Ok so I have tried a few thing/setups, but they are not working as I would expect.
with everything setup when I goto gateway01.dev.example.net
I get a 404,
In the Cloud server Traefik Debug logs I get:
traefik | time="2020-06-22T03:21:52Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7\"],\"Cache-Control\":[\"max-age=0\"],\"Cookie\":[\"aCookie\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36\"],\"X-Forwarded-Host\":[\"gateway01.dev.example.net\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"91fc236f132f\"],\"X-Real-Ip\":[\"xx.xx.xx.xx\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"gateway01.dev.example.net\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"xx.xx.xx.xx:50292\",\"RequestURI\":\"/\",\"TLS\":null}"
traefik | time="2020-06-22T03:21:52Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7\"],\"Cache-Control\":[\"max-age=0\"],\"Cookie\":[\"aCookie\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36\"],\"X-Forwarded-Host\":[\"gateway01.dev.example.net\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"91fc236f132f\"],\"X-Real-Ip\":[\"xx.xx.xx.xx\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"gateway01.dev.example.net\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"xx.xx.xx.xx:50292\",\"RequestURI\":\"/\",\"TLS\":null}" ForwardURL="http://10.8.2.5"
traefik | time="2020-06-22T03:21:53Z" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7\"],\"Cache-Control\":[\"max-age=0\"],\"Cookie\":[\"aCookie\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36\"],\"X-Forwarded-Host\":[\"gateway01.dev.example.net\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"91fc236f132f\"],\"X-Real-Ip\":[\"xx.xx.xx.xx\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"gateway01.dev.example.net\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"xx.xx.xx.xx:50292\",\"RequestURI\":\"/\",\"TLS\":null}"
traefik | xx.xx.xx.xx - - [22/Jun/2020:03:21:52 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 1233 "gateway01@file" "http://10.8.2.5" 700ms
Doing a curl from the host I can get a web page:
curl http://10.8.2.5
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Gateway 01</title>
</head>
<body>
<h1>Hello Gateway01</h1>
</body>
and from the traefik contanner the same:
wget http://10.8.2.5
Connecting to 10.8.2.5 (10.8.2.5:80)
saving to 'index.html'
index.html 100% |****************************************************************************************************************************| 160 0:00:00 ETA
'index.html' saved
/ # cat index.html
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Gateway 01</title>
</head>
<body>
<h1>Hello Gateway01</h1>
</body>
</html>
Edit Start:
A little more debug, doing a tcpdump @ the gateway on the vpn interface:
tcpdump -i wg0 -vv
tcpdump: listening on wg0, link-type RAW (Raw IP), capture size 262144 bytes
03:59:32.590699 IP (tos 0x0, ttl 63, id 22839, offset 0, flags [DF], proto TCP (6), length 60)
10.8.2.1.35468 > 10.8.2.5.http: Flags [S], cksum 0xd4cb (correct), seq 2653437319, win 64240, options [mss 1460,sackOK,TS val 3645579350 ecr 0,nop,wscale 7], length 0
03:59:32.591322 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 60)
10.8.2.5.http > 10.8.2.1.35468: Flags [S.], cksum 0x1844 (incorrect -> 0xeead), seq 2680464225, ack 2653437320, win 65160, options [mss 1460,sackOK,TS val 3732324567 ecr 3645579350,nop,wscale 7], length 0
03:59:32.940368 IP (tos 0x0, ttl 63, id 22840, offset 0, flags [DF], proto TCP (6), length 52)
10.8.2.1.35468 > 10.8.2.5.http: Flags [.], cksum 0x18af (correct), seq 1, ack 1, win 502, options [nop,nop,TS val 3645579700 ecr 3732324567], length 0
