Reverse proxy with file provider gives HTTP 500

Traefik Traefik v2
,
1

Hi,

Overview of my issue:
Traefik running in Docker should reverse proxy to mail server running in LXC (just the web mail/web admin part, core mail part is handled before it hits Traefik), but I'm getting HTTP 500.

Details:
I have Traefik running via docker-compose with the following config (if you notice that something is off or redundant, do tell):

version: '3.8'

services:
  traefik:
    container_name: ${container_name}
    hostname: ${hostname}
    image: traefik:${image_tag}
    restart: unless-stopped
    command:
      - "--log.level=ERROR"
      - "--accesslog=true"

      - "--api=true"
      - "--api.dashboard=true"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"

      - "--providers.docker=true"
      - "--providers.docker.network=web"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/config/"
      - "--providers.file.watch=true"

      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http"
      - "--certificatesresolvers.letsencrypt.acme.email=${letsencrypt_email}"
      - "--certificatesresolvers.letsencrypt.acme.storage=acme.json"

    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./acme.json:/acme.json"
      - "./config/:/config/"
    networks:
      - internal
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.${service}.rule=Host(`${hostname}`)"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
      - "traefik.http.routers.redirects.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirects.entrypoints=http"
      - "traefik.http.routers.redirects.middlewares=redirect-to-https"
      - "traefik.http.routers.${service}.tls.certresolver=letsencrypt"
      - "traefik.http.routers.${service}.service=api@internal"
      - "traefik.http.routers.${service}.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${traefik_dashboard_username}:${traefik_dashboard_password}"

networks:
  internal:
  web:
    external: true

In /config I have only mail.yml:

http:
  routers:
    mail:
      rule: Host(`${mail_server_fqdn}`) # <- I have literal value here, not a variable
      tls:
        certresolver:
          letsencrypt
      service: mail
      entryPoints:
        - https

  services:
    mail:
      loadBalancer:
        servers:
          - url: https://10.4.4.11

10.4.4.11 is address of LXC container.
When I do curl -I https://my.mail.server I get HTTP 500.

This same LXC container worked with NGINX instead of traefik with pretty basic setup and proxy_pass https://10.4.4.11;

If I add 10.4.4.11 my.mail.server in /etc/hosts on the server (not LXC, but on host where Traefik is running) I can do curl -I https://my.mail.server and get good response.

My guess is that something is wrong with mail.yml, but I can't figure it out (or it might be something else entirely :D)

Please help :slight_smile:

Thanks!

2

If you enable debug log and examine your logs you will probably see TLS error between traefik and your app. Specify insecureskipverify, if this is the case, globally to avoid that verification, or if globally does not suit you, wait for this already implemented PR to come through (v2.4) for setting this up for a particular service. This change also will allow to provide individual certificates for the applications behind traefik so that TLS could be checked properly without insecureskipverify.

2 Likes
3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.