Redirect problem to another server

Traefik Traefik v2 (latest)
1

Hello there, i have issue with redirection. Let me explain, i have two servers on same LAN but one is with traefik and docker, second is Synology NAS.

So main server (Ubuntu 20.04 LTS) got IP example: 192.168.10.1 and NAS: 192.168.10.2 (NAS USING PORT 10051 for web services)

My domain is completly direct to the MAIN SERVER. So lets name it as god.com
traefik.god.com (url of traefik dashboard)
nas.god.com (url of synology nas)
i stored traefik -> /home/archmatt/traefik
Data in traefik folder is -> docker-compose.yml
-> data (folder)
inside data folder is -> config.yml
-> acme.json
-> traefik.yml

docker-compose.yml

version: '3'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=name@god.com
      # - CF_DNS_API_TOKEN=YOUR_API_TOKEN
      - CF_API_KEY=god-cloudflare-api-key
      # be sure to use the correct one depending on if you are using a token or key
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /home/archmatt/traefik/data/traefik.yml:/traefik.yml:ro
      - /home/archmatt/traefik/data/acme.json:/acme.json
      - /home/archmatt/traefik/data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.god.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=USER:PASSWORD"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.god.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=god.com"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.god.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

config.yml

http:
 #region routers 
  routers:
    nas:
      entryPoints:
        - "https"
      rule: "Host(`nas.god.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: nas
 #endregion
 #region services
  services:
    nas:
      loadBalancer:
        servers:
          - url: "https://192.168.10.2:10051"
        passHostHeader: true    
 #endregion
   middlewares:
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true

    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    idrac:
      headers:
        frameDeny: true
        browserXssFilter: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    secured:
      chain:
        middlewares:
        - default-headers

traefik.yml

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
    watch: true
certificatesResolvers:
  cloudflare:
    acme:
      email: name@god.com
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

why i cannot connect to the NAS ?
Before traefik i used Nginx Proxy Manager and everything works fine.

2

Well, first what does it mean you can not connect? No TCP connection or an error page like 404?

Did you check Traefik debug log and Dashboard for the router and service?

It seems you want to use Cloudflare LetsEncrypt, you need to assign it to the router certresolver.

3

404 error page not found, Is error message, i Have set up already portainer inside docker that works fine. Portainer.god.com

4

Did you check Traefik debug log and Dashboard for the router and service? Especially comparing it to the working portainer router/service?

It seems you want to use Cloudflare LetsEncrypt, you need to assign it to the router certresolver . Compare it to the working portainer router/service.

1 Like
5

Ok I already figured out what was wrong and it was my config.yml file :frowning: :frowning:

http:
 #region routers 
  routers:
    synology:
      entryPoints:
        - "https"
      rule: "Host(`nas.god.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: synology
    pihole:
      entryPoints:
        - "https"
      rule: "Host(`pihole.local.example.com`)"
      middlewares:
        - default-headers
        - addprefix-pihole
        - https-redirectscheme
      tls: {}
      service: pihole
    homebridge:
      entryPoints:
        - "https"
      rule: "Host(`homebridge.local.example.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: homebridge
    homeassistant:
      # For Homeassistant config, check: https://www.home-assistant.io/integrations/http/#reverse-proxies
      # This relies on Homeassistant using http. No certs are needed in the Homeassistant config.
      entryPoints:
        - "https"
      rule: "Host(`homeassistant.local.example.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: homeassistant
    syncthing:
      entryPoints:
        - "https"
      rule: "Host(`syncthing.local.example.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: syncthing
    truenas:
      entryPoints:
        - "https"
      rule: "Host(`truenas.local.example.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: truenas
    plex:
      entryPoints:
        - "https"
      rule: "Host(`plex.local.example.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: plex
    minio:
      entryPoints:
        - "https"
      rule: "Host(`minio.local.example.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: minio
    rancher:
      entryPoints:
        - "https"
      rule: "Host(`rancher.local.example.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: rancher
    idrac:
      entryPoints:
        - "https"
      rule: "Host(`idrac.local.example.com`)"
      middlewares:
        - idrac
        - https-redirectscheme
      tls: {}
      service: idrac
    idrac-console:
      entryPoints:
        - "idrac" # REQUIRED for iDRAC virtual console: Create a new TCP entry point in traefik on port 5900
      rule: "Host(`idrac.local.example.com`)"
      middlewares:
        - idrac
        - https-redirectscheme
      tls: {}
      service: idrac-console
    opnsense:
      entryPoints:
        - "https"
      rule: "Host(`opnsense.local.example.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: opnsense
    pterodactyl:
      entryPoints:
        - "https"
      rule: "Host(`pterodactyl.local.example.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: pterodactyl

#endregion
#region services
  services:
    synology:
      loadBalancer:
        servers:
          - url: "https://192.168.10.2:10051"
        passHostHeader: true
    pihole:
      loadBalancer:
        servers:
          - url: "http://192.168.0.101:80"
        passHostHeader: true
    homebridge:
      loadBalancer:
        servers:
          - url: "http://192.168.0.102:10999"
        passHostHeader: true
    homeassistant:
      loadBalancer:
        servers:
          - url: "http://192.168.0.102:10999"
        passHostHeader: true
    syncthing:
      loadBalancer:
        servers:
          - url: "https://192.168.0.103:8384"
        passHostHeader: true
    truenas:
      loadBalancer:
        servers:
          - url: "https://192.168.0.104"
        passHostHeader: true
    plex:
      loadBalancer:
        servers:
          - url: "https://192.168.0.105:32400"
        passHostHeader: true
    minio:
      loadBalancer:
        servers:
          - url: "https://192.168.0.106:9000/"
        passHostHeader: true
    rancher:
      loadBalancer:
        servers:
          - url: "https://192.168.0.107"
        passHostHeader: true
    idrac:
      loadBalancer:
        servers:
          - url: "https://192.168.0.108"
        passHostHeader: true
    idrac-console:
      loadBalancer:
        servers:
          - url: "https://192.168.0.108:5900"
        passHostHeader: true
    opnsense:
      loadBalancer:
        servers:
          - url: "https://192.168.0.109"
        passHostHeader: true
    pterodactyl:
      loadBalancer:
        servers:
          - url: "http://192.168.0.110:80"
        passHostHeader: true
#endregion
  middlewares:
    addprefix-pihole:
      addPrefix:
        prefix: "/admin"
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true

    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    idrac:
      headers:
        frameDeny: true
        browserXssFilter: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers
6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.