Setting up traefik for Docker and external services

devMaFi · April 15, 2022, 9:47am

Hi,

I'd like to setup traefik as reverse proxy for my network.
traefik runs in a Docker as container, but I want to use it as well to forward request to external services outside of docker.

So I used this tutorials:

Once I tested it, it perfectly works for services in side docker connected to the same docker network as traefik.
But when calling an external service, I get a 502 -bad gateway response with the information, no route to host could be determined.
I assume this is linked to the fact, that traefik itself is just connected to an internal network and for whatever reason is unable to call the ip of the external service via the host.

When searching online, I found a lot of stuff, but nothing is really linked to my issue. I hope someone around can support.

Thanks
Martin

This is my docker-compose.yml for traefik:

version: '3'

services:
  traefik:
    image: "traefik:v2.7"
    container_name: "traefik"
    networks:
      - traefik_proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"  # Don't do this in production!
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/config.yml:/config.yml:ro
      - ./logs:/var/log/traefik

networks: 
  traefik_proxy:
    external: true

This is my traefik.yml:

global:
  checkNewVersion: true
  sendAnonymousUsage: false  # true by default

# (Optional) Log information
log:
  level: DEBUG  # DEBUG, INFO, WARNING, ERROR, CRITICAL
  format: common  # common, json, logfmt
  filePath: /var/log/traefik/traefik.log

# (Optional) Accesslog
accesslog:
  format: common  # common, json, logfmt
  filePath: /var/log/traefik/access.log

# (Optional) Enable API and Dashboard
api:
  dashboard: true  # true by default
  insecure: true  # Don't do this in production!

# Entry Points configuration
entryPoints:
  http:
    address: :80
  https:
    address: :443

# Configure your CertificateResolver here...
certificatesResolvers:
  http:
    acme:
      email: example@mymail.com #obfuscated for forum post
      storage: acme.json
      httpChallenge:
        entryPoint: http

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false  # Default is true
  file:
    filename: /config.yml

And finally this is my config.yml:

http:
  routers:
    pihole:
      entryPoints:
        - "https"
        - "http"
      rule: "Host (`pihole.example.com`)" #obfuscated for forum post
      middlewares:
        - addprefix-pihole
        - https-redirect
      tls:
        certResolver: http
      service: pihole

  services:
    pihole:
      loadBalancer:
        servers:
          - url: "http://192.168.178.12:80"
        passHostHeader: true

  middlewares:
    addprefix-pihole:
      addPrefix:
        prefix: "/admin"

    https-redirect:
      redirectScheme:
        scheme: https

tommoulard · April 15, 2022, 9:58am

Hello @devMaFi,

With this use case, making Traefik work should be straight forward.

Can you share the full DEBUG log ? That way, We could know if there was an issue with Traefik.
One other lead can be that Traefik cannot access the given URL for the pihole service.

devMaFi · April 15, 2022, 4:14pm

Hi, sure please find the log attached.

webapp is the internal docker test container to be accessible where pihole is the docker-external service with the ip 192.168.178.12:80