03:59:32.942496 IP (tos 0x0, ttl 63, id 22841, offset 0, flags [DF], proto TCP (6), length 842)
10.8.2.1.35468 > 10.8.2.5.http: Flags [P.], cksum 0x7ba3 (correct), seq 1:791, ack 1, win 502, options [nop,nop,TS val 3645579701 ecr 3732324567], length 790: HTTP, length: 790
GET / HTTP/1.1
Host: gateway01.dev.example.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control: max-age=0
Cookie: aCookie
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: xx.xxx.xxx.xxx
X-Forwarded-Host: gateway01.dev.example.net
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 91fc456f132f
X-Real-Ip: xx.xxx.xxx.xxx
03:59:32.943062 IP (tos 0x0, ttl 63, id 59101, offset 0, flags [DF], proto TCP (6), length 52)
10.8.2.5.http > 10.8.2.1.35468: Flags [.], cksum 0x183c (incorrect -> 0x1437), seq 1, ack 791, win 503, options [nop,nop,TS val 3732324919 ecr 3645579701], length 0
03:59:32.944634 IP (tos 0x0, ttl 63, id 59102, offset 0, flags [DF], proto TCP (6), length 228)
10.8.2.5.http > 10.8.2.1.35468: Flags [P.], cksum 0x18ec (incorrect -> 0xf3f3), seq 1:177, ack 791, win 503, options [nop,nop,TS val 3732324920 ecr 3645579701], length 176: HTTP, length: 176
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Mon, 22 Jun 2020 03:59:32 GMT
Content-Length: 19
404 page not found
03:59:33.293350 IP (tos 0x0, ttl 63, id 22842, offset 0, flags [DF], proto TCP (6), length 52)
10.8.2.1.35468 > 10.8.2.5.http: Flags [.], cksum 0x1228 (correct), seq 791, ack 177, win 501, options [nop,nop,TS val 3645580053 ecr 3732324920], length 0
the request is been forwarded but the gateway Traefik does not want to pick it up.
There could be something to do with the X-Forwards??? but need to lean more.
Edit End.
So can anyone see anything that I'm doing wrong?? or got hint on tracing down the problem
Current non-working set up files.
Cloud server Traefik docker-compose.yaml
version: '3'
services:
traefik:
image: traefik:v2.2.1
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- external-network
- internal-network
ports:
- 80:80
- 443:443
- 1884:1884
- 5683:5683/udp
- 9002:9002
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/.containers/traefik/data/acme.json:/acme.json
- /root/.containers/traefik/data/gateways.toml:/gateways.toml
command:
# Global
- "--global.checkNewVersion=true"
- "--global.sendAnonymousUsage=false"
# Loggin
- "--log.level=DEBUG"
- "--accesslog=true"
# api
- "--api=true"
- "--api.dashboard=true"
# Entry Points
# web
- "--entryPoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entryPoints.websecure.address=:443"
# Data
# - "--entryPoints.mqtt.address=:1883"
- "--entryPoints.mqttsecure.address=:1884"
- "--entryPoints.coap.address=:5683/udp"
# - "--entryPoints.websocket.address=:9001"
- "--entryPoints.websocketsecure.address=:9002"
# Providers
- "--providers.docker=true"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.filename=/gateways.toml"
- "--providers.file.watch=true"
# Resolvers
- "--certificatesresolvers.resolver-lets-encrypt.acme.email=admin@example.net"
- "--certificatesresolvers.resolver-lets-encrypt.acme.storage=acme.json"
# - "--certificatesresolvers.resolver-lets-encrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.resolver-lets-encrypt.acme.tlschallenge=true"
labels:
- "traefik.enable=true"
# Middlewares
- "traefik.http.middlewares.middleware-basicauth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password
# Routes to Dashboard
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.dev.example.net`)"
- "traefik.http.routers.traefik-secure.middlewares=middleware-basicauth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=resolver-lets-encrypt"
- "traefik.http.routers.traefik-secure.service=api@internal"
