Port 80 blocked by ISP

sickmitch · July 26, 2024, 5:32am

I've been happily using traefik for around a year to publish my services to the internet, then i changed ISP to find out he blocks port 80 for remote router managing.
Trying to setup my resolution path to workaround this problem i can't get it to work, i land on a unknown page with no certficates info or proprietary info. I use a clouflare domain pointing to a ddns service pointing to my real IP but to a different then 80 port. Can you spot what I am doing wrong?
Trying to dig to the domain i get this IP, not mine, 34.199.8.144.

bluepuma77 · July 26, 2024, 5:44am

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

But if you don't get the right IP in the first place, it's probably not a Traefik issue.

sickmitch · July 26, 2024, 5:58am

For sure, here it is! This is a simplified all-in-one docker-compose i'm using while troubleshooting.. I forgot to mention, if i try to dig domain.xy i get an amazon IP, it never resolve to mine..

services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    command:
      --api.insecure=true
      --providers.docker
      --global.checkNewVersion=true
      --global.sendAnonymousUsage=true
      --log.level=INFO
      --log.filePath=/var/log/traefik/traefik.log
      --accessLog.filePath=/var/log/traefik/access.log
      --api.dashboard=true
      --api.debug=true
      --entryPoints.web.address=":80"
      --entryPoints.websecure.address=":443"
      --serversTransport.insecureSkipVerify=true
      --providers.docker.exposedByDefault=false
      --certificatesResolvers.staging.acme.email=mail
      --certificatesResolvers.staging.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.staging.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.staging.acme.httpChallenge.entrypoint=web
      --certificatesResolvers.production.acme.email=mail
      --certificatesResolvers.production.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.production.acme.caServer="https://acme-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.production.acme.httpChallenge.entrypoint=web
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data/letsencrypt:/letsencrypt
      - ./logs:/var/log/traefik
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=staging"
      - "traefik.http.routers.traefik.entrypoints=web, websecure"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.xy`)"
      - "traefik.http.routers.traefik.service=api@internal"

sickmitch · July 26, 2024, 6:05am

This is a simplified all-iin-one i'm using while troubleshooting

services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    command:
      --api.insecure=true
      --providers.docker
      --global.checkNewVersion=true
      --global.sendAnonymousUsage=true
      --log.level=INFO
      --api.dashboard=true
      --api.debug=true
      --entryPoints.web.address=":80"
      --entryPoints.websecure.address=":443"
      --serversTransport.insecureSkipVerify=true
      --providers.docker.exposedByDefault=false
      --certificatesResolvers.staging.acme.email=mail
      --certificatesResolvers.staging.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.staging.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.staging.acme.httpChallenge.entrypoint=web
      --certificatesResolvers.production.acme.email=mail
      --certificatesResolvers.production.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.production.acme.caServer="https://acme-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.production.acme.httpChallenge.entrypoint=web
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data/letsencrypt:/letsencrypt
      - ./logs:/var/log/traefik
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=staging"
      - "traefik.http.routers.traefik.entrypoints=web, websecure"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.xy`)"
      - "traefik.http.routers.traefik.service=api@internal"

sickmitch · July 26, 2024, 6:12am

Here it is! This is a simplified version I'm using while troubleshooting, I can get to the dashboard locally with 192.168.1.20:8080 and all looks fine.

services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    command:
      --api.insecure=true
      --providers.docker
      --global.checkNewVersion=true
      --global.sendAnonymousUsage=true
      --log.level=INFO
      --log.filePath=/var/log/traefik/traefik.log
      --accessLog.filePath=/var/log/traefik/access.log
      --api.dashboard=true
      --api.debug=true
      --entryPoints.web.address=":80"
      --entryPoints.websecure.address=":443"
      --serversTransport.insecureSkipVerify=true
      --providers.docker.exposedByDefault=false
      --certificatesResolvers.staging.acme.email=mail@mail.xy
      --certificatesResolvers.staging.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.staging.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.staging.acme.httpChallenge.entrypoint=web
      --certificatesResolvers.production.acme.email=mail@mail.xy
      --certificatesResolvers.production.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.production.acme.caServer="https://acme-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.production.acme.httpChallenge.entrypoint=web
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data/letsencrypt:/letsencrypt
      - ./logs:/var/log/traefik
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=staging"
      - "traefik.http.routers.traefik.entrypoints=web, websecure"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.xy`)"
      - "traefik.http.routers.traefik.service=api@internal"

sickmitch · July 26, 2024, 6:44am

Here it is! This is a simplified version I'm using while troubleshooting, I can get to the dashboard locally with 192.168.1.20:8080 and all looks fine.

