.wordpress.entrypoints=websecure
      - traefik.http.routers.wordpress.middlewares=chain-authelia@file   
      - traefik.http.routers.wordpress.service=wordpress@docker
      - traefik.http.routers.wordpress.tls=true
      - traefik.http.routers.wordpress.tls.certresolver=letsEncrypt
      - traefik.http.services.wordpress.loadbalancer.server.port=80
    ports:
      - "8085:80"
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - WORDPRESS_DB_HOST=mysql:3306
      - WORDPRESS_DB_USER=user
      - WORDPRESS_DB_PASSWORD=/run/secrets/mysqlwordpress_password
      - WORDPRESS_DB_NAME=wordpress
    volumes:
      - ${APP_DATA_DIR}/wordpress:/var/www/html
    depends_on:
      - mysql

this config is exactly the same as for my other subdomains, and it shows up at localhost:8085

There is one thing that I thought could be the issue, since Traefik is already using port 80, is it a possibility that since wordpress uses 80 as internal port, and the loadbalancer is on that port that it screws it all up ?

thanks for any ideas.
Cheers.

2

Hi @wisbit,

multiple containers with the same port are no problem.

Are traefik and this wordpress container in the same docker network? I don't see any network configuration here.
Could be an idea to create an external docker network and use this network in all your containers providing services for traefik.

Wolfgang

3

Hi @wollomatic ,
Thanks for the reply. I did check that, they are both in same internal network and in the same stack. And wordpress is in another network as well, specifically to communicate with its mysql container.

Wisbit

1 Like
4

This is the traefik bit:

 traefik:
    image: "traefik:latest"
    container_name: "traefik"
    labels:
      - com.centurylinklabs.watchtower.enable=true
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`traefik.${DOMAINNAME}`)
      - traefik.http.routers.api.entrypoints=websecure
      - traefik.http.routers.api.middlewares=chain-authelia@file
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.api.tls=true
      - traefik.http.routers.api.tls.certresolver=letsEncrypt
      - traefik.http.services.api.loadbalancer.server.port=8083
      - traefik.port=8083
    ports:
      - "80:80"
    #  - "8080:8080"
      - "443:443"
    environment:
       - DOCKER_HOST=tcp://socket-proxy:2375
       - HTPASSWD_FILE=/run/secrets/.htpasswd
    volumes:
     # - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - ${APP_DATA_DIR}/traefik:/etc/traefik
      - ${APP_DATA_DIR}/traefik/acme.json:/acme.json
      - ${APP_DATA_DIR}/traefik/rules:/rules
      - ${SHARED_DIR}:/shared
      - ${APP_DATA_DIR}/secrets:/secrets
     # - TZ=${TZ}
    secrets:
      - htpasswd  
    networks:
      socket_proxy:
      web:
      internal:
    restart: unless-stopped

This is another container that works without issues

komga:
    image: gotson/komga
    container_name: komga
    labels:
      - com.centurylinklabs.watchtower.enable=true
      - traefik.enable=true
      - traefik.http.routers.komga.rule=Host(`komga.${DOMAINNAME}`)
      - traefik.http.routers.komga.entrypoints=websecure
      - traefik.http.routers.komga.service=komga@docker
      - traefik.http.routers.komga.tls=true
      - traefik.http.routers.komga.tls.certresolver=letsEncrypt
      - traefik.http.services.komga.loadbalancer.server.port=8080
      ## Middlewares
      - traefik.http.routers.komga.middlewares=chain-authelia@file
    volumes:
      - ${SHARED_DIR}:/shared
      - ${MEDIA_SHARE}:${MEDIA_SHARE}
      - ${APP_DATA_DIR}/komga:/config
      - /etc/timezone:/etc/timezone:ro
    environment:
      - KOMGA_REMEMBERME_KEY=--- #required to activate the remember-me auto-login via cookies
      - KOMGA_REMEMBERME_VALIDITY=2592000 #validity of the cookie in seconds, here 1 month
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - LOGGING_LEVEL_ORG_GOTSON_KOMGA=DEBUG
    restart: unless-stopped
    ports:
      - 2302:8080
    networks:
      - internal

And this is the wordpress one, renamed "blc"

  blc:
    image: wordpress
    restart: unless-stopped
    secrets:
      - mysqlwordpress_root_password
    container_name: blc
    labels:
      - com.centurylinklabs.watchtower.enable=true
      - traefik.enable=true
      - traefik.http.routers.blc.rule=Host(`blc.${DOMAINNAME}`)
      - traefik.http.routers.blc.entrypoints=websecure
      ## Middlewares
      - traefik.http.routers.blc.middlewares=chain-authelia@file   
      - traefik.http.routers.blc.service=blc@docker
      - traefik.http.routers.blc.tls=true
      - traefik.http.routers.blc.tls.certresolver=letsEncrypt
      - traefik.http.services.blc.loadbalancer.server.port=80
    ports:
      - "8085:80"
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - WORDPRESS_DB_HOST=mysql:3306
      - WORDPRESS_DB_USER=user
      - WORDPRESS_DB_PASSWORD=/run/secrets/mysqlwordpress_root_password
      - WORDPRESS_DB_NAME=wordpress
    volumes:
      - ${APP_DATA_DIR}/blc:/var/www/html
    depends_on:
      - mysql
    networks:
      - internal
      - backend
5

I don't see any obvious error in the config.
I guess you checked the dashboard and the connection between router/middleware/service is okay?
Did you set traefik's log level to debug?
Maybe it's worth to try it without authelia.

6

yes it's super weird.
I checked the dashboard for any errors or warnings, I checked that all connection went well.
I did also set traefik log to debug but I didn't spot anything special, no error message for that container.
I will try because "who knows" but Authelia seems to be working fine. I added an authelia policy for that website to bypass authelia 2FA, if I remove that policy it goes well to authelia, requests 2FA, and then and only then does it give me the error message.
I'll be posting the results of removing authelia entirely for this container later.

Cheers

7

Hi,
So I tried removing authelia entirely but to no avail. I get gateway timeout systematically.
It's very confusing. The only thing I am thinking about is the loadbalancing port 80. If i change it to something else, it doesn't work. If I remove the line about loadblancer, I get an error in traefik saying the service blc@docker doesn't exist (because the service is now called blc-blc@docker.
Cheers for any help.

8

I found a way to change wordpress container internal port, and that way I now know for sure that the fact that its loadbalancer that was on port 80, doesn't get into conflict with traefik.
But the issue still remains. wordpress.mydomain.com is still in "Gateway Timeout"
I can't find any reason or clues that could help me figure out why.
Config is virtually the same as many other containers in the stack that all respond where requested with a subdomain.domain.org url.

9

I discovered that the wordpress container is exposing port 80.
I know that traefik is also busy with port 80.
Is that possible that this exposed port makes traefik unable to route to it due to the confusion ?

Cheers for the answers.

10

Hello, wisbit, I got the same problem, I found a clue from access.log and I saw the 504 error, but I don't know how to troubleshoot it yet

11

Hi @wisbit and @Anonymous-Martian,
Thanks for you interest in Traefik.

The 504 - Gateway Timeout error often occurs when the service is not accessible from Traefik.
In case of multiple networks, Traefik does know which one to use. You can have a look here.

NOTE: The label described in the linked answer is also available on a per-container basis.