# Routes to Gateways
# in gateways.toml
networks:
internal-network:
external-network:
external: true
cloud server gateway.toml
[http]
[http.routers]
[http.routers.gateway01]
entryPoints = ["websecure"]
rule = "Host(`gateway01.dev.example.net`) || Host(`traefik.gateway01.dev.example.net`)"
service = "gateway01"
[http.routers.gateway01.tls]
certresolver = "resolver-lets-encrypt"
[[http.routers.blog.tls.domains]]
main = "gateway01.dev.example.net"
sans = ["*.gateway01.dev.example.net"]
[http.services]
# Gateway 01
[http.services.gateway01]
[http.services.gateway01.loadBalancer]
[[http.services.gateway01.loadBalancer.servers]]
url = "http://10.8.2.5"
Gateway Traefik docker-compose.yml
version: '3'
services:
traefik:
image: traefik:v2.2.1
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- external-network
- internal-network
ports:
- 80:80
- 443:443
# Thinsboard
- 1883:1883
- 5683:5683/udp
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/.containers/traefik/data/acme.json:/acme.json
command:
# Global
- "--global.checkNewVersion=true"
- "--global.sendAnonymousUsage=false"
# Loggin
- "--log.level=DEBUG"
- "--accesslog=true"
# api
- "--api=true"
- "--api.dashboard=true"
# Entry Points
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
# Providers
- "--providers.docker=true"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedbydefault=false"
# Resolvers
# - "--certificatesresolvers.resolver-lets-encrypt.acme.email=admin@example.net"
# - "--certificatesresolvers.resolver-lets-encrypt.acme.storage=acme.json"
# - "--certificatesresolvers.resolver-lets-encrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
# - "--certificatesresolvers.resolver-lets-encrypt.acme.tlschallenge=true"
labels:
- "traefik.enable=true"
# Middlewares
- "traefik.http.middlewares.middleware-basicauth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password
# Routes to Dashboard
# http
- "traefik.http.routers.traefik.entrypoints=web"
- "traefik.http.routers.traefik.rule=Host(`traefik.gateway.dev.example.net`) || (Host(`10.8.2.2`) && Path(`/traefik`)) || (Host(`192.168.1.36`) && Path(`/traefik`))"
- "traefik.http.routers.traefik.middlewares=middleware-basicauth"
- "traefik.http.routers.traefik.service=api@internal"
# https
# - "traefik.http.routers.traefik-secure.entrypoints=websecure"
# - "traefik.http.routers.traefik-secure.rule=Host(`traefik.gateway.dev.example.net`)"
# - "traefik.http.routers.traefik-secure.middlewares=middleware-basicauth"
# - "traefik.http.routers.traefik-secure.tls=true"
# - "traefik.http.routers.traefik-secure.tls.certresolver=resolver-lets-encrypt"
# - "traefik.http.routers.traefik-secure.service=api@internal"
networks:
internal-network:
external-network:
external: true
Gateway Lighttpd docket-compose.yml
version: '3'
services:
lighttpd:
image: "sebp/lighttpd"
container_name: "lighttpd"
restart: "unless-stopped"
security_opt:
- no-new-privileges:true
networks:
- traefik_internal-network
volumes:
- "/home/gateway/.containers/lighttpd/data/www-data/:/var/www/localhost/htdocs/"
- "/home/gateway/.containers/lighttpd/data/logs/:/var/log/lighttpd/"
- "/home/gateway/.containers/lighttpd/data/lighttpd:/etc/lighttpd"
tty: true
labels:
- "traefik.enable=true"
- "traefik.http.routers.lighttpd.entrypoints=web"
- "traefik.http.routers.lighttpd.rule=Host(`gateway01.dev.example.net`) || Host(`10.8.2.5`) || Host(`192.168.1.36`)"
- "traefik.http.routers.lighttpd.service=lighttpd"
- "traefik.http.services.lighttpd.loadbalancer.server.port=80"
- "traefik.docker.network=traefik_internal-network"
networks:
traefik_internal-network:
external: true
Thanks for any help.