Solved: Clarity on traefik http reverse proxy with pfsense DNS resolver subdomain entries. The proxy for the external server (different docker VM to the traefik docker VM) works on port 80 but not on another port used by wordpress. Nice diagram included

Traefik Traefik v2
1

I'd like some help with a brain melting problem please. Lots of docs read, lots of searches made, but can't work out what else to try. My setup is as follows. Note this is just an http setup and no https is involved.

traefik-diagram01
traefik-diagram01800×609 100 KB

So the problem/challenge I have is getting traefik working as a simple reverse proxy for an external service to the traefik VM, a wordpress website (also running on a separate docker proxmox VM) and exposed through port 8001. The behaviour I'm trying to achieve is when I enter a url of wordpress.home.arpa in the browser. It should provide a reverse proxy to the wordpress server which is available on docker01.home.arpa:8001 hiding the port number.

pfsense is handling the DNS resolution from wordpress.home.arpa and apache.home.arpa to the same IP address of the traefik proxy server.

The proxing on apache.home.arpa (running on port 80 on the external server), works correctly.

However when I try to access wordpress.home.arpa all I get in the browser is " The site cannot be reached, wordpress.home.arpa refused to connect, ERR_CONNECTION_REFUSED" and the address bar changes to wordpress.home.arpa:8001

My docker compose file for setting up traefik is:

services:
  reverse-proxy-traefik:
    image: traefik:v2.10.5
    container_name: reverse-proxy-traefik
    restart: always
    networks:
      - proxy
    ports:
      - 80:80
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/configs:/configs:ro
      - ./data/logs:/logs:rw
    read_only: true
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik-http.entrypoints=http
      - traefik.http.routers.traefik-http.rule=Host(`traefik.home.arpa`)
      - traefik.http.routers.traefik-http.service=api@internal
networks:
  proxy:
    external: {}

My traefik.yml file is

api:
 dashboard: true
 insecure: true

entryPoints:
  http:
    address: ":80"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    network: proxy
  file:
    directory: "/configs"
    watch: true

accessLog:
  filePath: "/logs/access.log"
  fields:
    headers:
      names:
        User-Agent: keep

log:
  level: DEBUG

The traefik configuration file for the apache web site is

http:
  routers:
    apache-http:
      entryPoints:
        - "http"
      rule: Host(`apache.home.arpa`)
      service: "svcApache"

  services:
    svcApache:
      loadBalancer:
        servers:
          - url: "http://docker01.home.arpa/"

The traefik configuration file for the wordpress web site is

http:
  routers:
    wordpress-http:
      entryPoints:
        - "http"
      rule: Host(`wordpress.home.arpa`)
      service: "svcWordpress"

  services:
    svcWordpress:
      loadBalancer:
        servers:
          - url: "http://docker01.home.arpa:8001/"

The file structure for these files on the traefik server are:

./compose.yml

./data
./data/traefik.yml

./data/configs
./data/configs/apache.yml
./data/configs/wordpress.yml

./data/logs

A docker network was setup from the command line by this command

docker network create proxy

Would be very grateful if anybody can suggest a solution to this.

Regards.

2

Well, you enabled Traefik debug log, what does it tell you? Is the dynamic config file loaded?

Next you can check network connectivity. Go into your Traefik container (docker exec -it reverse-proxy-traefik sh) and try to reach the target (wget http://docker01.home.arpa:8001).

Finally note that Wordpress is a beast and it remembers the URL you used to set it up. When you later change the URL, you will always be redirected back to the original one. To fix this, it needs manual config updates in the database.

3

Hi there bluepuma77. Thanks you so much for your reply. So the first thing I've tried, thanks to your wordpress comment, was to take that out the system. I spun up another apache instance on the same server in docker but using port 8010. Created a new traefik dynamic config file. Then tried it out.

And guess what, the reverse proxy worked for another instance of Apache on a different port. So my next area of investigation is going to be how to get the reverse proxy working with wordpress. As it seems traefik is working ok, but the combination of traefik and wordpress is the issue.

Thank you so much for helping me narrow down the problem.

4

The logs are showing that the dynamic configuration was loading OK.

5

Running wget http://docker01.home.arpa:8001 from the traefik container. Yields a connecting, then "can't open index.html': Read-only file system. So looks like it can see wordpress but can't access it. Never the less, I'll do some further research on traefik / reverse proxies and wordpress.

Many thanks for your help.

6

OK - so the answer to the problem I was having, is definitely being caused by the URLs that wordpress store in it's database that it's expecting to receive. When accessing wordpress via the traefik reverse proxy, it won't work.

However, all that is needed is to change the wordpress address (url) and site address (url) inside the wordpress dashboard in: Settings => General Settings. Then the wordpress site can be accessed via the traefik reverse proxy URL mapping whatever port wordpress is running on and being served on port 80 through traefik.

I suspect that the other option is to only intially set the wordpress site up from the reverse proxy URL. So set the reverse proxy up first then the wordpress site, if that's an option.

Best Regards.