[Solved] Traefik in front of AWX

Hello,

This is my first time using Traefik.

I installed some services (Portainer, Zabbix) on a Docker test machine and I managed to access these apps (and the Traefik dashboard with auth) via Traefik using PathPrefix rules and StripPrefix middlewares, so when I want to access a specific service I just have to browse a URL like this :

https://docker_host_fqdn/service_name/

Now, I installed AWX and I'm trying to access via Traefik.

I added the same set of labels than for the other services on my awx-web container :

  web:
    image: ansible/awx:17.1.0
    container_name: awx_web
    depends_on:
      - redis
      - postgres 
    ports: 
      - "8095:8052" 
    hostname: awxweb 
    user: root 
    restart: unless-stopped 
    volumes: 
      - supervisor-socket:/var/run/supervisor 
      - rsyslog-socket:/var/run/awx-rsyslog/ 
      - rsyslog-config:/var/lib/awx/rsyslog/ 
      - "/var/lib/docker/volumes/awx-compose/_data/SECRET_KEY:/etc/tower/SECRET_KEY" 
      - "/var/lib/docker/volumes/awx-compose/_data/environment.sh:/etc/tower/conf.d/environment.sh" 
      - "/var/lib/docker/volumes/awx-compose/_data/credentials.py:/etc/tower/conf.d/credentials.py" 
      - "/var/lib/docker/volumes/awx-compose/_data/nginx.conf:/etc/nginx/nginx.conf:ro" 
      - "/var/lib/docker/volumes/awx-compose/_data/redis_socket:/var/run/redis/:rw" 
    environment: 
      http_proxy: http://proxy_hostname:3128 
      https_proxy: http://proxy_hostname:3128 
      no_proxy: mycorp.com,127.0.0.1,localhost
    labels:
      - "traefik.http.middlewares.awx-web-prefix.stripprefix.prefixes=/awx"
      - "traefik.http.routers.web-awx.middlewares=awx-web-prefix"
      - "traefik.http.routers.web-awx.rule=PathPrefix(`/awx`)"
      - "traefik.http.routers.web-awx.tls=true"
      - "traefik.http.services.web-awx.loadbalancer.server.port=8052"

But when I try to access AWX through https://docker_hostname/awx/, it returns a blank page. (The app is working fine when I bypass Traefik and access it through the port published in Docker).

In awx_web container nginx logs, when I access the app directly I can see :

[pid: 86|app: 0|req: 1/3] 192.168.112.1 () {44 vars in 2208 bytes} [Thu May 27 08:50:43 2021] GET / => generated 1082 bytes in 243 msecs (HTTP/1.1 200) 5 headers in 168 bytes (1 switches on core 0),
192.168.112.1 - - [27/May/2021:08:50:43 +0000] "GET / HTTP/1.1" 200 1082 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
192.168.112.1 - - [27/May/2021:08:50:44 +0000] "GET /static/js/runtime-main.a1234c1a.js HTTP/1.1" 200 1555 "http://localhost:8095/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
192.168.112.1 - - [27/May/2021:08:50:44 +0000] "GET /static/css/2.36e6711a.chunk.css HTTP/1.1" 200 616405 "http://localhost:8095/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
192.168.112.1 - - [27/May/2021:08:50:44 +0000] "GET /static/js/2.e931213d.chunk.js HTTP/1.1" 200 1669733 "http://localhost:8095/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
192.168.112.1 - - [27/May/2021:08:50:44 +0000] "GET /static/js/main.2e0227e2.chunk.js HTTP/1.1" 200 1338773 "http://localhost:8095/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
192.168.112.1 - - [27/May/2021:08:50:44 +0000] "GET /static/media/RedHatText-Medium.ed5d521b.woff HTTP/1.1" 200 37096 "http://localhost:8095/static/css/2.36e6711a.chunk.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
192.168.112.1 - - [27/May/2021:08:50:44 +0000] "GET /static/media/logo-login.svg HTTP/1.1" 200 5459 "http://localhost:8095/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
192.168.112.1 - - [27/May/2021:08:50:44 +0000] "GET /static/media/RedHatText-Regular.4202115c.woff HTTP/1.1" 200 35980 "http://localhost:8095/static/css/2.36e6711a.chunk.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
192.168.112.1 - - [27/May/2021:08:50:44 +0000] "GET /static/media/pfbg_2000.4f598944.jpg HTTP/1.1" 200 276435 "http://localhost:8095/static/css/2.36e6711a.chunk.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
192.168.112.1 - - [27/May/2021:08:50:44 +0000] "GET /static/media/default.strings.json HTTP/1.1" 200 53 "http://localhost:8095/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
[pid: 82|app: 0|req: 2/4] 192.168.112.1 () {46 vars in 2262 bytes} [Thu May 27 08:50:44 2021] GET /api/ => generated 186 bytes in 247 msecs (HTTP/1.1 200) 11 headers in 398 bytes (1 switches on core 0),
192.168.112.1 - - [27/May/2021:08:50:45 +0000] "GET /api/ HTTP/1.1" 200 186 "http://localhost:8095/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
[pid: 83|app: 0|req: 1/5] 192.168.112.1 () {46 vars in 2278 bytes} [Thu May 27 08:50:44 2021] GET /api/v2/auth/ => generated 2 bytes in 301 msecs (HTTP/1.1 200) 10 headers in 285 bytes (1 switches on core 0),
192.168.112.1 - - [27/May/2021:08:50:45 +0000] "GET /api/v2/auth/ HTTP/1.1" 200 2 "http://localhost:8095/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-",
112.1 - - [27/May/2021:08:50:45 +0000] "GET /static/media/RedHatDisplay-Medium.f656301e.woff HTTP/1.1" 200 36532 "http://localhost:8095/static/css/2.36e6711a.chunk.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "-"

