Problems getting results from internal service

Traefik Traefik v2
, ,
1

Hi,

Can anyone give me a hint how to fix/further troubleshoot this problem, please?

I have a problem that I cannot forward to a service with a specified by url. I see that the https request is correctly forwarded, but the answer is never getting returned to the client that connects to the traefik proxy. The forward authentication is working as expected,

I've checked the network and server connectivity by open a shell in the traefic container installing curl and executing curl -k -u user:password https://server.example.local:8183 and could successfully read the content of the webpage.

On the Dashboard and In the traefik v2.11 logs I can see no errors even with debug enabled.

I also can use services with http://. So I think, that the option "--serverstransport.insecureskipverify=true" is not working as expected. because i need the curl -k option that disables verification to get the data from the server.

My statis config is:

services:
  traefik:
    image: traefik:2.11
    container_name: traefik
    command:
      - "--entryPoints.web-secure.address=:443"
      - "--serverstransport.insecureskipverify=true"
      ...

My dynamic config for this service is:

http:
  middlewares:

    # http-middlewares - Strip prefixes used for routers
    strip-prefixes:
      stripPrefix:
        forceSlash: false
        prefixes:
          - "/dashboard"
          - "/bot/"
          - "/bot"

    redirect-http:
      redirectScheme:
        scheme: https

   my-service-auth-forward:
      forwardAuth:
        address: "https://server.example.local:8183"
        tls:
          caOptional: true
          insecureSkipVerify: true
        trustForwardHeader: true

    my-service-mid:
      chain:
        middlewares:
          - secHeaders
          - strip-prefixes
          - redirect-http
          - my-service-auth-forward

  services:
    my-service-service:
      loadBalancer:
        servers:
          - url: "https://server.example.local:8183"

  routers:
    my_service_router:
      entryPoints:
        - web-secure
      rule: "Host(`bot.example.com`) && ( PathPrefix(`/bot/`) || PathPrefix(`/bot/`) )"
      middlewares:
        - "my-service-mid"
      service: "my-service-service"
      tls: {}
2

Is the target service a GUI web application? Those usually don't like paths to be manupulated, as the index.html will tell the browser to load further resources at fixed absolute paths like /js/script.js, and those are not available at the manipulated path.

Check you browsers developer tools network tab for requests, responses and errors.

3

Hi @bluepuma77, thanks for reply.

This is pointing to an internal Traefik that has an entrypoint :8143 and then communicating to the flask service.

So, because curl is working just by accessing this port, and it is working from other internal clients the problem must be the on the Traefik, that is in DMZ.

Also forward auth is correctly executed and I'm required to enter the username and password. After that a 404 is the reaction in the browser.

I see the request is handled by the internal traefik in the access log.

4

This is confusing to me, you are providing information only bit by bit.

If you have 2 Traefik instances, then provide for each the full Traefik static and dynamic config, and docker-compose.yml if used.

Enable and check Traefik debug log and Traefik access log in JSON format - on both instances.