Hello all,
I'm looking for some assistance on tracking down a recent problem I've been having. As most of us have done, I've followed this guide on how to get Traefik stood up and work. F YI I am using Docker for Mac.
I was able to follow this and complete with no issues. There is a section toward the bottom that explains how to setup non-container devices that can be accessed via Traefik. The site gives PiHole as one example. (Link here)
I setup a few different LAN devices/IP (my router, two switches, Synology NAS, etc). Everything worked. At some point maybe a month or two back, these devices now stopped working an are showing the error about a redirection loop. (note my Synology still works, but NAS and Routers dont)
Here are things I've tested/confirmed:
- In Cloudflare my SSL is set to Full/Strict
- I have a http to https redirect setup in Traefik as per the linked guide above. This works without issues on all docker containers.
- My switch and routers use HTTP. They are accessable via IP address on the LAN (not via Traefik).
- Example of my rule.yml which controls one such device:
http:
routers:
router-rtr:
rule: "Host(`hostname.***.com`)"
entryPoints:
- https
#middlewares:
#- chain-no-auth
service: router-svc
tls: {}
#certResolver: dns-cloudflare
services:
router-svc:
loadBalancer:
passHostHeader: true
servers:
- url: "http://192.168.1.1:80" # or whatever your external host's IP:port is
In the example above I've tested commenting out the middlewares and the TLS, both of which do not help. I still get the "redirect too many times error"
In addition here is my docker-compose for Traefik:
services:
traefik:
depends_on:
- socketproxy
image: traefik
container_name: ${COMPOSE_PROJECT_NAME}_traefik
restart: always
security_opt:
- no-new-privileges:true
networks:
- macdocker_proxy1
- macdocker_socketproxy1
ports:
- "80:80"
- "443:443"
volumes:
- /etc/localtime:/etc/localtime:ro
#- /var/run/docker.sock:/var/run/docker.sock:ro using a socket proxy
- /***/Traefik/data:/etc/traefik/data
- /***/Traefik/traefik.yml:/etc/traefik/traefik.yml:ro
environment:
- CF_API_EMAIL=$CLOUDFLARE_EMAIL
- CF_API_KEY=$CLOUDFLARE_API_KEY
labels:
- 'com.centurylinklabs.watchtower.enable=true'
- 'com.centurylinklabs.watchtower.monitor-only=true'
#enable
- 'traefik.enable=true'
- 'traefik.docker.network=macdocker_proxy1'
#global http redirect catch all
- 'traefik.http.routers.httpcatchall.entrypoints=http'
- 'traefik.http.routers.httpcatchall.rule=hostregexp(`{host:.+}`)'
- 'traefik.http.routers.httpcatchall.middlewares=redirect-to-https'
#middleware redirect
- 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'
- 'traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true'
##routers##
#https entrypoint
- 'traefik.http.routers.traefik.entrypoints=https'
#always use TLS
- 'traefik.http.routers.traefik.tls=true'
#cert resolver name - comment out after first run to force wildcard cert
# - 'traefik.http.routers.traefik.tls.certresolver=dns-cloudflare'
- 'traefik.http.routers.traefik.tls.domains[0].main=domain.com'
- 'traefik.http.routers.traefik.tls.domains[0].sans=*.domain.com'
# Services - API - makes dashboard available insecure
- 'traefik.http.routers.traefik.service=api@internal'
#Middleware basic auth chain
#- 'traefik.http.routers.traefik.middlewares=chain-basic-auth@file'
- 'traefik.http.routers.traefik.middlewares=chain-oauth@file'
#rule for determining hostname
- 'traefik.http.routers.traefik.rule=Host(`traefik.$DOMAINNAME`)'
Wondering why this just recently started and would appreciate any assistance I could get to resolve this, or be pointed in the right direction.