services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    command:
      --api.insecure=true
      --providers.docker
      --global.checkNewVersion=true
      --global.sendAnonymousUsage=true
      --log.level=INFO
      --log.filePath=/var/log/traefik/traefik.log
      --accessLog.filePath=/var/log/traefik/access.log
      --api.dashboard=true
      --api.debug=true
      --entryPoints.web.address=":80"
      --entryPoints.websecure.address=":443"
      --serversTransport.insecureSkipVerify=true
      --providers.docker.exposedByDefault=false
      --certificatesResolvers.staging.acme.email=mail@mail.xy
      --certificatesResolvers.staging.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.staging.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.staging.acme.httpChallenge.entrypoint=web
      --certificatesResolvers.production.acme.email=mail@mail.xy
      --certificatesResolvers.production.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.production.acme.caServer="https://acme-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.production.acme.httpChallenge.entrypoint=web
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data/letsencrypt:/letsencrypt
      - ./logs:/var/log/traefik
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=staging"
      - "traefik.http.routers.traefik.entrypoints=web, websecure"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.xy`)"
      - "traefik.http.routers.traefik.service=api@internal"

sickmitch · July 26, 2024, 11:12am

Here it is! This is a simplified version I'm using while troubleshooting, I can get to the dashboard locally with 192.168.1.20:8080 and all looks fine. If i try to reach it from outside with x.x.x.x:8880 I get a 404 instead.

services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    command:
      --api.insecure=true
      --providers.docker
      --global.checkNewVersion=true
      --global.sendAnonymousUsage=true
      --log.level=INFO
      --log.filePath=/var/log/traefik/traefik.log
      --accessLog.filePath=/var/log/traefik/access.log
      --api.dashboard=true
      --api.debug=true
      --entryPoints.web.address=":80"
      --entryPoints.websecure.address=":443"
      --serversTransport.insecureSkipVerify=true
      --providers.docker.exposedByDefault=false
      --certificatesResolvers.staging.acme.email=mail@mail.xy
      --certificatesResolvers.staging.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.staging.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.staging.acme.httpChallenge.entrypoint=web
      --certificatesResolvers.production.acme.email=mail@mail.xy
      --certificatesResolvers.production.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.production.acme.caServer="https://acme-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.production.acme.httpChallenge.entrypoint=web
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data/letsencrypt:/letsencrypt
      - ./logs:/var/log/traefik
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=staging"
      - "traefik.http.routers.traefik.entrypoints=web, websecure"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.xy`)"
      - "traefik.http.routers.traefik.service=api@internal"

sickmitch · July 27, 2024, 4:15am

Here it is! This is a simplified version I'm using while troubleshooting, I can get to the dashboard locally with 192.168.1.20:8080 and all looks fine. You are right tho, I've been troubleshooting this and the problem is connected to the NO-IP redirection, if I route directly to my external IP from cloudflare it works..

services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    command:
      --api.insecure=true
      --providers.docker
      --global.checkNewVersion=true
      --global.sendAnonymousUsage=true
      --log.level=INFO
      --log.filePath=/var/log/traefik/traefik.log
      --accessLog.filePath=/var/log/traefik/access.log
      --api.dashboard=true
      --api.debug=true
      --entryPoints.web.address=":80"
      --entryPoints.websecure.address=":443"
      --serversTransport.insecureSkipVerify=true
      --providers.docker.exposedByDefault=false
      --certificatesResolvers.staging.acme.email=mail@mail.xy
      --certificatesResolvers.staging.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.staging.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.staging.acme.httpChallenge.entrypoint=web
      --certificatesResolvers.production.acme.email=mail@mail.xy
      --certificatesResolvers.production.acme.storage=/letsencrypt/acme.json
      --certificatesResolvers.production.acme.caServer="https://acme-v02.api.letsencrypt.org/directory"
      --certificatesResolvers.production.acme.httpChallenge.entrypoint=web
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data/letsencrypt:/letsencrypt
      - ./logs:/var/log/traefik
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=staging"
      - "traefik.http.routers.traefik.entrypoints=web, websecure"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.xy`)"
      - "traefik.http.routers.traefik.service=api@internal"

Topic		Replies	Views
Traefik seems to be constantly blocked Traefik v3 (latest) docker	1	78	July 6, 2024
Can a container with port 80 exposed cause troubles to Traefik? Traefik v2 docker	0	314	November 11, 2021
Traefik No Longer Working :( Traefik v2 docker	0	292	January 23, 2021
Traefik seems to have stopped sending requests to some containers? Traefik v2 docker	1	1006	February 27, 2020
No traffic in port 80 and 443 and i cant find why Traefik v2 docker	4	1115	October 20, 2023

Port 80 blocked by ISP

Related topics