Hello,
I'm facing a weird issue I didn't have before.
I have a machine that is used for some services I don't run on the machine with traefik.
Therefore I've setup a yaml file in the configuration like this :
http:
routers:
my-router:
rule: "Host(`myURL.tld`)"
service: my-service
entryPoints:
- web
- websecure
tls: true
services:
my-service:
loadbalancer:
servers:
- url: http://192.168.122.222:9317
If I go on the URL, I get a bad gateway error, and I can see a HTTP 502 in the logs.
On the host running traefik, here is what is surprising to me :
root @ R740xd2: /opt/docker/traefik 26 # wget http://192.168.122.222:9317
--2025-02-21 12:45:05-- http://192.168.122.222:9317/
Connecting to 192.168.122.222:9317... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1832 (1.8K) [text/html]
Saving to: ‘index.html’
index.html 100%[=====================================================>] 1.79K --.-KB/s in 0s
2025-02-21 12:45:05 (117 MB/s) - ‘index.html’ saved [1832/1832]
root @ R740xd2: /opt/docker/traefik 27 # head -n 5 index.html
<!DOCTYPE html>
<html lang="C">
<head>
<meta charset="UTF-8" />
But when I try from the container :
root @ R740xd2: /opt/docker/traefik 28 # docker exec -it traefik wget http://192.168.122.222:9317
Connecting to 192.168.122.222:9317 (192.168.122.222:9317)
wget: can't connect to remote host (192.168.122.222): Connection refused
exit status 1
So I'm guessing than somehow, the masquerading or something else is broken, but I can't figure out what.
My docker config for traefik has nothing specific :
services:
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
networks:
- traefik
# Enables the web UI and tells Traefik to listen to docker
ports:
# The HTTP port
- "80:80"
# The Web UI (enabled by --api.insecure=true)
- "443:443"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/letsencrypt:/etc/letsencrypt:ro
- /opt/docker/traefik/config/:/etc/traefik:ro
- /opt/docker/traefik/logs:/var/log/
- ./IP2LOCATION-LITE-DB1.IPV6.BIN:/plugins-local/src/github.com/nscuro/traefik-plugin-geoblock/IP2LOCATION-LITE-DB1.IPV6.BIN
logrotate:
image: vegardit/traefik-logrotate:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock:rw # required to send USR1 signal to Traefik after log rotation
- /opt/docker/traefik/logs:/var/log/traefik:rw # folder containing access.log file
environment:
TZ: "Europe/Paris"
# all environment variables are optional and show the default values:
LOGROTATE_LOGS: "/var/log/traefik/*.log" # log files to rotate, directory must match volume mount
LOGROTATE_TRIGGER_INTERVAL: daily # rotate daily, must be one of: daily, weekly, monthly, yearly
LOGROTATE_TRIGGER_SIZE: 50M # rotate if log file size reaches 50MB
LOGROTATE_MAX_BACKUPS: 14 # keep 14 backup copies per rotated log file
LOGROTATE_START_INDEX: 1 # first rotated file is called access.1.log
LOGROTATE_FILE_MODE: 0644 # file mode of the rotated file
LOGROTATE_FILE_USER: root # owning user of the rotated file
LOGROTATE_FILE_GROUP: root # owning group of the rotated file
CRON_SCHEDULE: "* * * * *"
CRON_LOG_LEVEL: 8 # see https://unix.stackexchange.com/a/414010/378036
# command to determine the id of the container running Traefik:
TRAEFIK_CONTAINER_ID_COMMAND: docker ps --no-trunc --quiet --filter label=org.opencontainers.image.title=Traefik
deploy:
restart_policy:
condition: on-failure
delay: 5s
networks:
traefik:
external: true