time="2022-04-15T09:30:30Z" level=info msg="Traefik version 2.7.0-rc2 built on 2022-03-29T15:07:48Z"
time="2022-04-15T09:30:30Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}},\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"},\"file\":{\"watch\":true,\"filename\":\"/config.yml\"}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/var/log/traefik/traefik.log\",\"format\":\"common\"},\"accessLog\":{\"filePath\":\"/var/log/traefik/access.log\",\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"http\":{\"acme\":{\"email\":\"info@example.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"http\"}}}},\"pilot\":{\"dashboard\":true}}"
time="2022-04-15T09:30:30Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2022-04-15T09:30:30Z" level=warning msg="Traefik Pilot is deprecated and will be removed soon. Please check our Blog for migration instructions later this year"
time="2022-04-15T09:30:30Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2022-04-15T09:30:30Z" level=debug msg="Starting TCP Server" entryPointName=https
time="2022-04-15T09:30:30Z" level=debug msg="Starting TCP Server" entryPointName=traefik
time="2022-04-15T09:30:30Z" level=debug msg="Starting TCP Server" entryPointName=http
time="2022-04-15T09:30:30Z" level=info msg="Starting provider *file.Provider"
time="2022-04-15T09:30:30Z" level=debug msg="*file.Provider provider configuration: {\"watch\":true,\"filename\":\"/config.yml\"}"
time="2022-04-15T09:30:30Z" level=info msg="Starting provider *traefik.Provider"
time="2022-04-15T09:30:30Z" level=debug msg="*traefik.Provider provider configuration: {}"
time="2022-04-15T09:30:30Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"acme-http\":{\"entryPoints\":[\"http\"],\"service\":\"acme-http@internal\",\"rule\":\"PathPrefix(`/.well-known/acme-challenge/`)\",\"priority\":2147483647},\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"acme-http\":{},\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2022-04-15T09:30:30Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2022-04-15T09:30:30Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"pihole\":{\"entryPoints\":[\"https\",\"http\"],\"middlewares\":[\"addprefix-pihole\",\"https-redirect\",\"default-headers\"],\"service\":\"pihole\",\"rule\":\"Host (`pihole.example.com`)\",\"tls\":{\"certResolver\":\"http\"}}},\"services\":{\"pihole\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.178.12:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"addprefix-pihole\":{\"addPrefix\":{\"prefix\":\"/admin\"}},\"default-headers\":{\"headers\":{\"sslRedirect\":true,\"stsIncludeSubdomains\":true,\"stsPreload\":true,\"forceSTSHeader\":true,\"frameDeny\":true,\"contentTypeNosniff\":true,\"browserXssFilter\":true}},\"https-redirect\":{\"redirectScheme\":{\"scheme\":\"https\"}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
time="2022-04-15T09:30:30Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2022-04-15T09:30:30Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
time="2022-04-15T09:30:30Z" level=info msg="Starting provider *docker.Provider"
time="2022-04-15T09:30:30Z" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2022-04-15T09:30:30Z" level=info msg="Starting provider *acme.Provider"
time="2022-04-15T09:30:30Z" level=debug msg="*acme.Provider provider configuration: {\"email\":\"info@example.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"http\"},\"ResolverName\":\"http\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
time="2022-04-15T09:30:30Z" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" providerName=http.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2022-04-15T09:30:30Z" level=info msg="Testing certificate renew..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=http.acme
time="2022-04-15T09:30:30Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=http.acme
time="2022-04-15T09:30:30Z" level=debug msg="Provider connection established with docker 20.10.14 (API 1.41)" providerName=docker
time="2022-04-15T09:30:30Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-traefik-e1da7b9a631db7a0965edea299779c81ba808252a293ae9fb7d9f3576372bee3
time="2022-04-15T09:30:30Z" level=debug msg="Filtering disabled container" providerName=docker container=pihole01-pihole01-063b7b55b24f0eec542cf7bc16f26f5b7f43e8aad5f994510f569ec4fadcf651
time="2022-04-15T09:30:30Z" level=debug msg="Filtering disabled container" providerName=docker container=pihole02-pihole02-a32d83a355f46cf9ca505d911fdc8ea72c5014d1d78d2b40081aa50306b7438c
time="2022-04-15T09:30:30Z" level=debug msg="Filtering disabled container" providerName=docker container=watchtower-watchtower-74770536d77119a4c017a85b3b1b0ddbee783883b8242256a07cf4c356686c2f
time="2022-04-15T09:30:30Z" level=debug msg="Filtering disabled container" container=portainer-f7325c897cdb426cf308ac28720a71aa0368c71c1192bf9b8a73e478fd519a46 providerName=docker
time="2022-04-15T09:30:30Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"webapp\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirect@file\"],\"service\":\"webapp-webapp\",\"rule\":\"Host(`webapp.example.com`)\"},\"webapp-secure\":{\"entryPoints\":[\"https\"],\"service\":\"webapp-webapp\",\"rule\":\"Host(`webapp.example.com`)\",\"tls\":{\"certResolver\":\"http\"}}},\"services\":{\"webapp-webapp\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.23.0.3:80\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2022-04-15T09:30:30Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal middlewareName=tracing
