Problems with my setup, no html, cockpit not work

Traefik Traefik v2
1

Hello,

i am new on traefik. I have used traefik to bring up many docker containers. This setup works very good. Then i have found a howto to bring up a local service. Wonderful i thing. So i will bring up the local openmediavault gui and cockpit web gui to a subdomain. My setup:
Traefik in a docker container on Debian Buster
My docker-compose.yml:

version: '3'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.tld`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:password
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.tld`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

My data/traefik.yml:

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: config.yml

certificatesResolvers:
  http:
    acme:
      email: my@mail.tld
      storage: acme.json
      httpChallenge:
        entryPoint: http

My data/config.yml

http:
  routers:
    omv:
      entryPoints:
        - "https"
        - "http"
      rule: "Host(`omv.domain.tld`)"
      middlewares:
        - default-headers
      tls:
        certResolver: http
      service: omv

    cockpit:
      entryPoints:
        - "https"
      rule: "Host(`cockpit.domain.tld`)"
      middlewares:
        - default-headers
      tls:
        certResolver: http
      service: cockpit

  services:
    omv:
      loadBalancer:
        servers:
          - url: "http://192.168.178.191:2485"
        passHostHeader: true
    cockpit:
      loadBalancer:
        servers:
          - url: "http://192.168.178.191:9090"
        passHostHeader: true

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https

    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true

    default-whitelist:
      ipWhiteList:
        sourceRange:
#        - "10.0.0.0/24"
        - "192.168.178.0/16"
        - "172.20.0.0/16"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

The domains and user credentials have i erased.
cockpit service has a config file in /etc/cockpit/cockpit.conf

[WebService]
Origins = https://host-cockpit.mydomain.com wss://host-cockpit.mydomain.com
ProtocolHeader = X-Forwarded-Proto
AllowUnencrypted=true

The howto is here to found

My problems:

  1. The containers work only with https. When i use omv.domain.tld there is no redirect to https. I becom a "404 page not found". With https works omv very good. How can i setup the https redirect?? I thing in default-headers is a redirect. "http" in entrypoint is not the solution, no effect.
  2. The same on cockpit. But when i use https://cockpit... i become the login page. After login have i a blank, white page. Where is my error???

I am a beginner on traffic and v2 is very new so google can't help me. I hope to find a solution

Many thanks
igonixio

2

Hello
I know this is a very OLD topic but any updates?
I want my cockpit to be proxing through traefik v2.

3

Thanks to your post, I was able to use a custom domain name for cockpit.

  1. to answer to your first question, I think you cannot define two endpoints (httpn https) in the same router (omv). what I did, is to define a second router ( omv-s) containing the https entrypoint.

Not sure if it's needed but I set the load balancer url to https:/xxxx, in order to have a encrypted communication between the traefik container and the cockpit service. Also, I did not use the defaultHeaders block, only chain middleware with upwhitelist and scheme redirect.

  1. i had the same blank page when the domain defined in cockpit.conf is not the same as the one in the rule host

I hope these info may help to combine treafik and cockpit.

ps: it seems that there is two months delay between posts :wink:

4

Thanks for the reply :slight_smile:

I made it work with omv and cockpit , but somehow it stopped working ?

Here is my config:

http:
  routers:
    omv:
      entryPoints:
#        - "web"
        - "websecure"
      rule: "Host(`omv.kekec.dk`)"
      #rule: "HostRegexp(`{any:.+}`)"
      #rule: "HostRegexp(`{host:.+}`)"
      middlewares:
        - https-redirect
        - radminlogin
      tls:
        certResolver: http
      service: omv
#
    cockpit:
      entryPoints:
        - "websecure"
      rule: "Host(`cockpit.kekec.dk`)"
      middlewares:
        - https-redirect
        - radminlogin
      tls:
        certResolver: http
      service: cockpit

  services:
    omv:
      loadBalancer:
        servers:
          - url: "http://192.168.1.100:81"
        passHostHeader: true
#
    cockpit:
      loadBalancer:
        servers:
          - url: "http://192.168.1.100:9090"
        passHostHeader: true

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
    radminlogin:
      basicAuth:
        users:
          - 'radmin:PASSWORD
          - 'root:PASSWORD

I dont know if the traefik v2 has changed something , but maybe you can see something i cant?

