Serving legacy server behind traefik reverse proxy

Traefik Traefik v2
,
1

Hi,
I'm using docker with following specifications.

Client:
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.13.8
 Git commit:        afacb8b7f0
 Built:             Wed Mar 11 23:42:35 2020
 OS/Arch:           linux/amd64
 Experimental:      false
Server:
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.8
  Git commit:       afacb8b7f0
  Built:            Wed Mar 11 22:48:33 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.3.3-0ubuntu2
  GitCommit:        
 runc:
  Version:          spec: 1.0.1-dev
  GitCommit:        
 docker-init:
  Version:          0.18.0
  GitCommit:

Traefik v2.2 runs on, dashboard and portainer runs flawlessly. I'm trying to run my freedombox instance (it runs on a different server on same LAN) behind traefik reverse proxy. I can't find Freedombox Docker image. I decided to run legacy server behind Traefik reverse proxy.

My config files are:

**docker-compose.yml**
version: '3.3'

services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/config.yml:/config.yml
    labels:
      # Dashboard
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.xxxx.yyy`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=http"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.middlewares=authtraefik"
      - "traefik.http.middlewares.authtraefik.basicauth.users=xxxx:yyyyy" # user/password

      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      # app auth middleware
      - "traefik.http.middlewares.auth.basicauth.users=xxxx:yyyyyyyyy" # user/password

networks:
  proxy:
    external: true

**traefik.yml**
api:
  dashboard: true
  debug: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: "config.yml"
    watch: true

certificatesResolvers:
  http:
    acme:
      email: mail@xxx.yyy
      storage: acme.json
      httpChallenge:
        entryPoint: http

**config.yml**
http:

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https

    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/24"
        - "192.168.0.0/16"
        - "172.0.0.0/8"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

  routers:
    to-freedombox:
      rule: Host(`test2.xxxx.yyyy`)
      service: freedombox
  services:
    freedombox:
      loadBalancer:
        servers:
        - url: https://192.168.0.39:80

tls:
  options:
    default:
      minVersion: VersionTLS12
      curvePreferences:
        - secp521r1
        - secp384r1
      sniStrict : true
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

    mintls13:
      minVersion: VersionTLS13

When I try to connect to freedombox (test2.xxxx.yyyy) it says '404 page not found'
How can I serve freedombox instance behind traefik reverse proxy? What is wrong?
Thanks in advance.

2

If you are connecting on https it looks like your router definition is missing TLS.
You may end up with another problem connecting, the service URL is set to https on port 80. You may have set this intentionally though, just pointing it out.

3

Hi again,
I'd try to solve my problem. Now I've new problem. Freedombox has self signed certificate.
My last dynamic conf files as follows;

 routers:
   to-freedombox:
     rule: "Host(`test2.xxxxx.yyy`)"
     service: freedombox
     entryPoints:
       - https
     tls:
       insecureSkipVerify: true

 services:
   freedombox:
     loadBalancer:
       servers:
         - url: "https://192.168.0.12"

test2.xxxx.yyy is return to 'Internal Server Error'. I think it's related to tls negotiation. I added ' insecureSkipVerify: true' to conf but not works. May be it is not correct place?
I'm not very familiar to these, I'm trying some home server as hobby.
Thanks.