time="2022-04-15T09:30:30Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal
time="2022-04-15T09:30:30Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal
time="2022-04-15T09:30:30Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2022-04-15T09:30:30Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
time="2022-04-15T09:30:30Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
time="2022-04-15T09:30:30Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2022-04-15T09:30:30Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery
time="2022-04-15T09:30:30Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=http routerName=acme-http@internal
time="2022-04-15T09:30:30Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=http middlewareName=traefik-internal-recovery
time="2022-04-15T09:30:30Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2022-04-15T09:30:31Z" level=debug msg="Adding certificate for domain(s) webapp.example.com"
time="2022-04-15T09:30:31Z" level=debug msg="Adding certificate for domain(s) pihole.example.com"
time="2022-04-15T09:30:31Z" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2022-04-15T09:30:31Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik
time="2022-04-15T09:30:31Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2022-04-15T09:30:31Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2022-04-15T09:30:31Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik
time="2022-04-15T09:30:31Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" entryPointName=http routerName=acme-http@internal middlewareName=tracing middlewareType=TracingForwarder
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" serviceName=webapp-webapp middlewareType=Pipelining middlewareName=pipelining entryPointName=http routerName=webapp@docker
time="2022-04-15T09:30:31Z" level=debug msg="Creating load-balancer" entryPointName=http routerName=webapp@docker serviceName=webapp-webapp
time="2022-04-15T09:30:31Z" level=debug msg="Creating server 0 http://172.23.0.3:80" entryPointName=http routerName=webapp@docker serviceName=webapp-webapp serverName=0
time="2022-04-15T09:30:31Z" level=debug msg="child http://172.23.0.3:80 now UP"
time="2022-04-15T09:30:31Z" level=debug msg="Propagating new UP status"
time="2022-04-15T09:30:31Z" level=debug msg="Added outgoing tracing middleware webapp-webapp" entryPointName=http routerName=webapp@docker middlewareName=tracing middlewareType=TracingForwarder
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" entryPointName=http routerName=webapp@docker middlewareName=https-redirect@file middlewareType=RedirectScheme
time="2022-04-15T09:30:31Z" level=debug msg="Setting up redirection to https " routerName=webapp@docker middlewareName=https-redirect@file middlewareType=RedirectScheme entryPointName=http
time="2022-04-15T09:30:31Z" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=webapp@docker middlewareName=https-redirect@file
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery entryPointName=http middlewareType=Recovery
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" serviceName=pihole entryPointName=https routerName=pihole@file middlewareName=pipelining middlewareType=Pipelining
time="2022-04-15T09:30:31Z" level=debug msg="Creating load-balancer" routerName=pihole@file serviceName=pihole entryPointName=https
time="2022-04-15T09:30:31Z" level=debug msg="Creating server 0 http://192.168.178.12:80" serviceName=pihole serverName=0 entryPointName=https routerName=pihole@file
time="2022-04-15T09:30:31Z" level=debug msg="child http://192.168.178.12:80 now UP"
time="2022-04-15T09:30:31Z" level=debug msg="Propagating new UP status"
time="2022-04-15T09:30:31Z" level=debug msg="Added outgoing tracing middleware pihole" middlewareType=TracingForwarder entryPointName=https routerName=pihole@file middlewareName=tracing
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" entryPointName=https routerName=pihole@file middlewareName=default-headers@file middlewareType=Headers
time="2022-04-15T09:30:31Z" level=warning msg="SSLRedirect is deprecated, please use entrypoint redirection instead." routerName=pihole@file middlewareName=default-headers@file middlewareType=Headers entryPointName=https
time="2022-04-15T09:30:31Z" level=debug msg="Setting up secureHeaders from {map[] map[] false [] [] [] [] [] 0 false [] [] true false  map[] false 0 true true true true  true true       false}" routerName=pihole@file middlewareName=default-headers@file middlewareType=Headers entryPointName=https
time="2022-04-15T09:30:31Z" level=debug msg="Adding tracing to middleware" entryPointName=https routerName=pihole@file middlewareName=default-headers@file
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" entryPointName=https routerName=pihole@file middlewareName=https-redirect@file middlewareType=RedirectScheme
time="2022-04-15T09:30:31Z" level=debug msg="Setting up redirection to https " middlewareName=https-redirect@file middlewareType=RedirectScheme entryPointName=https routerName=pihole@file