5

Do you have any log to show what is wrong ?

From the conf, I don't see anything wrong at first glance.
Did you create a cockpit.conf for allowing cockipt-ws ?

6

I hope this is enough :slight_smile:

time="2020-07-08T10:15:04+02:00" level=debug msg="'502 Bad Gateway' caused by: dial tcp 192.168.1.100:9090: connect: no route to host"
time="2020-07-08T10:15:04+02:00" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":{},\"Host\":\"cockpit.kekec.dk\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"da,en-GB;q=0.9,en-US;q=0.8,en;q=0.7\"],\"Authorization\":[\"Basic cm9vdDpBYmlkaW4xMg==\"],\"Cache-Control\":[\"max-age=0\"],\"Cookie\":[\"organizr_token_70b457a7-de67-42ab-8888-be1ef49a4718=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImp0aSI6IjRmMWcyM2ExMmFhIn0.eyJpc3MiOiJPcmdhbml6ciIsImF1ZCI6Ik9yZ2FuaXpyIiwianRpIjoiNGYxZzIzYTEyYWEiLCJpYXQiOjE1OTQxOTA0OTgsImV4cCI6MTU5NDc5NTI5OCwidXNlcm5hbWUiOiJyYWRtaW4iLCJncm91cCI6IkFkbWluIiwiZ3JvdXBJRCI6MCwiZW1haWwiOiJrZWtlYzg4OEBob3RtYWlsLmNvbSIsImltYWdlIjoiaHR0cHM6XC9cL3d3dy5ncmF2YXRhci5jb21cL2F2YXRhclwvMmRhOTNhYjNkNzYxOWY2YjFlYzIwYzRkNDNkODRiMzE_cz0xMDAmZD1tbSIsInVzZXJJRCI6MX0.3t_l7LxwXjREKuG_s1gVUG07MDBnDSVHlrm0njkBBhQ\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36\"],\"X-Forwarded-Host\":[\"cockpit.kekec.dk\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"5eab0dfe7690\"],\"X-Real-Ip\":[\"193.3.10.231\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"cockpit.kekec.dk\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"193.3.10.231:39274\",\"RequestURI\":\"/\",\"TLS\":null}"
time="2020-07-08T10:15:04+02:00" level=debug msg="Authentication succeeded" middlewareName=radminlogin@file middlewareType=BasicAuth
time="2020-07-08T10:15:04+02:00" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":{},\"Host\":\"cockpit.kekec.dk\",\"Path\":\"/favicon.ico\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"image/webp,image/apng,image/*,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"da,en-GB;q=0.9,en-US;q=0.8,en;q=0.7\"],\"Authorization\":[\"Basic cm9vdDpBYmlkaW4xMg==\"],\"Cache-Control\":[\"no-cache\"],\"Cookie\":[\"organizr_token_70b457a7-de67-42ab-8888-be1ef49a4718=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImp0aSI6IjRmMWcyM2ExMmFhIn0.eyJpc3MiOiJPcmdhbml6ciIsImF1ZCI6Ik9yZ2FuaXpyIiwianRpIjoiNGYxZzIzYTEyYWEiLCJpYXQiOjE1OTQxOTA0OTgsImV4cCI6MTU5NDc5NTI5OCwidXNlcm5hbWUiOiJyYWRtaW4iLCJncm91cCI6IkFkbWluIiwiZ3JvdXBJRCI6MCwiZW1haWwiOiJrZWtlYzg4OEBob3RtYWlsLmNvbSIsImltYWdlIjoiaHR0cHM6XC9cL3d3dy5ncmF2YXRhci5jb21cL2F2YXRhclwvMmRhOTNhYjNkNzYxOWY2YjFlYzIwYzRkNDNkODRiMzE_cz0xMDAmZD1tbSIsInVzZXJJRCI6MX0.3t_l7LxwXjREKuG_s1gVUG07MDBnDSVHlrm0njkBBhQ\"],\"Pragma\":[\"no-cache\"],\"Referer\":[\"https://cockpit.kekec.dk/\"],\"Sec-Fetch-Dest\":[\"image\"],\"Sec-Fetch-Mode\":[\"no-cors\"],\"Sec-Fetch-Site\":[\"same-origin\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36\"],\"X-Forwarded-Host\":[\"cockpit.kekec.dk\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"5eab0dfe7690\"],\"X-Real-Ip\":[\"193.3.10.231\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"cockpit.kekec.dk\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"193.3.10.231:39274\",\"RequestURI\":\"/favicon.ico\",\"TLS\":null}"
time="2020-07-08T10:15:04+02:00" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" ForwardURL="http://192.168.1.100:9090" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":{},\"Host\":\"cockpit.kekec.dk\",\"Path\":\"/favicon.ico\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"image/webp,image/apng,image/*,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"da,en-GB;q=0.9,en-US;q=0.8,en;q=0.7\"],\"Authorization\":[\"Basic cm9vdDpBYmlkaW4xMg==\"],\"Cache-Control\":[\"no-cache\"],\"Cookie\":[\"organizr_token_70b457a7-de67-42ab-8888-be1ef49a4718=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImp0aSI6IjRmMWcyM2ExMmFhIn0.eyJpc3MiOiJPcmdhbml6ciIsImF1ZCI6Ik9yZ2FuaXpyIiwianRpIjoiNGYxZzIzYTEyYWEiLCJpYXQiOjE1OTQxOTA0OTgsImV4cCI6MTU5NDc5NTI5OCwidXNlcm5hbWUiOiJyYWRtaW4iLCJncm91cCI6IkFkbWluIiwiZ3JvdXBJRCI6MCwiZW1haWwiOiJrZWtlYzg4OEBob3RtYWlsLmNvbSIsImltYWdlIjoiaHR0cHM6XC9cL3d3dy5ncmF2YXRhci5jb21cL2F2YXRhclwvMmRhOTNhYjNkNzYxOWY2YjFlYzIwYzRkNDNkODRiMzE_cz0xMDAmZD1tbSIsInVzZXJJRCI6MX0.3t_l7LxwXjREKuG_s1gVUG07MDBnDSVHlrm0njkBBhQ\"],\"Pragma\":[\"no-cache\"],\"Referer\":[\"https://cockpit.kekec.dk/\"],\"Sec-Fetch-Dest\":[\"image\"],\"Sec-Fetch-Mode\":[\"no-cors\"],\"Sec-Fetch-Site\":[\"same-origin\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36\"],\"X-Forwarded-Host\":[\"cockpit.kekec.dk\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"5eab0dfe7690\"],\"X-Real-Ip\":[\"193.3.10.231\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"cockpit.kekec.dk\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"193.3.10.231:39274\",\"RequestURI\":\"/favicon.ico\",\"TLS\":null}"
7

