[solved] Testing https - Does whoami even work with https? Doesn't for me, only http!

I have traeffik working on https://traeffik.mydomain.com. I'm testing https://whoami.mydomain.com.

However, right now, whoami only works when I add a port in docker-compose (80 is being used by traeffik) and use that for the `loadbalancer.server.port=80 for docker swarm.

So I have two problems:

• 1. https does not work with the whoami example, only http (see screenshot). Does whoami even work with it??
• 2. I have to add a port mapping to make it work, even though traeffik is not running on the same node as whoami!! Without the port mapping in docker-compose, (2001:80), it's a 404 not found.

Here it is working over http:

Screenshot 2020-04-03 at 13.21.21846×700 72.5 KB

Why do I have to add these ports? My goal is simply https://whoami.mydomain.com.

    whoami:
        image: "containous/whoami"
        hostname: whoami
        ports:
            - 2001:80
        networks:
            - my-network
        deploy:
            placement:
                constraints:
                    - node.hostname==whoami
        labels:
            - "traefik.enable=true"
            - "traefik.http.services.whoami.loadbalancer.server.port=2001"
            - "traefik.http.routers.whoami.tls=true"
            - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
            - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
            - "traefik.http.routers.whoami.entrypoints=websecure"

Just in case, here's my traeffik that is working:

traefik:
        image: traefik:v2.2
        hostname: traeffik
        command:
            - "--api"
            - "--api.dashboard=true"
            - "--accesslog=true"
            - "--log.level=DEBUG"
            - "--providers.docker.endpoint=unix:///var/run/docker.sock"
            - "--providers.docker.swarmMode=true"
            - "--providers.docker.network:mydomain-net"
            - "--entrypoints.web.address=:80"
            - "--entrypoints.websecure.address=:443"
            - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
            - "--certificatesresolvers.letsencrypt.acme.dnsChallenge.provider=digitalocean"
            - "--certificatesresolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=15"
            - "--certificatesresolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
            - "--certificatesresolvers.letsencrypt.acme.email=my@email.com"
            - "--certificatesresolvers.letsencrypt.acme.storage=/acme.json"
        environment:
            - "DO_AUTH_TOKEN=ABC"
        ports:
            - "80:80"
            - "443:443"
            - "8080:8080"
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
        networks:
            - mydomain-net
        deploy:
            placement:
                constraints:
                    - node.hostname==traefik
            labels:
                - 'traefik.enable=true'
                - "traefik.http.services.traefik.loadbalancer.server.port=8080"
                # global redirect to https
                - "traefik.http.routers.http-catchall.entrypoints=http"
                - 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
                - 'traefik.http.routers.http-catchall.entrypoints=web'
                - 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
                - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

                # global wildcard certificates
                - 'traefik.http.routers.wildcard-certs.tls.certresolver=letsencrypt'
                - 'traefik.http.routers.wildcard-certs.tls.domains[0].main=mydomain.com'
                - 'traefik.http.routers.wildcard-certs.tls.domains[0].sans=*.mydomain.com'

                # dashboard
                - 'traefik.http.routers.traefik.rule=Host(`traefik.mydomain.com`)'
                - 'traefik.http.routers.traefik.tls=true'
                - 'traefik.http.routers.traefik.entrypoints=websecure,web'
                - 'traefik.http.routers.traefik.service=api@internal'
                - 'traefik.http.routers.traefik.middlewares=authtraefik'
                - 'traefik.http.middlewares.authtraefik.basicauth.users=admin:removed'

Hello,

the port defined by traefik.http.services.whoami.loadbalancer.server.port must the application (in the container), it's not related to the port exposed. So for the whoami is 80.

    whoami:
        image: "containous/whoami"
        hostname: whoami
        ports:
            - 2001:80
        networks:
            - my-network
        deploy:
            placement:
                constraints:
                    - node.hostname==whoami
        labels:
            - "traefik.enable=true"
            - "traefik.http.services.whoami.loadbalancer.server.port=80"
            - "traefik.http.routers.whoami.tls=true"
            - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
            - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
            - "traefik.http.routers.whoami.entrypoints=websecure"

Hey @Idez, thanks for responding. When I change it to 80:

• https://whoami.mydomain.com gives a 404 and now
• http://whoami.mydomain.com:80 doesn't work either (I'm thinking probably because of the global redirect which goes to https, and then 404s?).

Screenshot 2020-04-03 at 13.41.17814×524 44.9 KB

Small note, I have the following in my logs:

level=error msg="service "mydomain-whoami" error: port is missing" container=mydomain-whoami-igy1e13hdg668umg685riz69b providerName=docker

Even though I have the following label for whoami:

"traefik.http.services.whoami.loadbalancer.server.port=80"

It seems this is being ignored?

Solved it, it was being ignored because labels needed to be under "deploy" in docker-compose.