time="2022-04-15T09:30:31Z" level=debug msg="Adding tracing to middleware" routerName=pihole@file middlewareName=https-redirect@file entryPointName=https
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" entryPointName=https routerName=pihole@file middlewareType=AddPrefix middlewareName=addprefix-pihole@file
time="2022-04-15T09:30:31Z" level=debug msg="Adding tracing to middleware" routerName=pihole@file entryPointName=https middlewareName=addprefix-pihole@file
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" serviceName=webapp-webapp middlewareName=pipelining middlewareType=Pipelining entryPointName=https routerName=webapp-secure@docker
time="2022-04-15T09:30:31Z" level=debug msg="Creating load-balancer" routerName=webapp-secure@docker serviceName=webapp-webapp entryPointName=https
time="2022-04-15T09:30:31Z" level=debug msg="Creating server 0 http://172.23.0.3:80" serviceName=webapp-webapp serverName=0 entryPointName=https routerName=webapp-secure@docker
time="2022-04-15T09:30:31Z" level=debug msg="child http://172.23.0.3:80 now UP"
time="2022-04-15T09:30:31Z" level=debug msg="Propagating new UP status"
time="2022-04-15T09:30:31Z" level=debug msg="Added outgoing tracing middleware webapp-webapp" middlewareType=TracingForwarder entryPointName=https routerName=webapp-secure@docker middlewareName=tracing
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2022-04-15T09:30:31Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=http
time="2022-04-15T09:30:31Z" level=debug msg="Adding route for webapp.example.com with TLS options default" entryPointName=https
time="2022-04-15T09:30:31Z" level=debug msg="Adding route for pihole.example.com with TLS options default" entryPointName=https
time="2022-04-15T09:30:31Z" level=debug msg="Adding route for pihole.example.com with TLS options default" entryPointName=http
time="2022-04-15T09:30:31Z" level=debug msg="Try to challenge certificate for domain [webapp.example.com] found in HostSNI rule" providerName=http.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=webapp-secure@docker rule="Host(`webapp.example.com`)"
time="2022-04-15T09:30:31Z" level=debug msg="Try to challenge certificate for domain [pihole.example.com] found in HostSNI rule" providerName=http.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" rule="Host (`pihole.example.com`)" routerName=pihole@file
time="2022-04-15T09:30:31Z" level=debug msg="Looking for provided certificate(s) to validate [\"pihole.example.com\"]..." routerName=pihole@file providerName=http.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" rule="Host (`pihole.example.com`)"
time="2022-04-15T09:30:31Z" level=debug msg="No ACME certificate generation required for domains [\"pihole.example.com\"]." rule="Host (`pihole.example.com`)" routerName=pihole@file providerName=http.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2022-04-15T09:30:31Z" level=debug msg="Looking for provided certificate(s) to validate [\"webapp.example.com\"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=webapp-secure@docker rule="Host(`webapp.example.com`)" providerName=http.acme
time="2022-04-15T09:30:31Z" level=debug msg="No ACME certificate generation required for domains [\"webapp.example.com\"]." providerName=http.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=webapp-secure@docker rule="Host(`webapp.example.com`)"
time="2022-04-15T09:31:35Z" level=debug msg="URL.Path is now /admin/ (was /)." middlewareName=addprefix-pihole@file middlewareType=AddPrefix
time="2022-04-15T09:31:35Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":null,\"Host\":\"pihole.example.com\",\"Path\":\"/admin/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"de-DE,de;q=0.9\"],\"User-Agent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15\"],\"X-Forwarded-Host\":[\"pihole.example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e1da7b9a631d\"],\"X-Real-Ip\":[\"84.131.162.224\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"pihole.example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"84.131.162.224:52561\",\"RequestURI\":\"/admin/\",\"TLS\":null}"
time="2022-04-15T09:31:35Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":null,\"Host\":\"pihole.example.com\",\"Path\":\"/admin/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"de-DE,de;q=0.9\"],\"User-Agent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15\"],\"X-Forwarded-Host\":[\"pihole.example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e1da7b9a631d\"],\"X-Real-Ip\":[\"84.131.162.224\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"pihole.example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"84.131.162.224:52561\",\"RequestURI\":\"/admin/\",\"TLS\":null}" ForwardURL="http://192.168.178.12:80"
time="2022-04-15T09:31:38Z" level=debug msg="'502 Bad Gateway' caused by: dial tcp 192.168.178.12:80: connect: no route to host"
time="2022-04-15T09:31:38Z" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":null,\"Host\":\"pihole.example.com\",\"Path\":\"/admin/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"de-DE,de;q=0.9\"],\"User-Agent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15\"],\"X-Forwarded-Host\":[\"pihole.example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e1da7b9a631d\"],\"X-Real-Ip\":[\"84.131.162.224\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"pihole.example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"84.131.162.224:52561\",\"RequestURI\":\"/admin/\",\"TLS\":null}"