Is there any update on this?
I am facing the exact same situation (blank page after login caused by too many redirects)

[http.routers]
  [http.routers.cockpit-rtr]
      entryPoints = ["https"]
      rule = "Host(`cockpit.homeserver.local`)"
      service = "cockpit-svc"
      middlewares = ["cockpit-ssl-redirect", "cockpit-headers"]
      tls = "true"

[http.middlewares]
  [http.middlewares.cockpit-headers.headers]
    [http.middlewares.cockpit-headers.headers.customrequestheaders]
      X-Forwarded-Proto = "https"
      X-Forwarded-Port = "443"
  [http.middlewares.cockpit-ssl-redirect.redirectScheme]
    scheme = "https"

[http.services]
  [http.services.cockpit-svc]
    [http.services.cockpit-svc.loadBalancer]
      passHostHeader = true
      [[http.services.cockpit-svc.loadBalancer.servers]]
        url = "http://192.168.56.102:9090"

cockpit.conf

[WebService]
Origins = https://cockpit.homeserver.local
ProtocolHeader = X-Forwarded-Proto
AllowUnencrypted = true

Any ideas what could be wrong?
My logs show similar redirects as @kekec777.

EDIT/SOLVED: I feel kind of stupid to correct myself within minutes of posting this...
However, I have been testing this setup for HOURS with the same result but never closed my incognito browser window (although I tried deleting web site data). After switching to a different browser it turned out my setup is actually working.
So I am leaving this here for the next poor soul...