Hello everybody,
I try to expose a Home Assistent over Traefik using a second Raspberry Pi with trafik. The goal is to enable SSL with a Lets Encrypt Certificate.
Scenario:
- Custom public DNS Server with DynDNS (The Fritz!Box updates the DNS Records over a script when my IP changes); This works fine.
- Port Forwarding over the router. Port 80 and 443 ends on the Raspberry Pi running traefik
Contents of traefik.yml
api:
insecure: true
providers:
file:
directory: /services
watch: true
certificatesResolvers:
le:
acme:
email: mymail@example.com
storage: /ssl/acme.json
httpChallenge:
# used during the challenge
entryPoint: web
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
docker-compose.yml
of traefik
version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.6
# Enables the web UI and tells Traefik to listen to docker
ports:
# The HTTP port
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
- ./traefik.yml:/etc/traefik/traefik.yml
- ./logs:/etc/logs
- ./ssl:/ssl
- ./services:/services
restart: always
services/myservice.yaml
http:
routers:
home-assistant-route:
entryPoints:
- web
service: home-assistant
rule: "Host(`internal.example.local`)"
#tls:
# certresolver: le
home-assistant-ext:
entryPoints:
- web
service: home-assistant
rule: "Host(`public.example.com`)"
home-assistant-ssl:
entryPoints:
- websecure
service: home-assistant
rule: "Host(`public.example.com`)"
tls:
domains:
- public.example.com
certResolver: le
services:
home-assistant:
loadBalancer:
servers:
- url: http://192.168.0.7:8123/
Whats working
- Access over
http://internal.example.local
which is resolves over my custom home DNS server - Access over
http://public.example.com
- Access over
https://public.example.com
which ends in a certificate error. By bypassing this warning the access is possible
Traefik reports this error: level=error msg="Unable to obtain ACME certificate for domains \"public.example.com\": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:53603->127.0.0.11:53: i/o timeout" routerName=home-assistant-ssl@file providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" rule="Host(
public.example.com)"
Any ideas how I could get this to work?
Thanks everybody!