And when I access it through Traefik, I only see :

192.168.112.6 - - [27/May/2021:08:53:18 +0000] "GET / HTTP/1.1" 200 1082 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "192.168.112.1",
[pid: 86|app: 0|req: 2/6] 192.168.112.6 () {58 vars in 1027 bytes} [Thu May 27 08:53:18 2021] GET / => generated 1082 bytes in 21 msecs (HTTP/1.1 200) 5 headers in 168 bytes (1 switches on core 0)

And in traefik access logs :

{"ClientAddr":"192.168.112.1:41918","ClientHost":"192.168.112.1","ClientPort":"41918","ClientUsername":"-","DownstreamContentSize":1082,"DownstreamStatus":200,"Duration":26149535,"OriginContentSize":1082,"OriginDuration":26115397,"OriginStatus":200,"Overhead":34138,"RequestAddr":"dockertest1","RequestContentSize":0,"RequestCount":35130,"RequestHost":"dockertest1","RequestMethod":"GET","RequestPath":"/awx/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"web-awx@docker","ServiceAddr":"192.168.112.4:8052","ServiceName":"web-awx@docker","ServiceURL":{"Scheme":"http","Opaque":"","User":null,"Host":"192.168.112.4:8052","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2021-05-27T09:17:42.702253212Z","StartUTC":"2021-05-27T09:17:42.702253212Z","entryPointName":"websecure","level":"info","msg":"","time":"2021-05-27T09:17:42Z"}

Am I missing something in my config?

I also tried removing the stripPrefix lines but it ends with a 404 not found.

Thanks in advance for your help and kind regards.

Phil

Hello,

Just found this issue on AWX Github : Web UI not working when running AWX behind reverse proxy on a subdomain · Issue #3879 · ansible/awx · GitHub. It seems that AWX doesn't support accessing the WebUI with a PathPrefix like /awx.

As a workaround, I changed the rule from PathPrefix to Host and Path like this :

Host(awx.mydomain.com) || Host(awx.mydomain.com) && Path(/api)

The second part of this rule is used to ensure that requests sent to AWX API don't get routed to Traefik API. That's because I have this rule defined for accessing Traefik dashboard :

(PathPrefix(/api) || PathPrefix(/dashboard)

I added a record in my DNS for the hostname awx.mydomain.com, now I can connect to AWX via Traefik with https://awx.mydomain.com/.

Hope this can help someone else

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.