time="2022-04-15T09:31:45Z" level=debug msg="URL.Path is now /admin/ (was /)." middlewareName=addprefix-pihole@file middlewareType=AddPrefix
time="2022-04-15T09:31:45Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":null,\"Host\":\"pihole.example.com\",\"Path\":\"/admin/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"de-DE,de;q=0.9\"],\"User-Agent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15\"],\"X-Forwarded-Host\":[\"pihole.example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e1da7b9a631d\"],\"X-Real-Ip\":[\"84.131.162.224\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"pihole.example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"84.131.162.224:52561\",\"RequestURI\":\"/admin/\",\"TLS\":null}"
time="2022-04-15T09:31:45Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" ForwardURL="http://192.168.178.12:80" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":null,\"Host\":\"pihole.example.com\",\"Path\":\"/admin/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"de-DE,de;q=0.9\"],\"User-Agent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15\"],\"X-Forwarded-Host\":[\"pihole.example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e1da7b9a631d\"],\"X-Real-Ip\":[\"84.131.162.224\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"pihole.example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"84.131.162.224:52561\",\"RequestURI\":\"/admin/\",\"TLS\":null}"
time="2022-04-15T09:31:48Z" level=debug msg="'502 Bad Gateway' caused by: dial tcp 192.168.178.12:80: connect: no route to host"
time="2022-04-15T09:31:48Z" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"https\",\"Opaque\":\"\",\"User\":null,\"Host\":\"pihole.example.com\",\"Path\":\"/admin/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"de-DE,de;q=0.9\"],\"User-Agent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15\"],\"X-Forwarded-Host\":[\"pihole.example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e1da7b9a631d\"],\"X-Real-Ip\":[\"84.131.162.224\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"pihole.example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"84.131.162.224:52561\",\"RequestURI\":\"/admin/\",\"TLS\":null}"
time="2022-04-15T09:32:01Z" level=info msg="I have to go..."
time="2022-04-15T09:32:01Z" level=info msg="Stopping server gracefully"
time="2022-04-15T09:32:01Z" level=debug msg="Waiting 10s seconds before killing connections." entryPointName=https
time="2022-04-15T09:32:01Z" level=debug msg="Waiting 10s seconds before killing connections." entryPointName=traefik
time="2022-04-15T09:32:01Z" level=debug msg="Waiting 10s seconds before killing connections." entryPointName=http
time="2022-04-15T09:32:01Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=https
time="2022-04-15T09:32:01Z" level=error msg="Error while starting server: accept tcp [::]:443: use of closed network connection" entryPointName=https
time="2022-04-15T09:32:01Z" level=error msg="accept tcp [::]:8080: use of closed network connection" entryPointName=traefik
time="2022-04-15T09:32:01Z" level=error msg="Error while starting server: accept tcp [::]:8080: use of closed network connection" entryPointName=traefik
time="2022-04-15T09:32:01Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2022-04-15T09:32:01Z" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2022-04-15T09:32:02Z" level=debug msg="Entry point http closed" entryPointName=http
time="2022-04-15T09:32:02Z" level=debug msg="Entry point https closed" entryPointName=https
time="2022-04-15T09:32:02Z" level=debug msg="Entry point traefik closed" entryPointName=traefik
time="2022-04-15T09:32:02Z" level=info msg="Server stopped"
time="2022-04-15T09:32:02Z" level=info msg="Shutting down"

I thought that there could some reason why traefik is no able to route the request from the internal docker-proxy network to the external network but have no idea why.

Thanks Martin

devMaFi · April 24, 2022, 6:24pm

Hello,
just want to ask if there was any helpful hint in the logs what could solve my problem?

Thanks Martin

lukics · December 7, 2022, 10:12am

Any solution for this found?

bluepuma77 · December 17, 2022, 9:52pm

First, go into your Traefik container and check that you can reach your target.

docker exec -it <traefik-container> sh
wget <loadBalancer.servers.url>

Most of the time it's a networking problem. For example, you can not use localhost.

Topic		Replies	Views
Can't get proxying to external server to work with Docker Traefik v2 (latest) docker	1	658	April 20, 2023
I can't use traefik to reverse proxy external services Traefik v2 (latest) docker	5	1409	July 4, 2022
Difficulties to route traffic to external host Traefik v2 (latest) docker , file	1	542	October 30, 2020
Need Help with Traefik and DuckDNS Setup for remote access - Can’t Access Services Externally Traefik v2 (latest) docker	11	462	January 22, 2024
Unable to route outside services with Docker Desktop and WSL2 Traefik v2 (latest) docker	0	1261	May 28, 2021

Setting up traefik for Docker and external services

Related Topics