Sidero Omni behind Traefik

urbaman · December 26, 2025, 11:15am

Hi,

I'm trying to put Sidero Omni behind Traefik, following this guide for nginx and this homemade setting (see the compose file), but I'm going nowhere.

If I keep both the http and h2c schemes for the omni service, I get:

2025-12-25T22:39:07+01:00 ERR error="field not found, node: service" container=omni-kubernetes-7daf6005dbeb1cdd5a0505f2cded890dac20b80c11a42b1546007013f776d77f providerName=docker

And the problem is the h2c scheme, somehow.

I think that without it, I cannot reconcile witht the nginx conf (the grpc/http if-then) and cannot connect to the Omni api:

Error: rpc error: code = Unknown desc = unexpected HTTP status code received from server: 405 (Method Not Allowed); transport: received unexpected content-type "text/plain; charset=utf-8"

Is there a way to properly manage that nginx configuration, managing both http and h2c?

Thanks,

bluepuma77 · December 26, 2025, 5:38pm

      - "traefik.http.services.omni.loadbalancer.server.scheme=https"
      - "traefik.http.services.omni.loadbalancer.server.scheme=h2c"

What are you trying to achieve? Traefik will use one protocol to forward/proxy requests to the target service, why supply two? (Which will technically not work as the same key will be overwritten with a new value)

urbaman · December 26, 2025, 8:15pm

I'd like to reproduce this official "Omni behind Nginx" piece of code:

# Omni main API
	server {
		listen 0.0.0.0:443 http2 ssl;
		listen [::0]:443 http2 ssl;
		server_name $OMNI_DOMAIN;
		ssl_certificate /var/lib/acme/omni/fullchain.pem;
		ssl_certificate_key /var/lib/acme/omni/key.pem;
		ssl_trusted_certificate /var/lib/acme/omni/chain.pem;
		location / {
			error_page 418 = @grpc;
			error_page 419 = @http;

			if ($is_grpc) {
				return 418;
			}

			return 419;
		}

		# Omni main GRPC API
		location @grpc {
			# Omni needs long timeouts for the long-lived GRPC stream connections
			grpc_read_timeout 1h;
			grpc_send_timeout 1h;
			grpc_pass grpc://127.0.0.1:8080;
		}

		# Omni main HTTP API
		location @http {
			proxy_pass http://127.0.0.1:8080;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection $connection_upgrade;
		}
	}

It seems it can manage both http and grpc, proxying both of them to the same container (backend) port.
Is there a way to reproduce it in Traefik?

urbaman · December 27, 2025, 4:00am

Ok,

It seems to work perfectly with only the h2c scheme declared, both for the http ui and the api.

    labels:
      - "org.label-schema.group=tools"
      - "traefik.enable=true"
      - "traefik.docker.network=networking"
      # HTTP Routers
      - "traefik.http.routers.omni-router.entrypoints=websecure"
      - "traefik.http.routers.omni-router.rule=Host(`omni.$DOMAINNAME_1`)" # HostRegexp:omni.${DOMAINNAME_1},{catchall:.*}" # Host(`omni.$DOMAINNAME
      #- "traefik.http.routers.omni-api-router.entrypoints=websecure"
      #- "traefik.http.routers.omni-api-router.rule=Host(`omni.$DOMAINNAME_1`)"
      - "traefik.http.routers.omni-machine-api-router.entrypoints=websecure"
      - "traefik.http.routers.omni-machine-api-router.rule=Host(`omni-api.$DOMAINNAME_1`)" # HostRegexp:omni.${DOMAINNAME_1},{catchall:.*}" # Host(`
      - "traefik.http.routers.omni-k8s-router.entrypoints=websecure"
      - "traefik.http.routers.omni-k8s-router.rule=Host(`omni-k8s.$DOMAINNAME_1`)" # HostRegexp:omni.${DOMAINNAME_1},{catchall:.*}" # Host(`omni.$DO
      # Middlewares
      - "traefik.http.routers.omni-router.middlewares=secure-headers@file"
      #- "traefik.http.routers.omni-api-router.middlewares=secure-headers@file"
      - "traefik.http.routers.omni-machine-api-router.middlewares=secure-headers@file"
      - "traefik.http.routers.omni-k8s-router.middlewares=secure-headers@file"
      # HTTP Services
      - "traefik.http.routers.omni-router.service=omni-service"
      - "traefik.http.services.omni-service.loadbalancer.server.port=8080"
      - "traefik.http.services.omni-service.loadbalancer.server.scheme=h2c"
      #- "traefik.http.routers.omni-router-api-.service=omni-service-api"
      #- "traefik.http.services.omni-service-api.loadbalancer.server.port=8080"
      #- "traefik.http.services.omni.service-api.loadbalancer.server.scheme=h2c"
      - "traefik.http.routers.omni-machine-api-router.service=omni-machine-api-service"
      - "traefik.http.services.omni-machine-api-service.loadbalancer.server.port=8090"
      #- "traefik.http.services.omni-machine-api-service.loadbalancer.serversTransport=omni-transport@file"
      - "traefik.http.services.omni-machine-api-service.loadbalancer.server.scheme=h2c"
      - "traefik.http.routers.omni-k8s-router.service=omni-k8s-service"
      - "traefik.http.services.omni-k8s-service.loadbalancer.server.port=8100"
      #- "traefik.http.services.omni-machine-api-service.loadbalancer.serversTransport=omni-transport@file"
      - "traefik.http.services.omni-k8s-service.loadbalancer.server.scheme=http"

Topic		Replies	Views
Traefik advertises HTTP/2 when backend doesn't support it Traefik v2 docker , tcp	4	12318	September 21, 2019
Unsupported protocol scheme h2c Traefik v3 (latest) tcp , middleware , cli	12	911	September 4, 2024
Traefik 2.1 and docker-compose over https Traefik v2 docker , middleware	4	1331	May 5, 2020
Traefik nginx not able to use only HTTP Traefik v2 docker	4	705	November 28, 2021
Using Traefik 2.0 with docker for a GRPC application Traefik v2 docker	0	1278	June 13, 2020

Sidero Omni behind Traefik

Related topics