Straight TCP Passthrough for XMPP

I'm attempting to run a prosody XMPP container. I don't want Traefik to handle TLS and have a process for getting the letsencrypt certs directly for prosody. I'm starting up Traefik with the following command line:

        image: traefik:v2.2
        cmd: |
          --entrypoints.web.address=:80
          --entrypoints.websecure.address=:443
          --entrypoints.web.http.redirections.entryPoint.to=websecure
          --entrypoints.web.http.redirections.entryPoint.scheme=https
          --entrypoints.web.http.redirections.entrypoint.permanent=true
          --entrypoints.matrixfederation.address=:8448
          --entrypoints.prosodyc2s.address=:5222
          --entrypoints.prosodys2s.address=:5269
          --providers.docker
          --providers.docker.constraints=Label(`lb.net`,`services`)
          --providers.docker.network=am-services
          --certificatesresolvers.lec.acme.email=notify@battlepenguin.com
          --certificatesresolvers.lec.acme.storage=/letsencrypt/acme.json
          --certificatesresolvers.lec.acme.tlschallenge=true
          --entryPoints.web.forwardedHeaders.trustedIPs=172.50.0.1/24
          --api=true

and my container has the following labels:

        image: prosody/prosody:0.11
        network:
          - services
          - database
        labels:
          lb.net: services
          # client to server
          traefik.tcp.routers.prosodyc2s.entrypoints: prosodyc2s
          traefik.tcp.routers.prosodyc2s.rule: HostSNI(`*`)
          traefik.tcp.routers.prosodyc2s.tls: "false"
          traefik.tcp.services.prosodyc2s.loadbalancer.server.port: "5222"
          traefik.tcp.routers.prosodyc2s.service: prosodyc2s
          # server to server
          traefik.tcp.routers.prosodys2s.entrypoints: prosodys2s
          traefik.tcp.routers.prosodys2s.rule: HostSNI(`*`)
          traefik.tcp.routers.prosodys2s.tls: "false"
          traefik.tcp.services.prosodys2s.loadbalancer.server.port: "5269"
          traefik.tcp.routers.prosodys2s.service: prosodys2s
          # web
          traefik.http.routers.am-app-xmpp.entrypoints: "websecure"
          traefik.http.routers.am-app-xmpp.rule: "Host(`xmpp.example.com`)"
          traefik.http.routers.am-app-xmpp.tls.certresolver: "lec"
          traefik.http.services.am-app-xmpp.loadbalancer.server.port: "5280"

If I connect directly to the container's IP on the host (e.g. nc 172.19.0.6 5280) I see the connection coming in the prosody logs:

c2s55b40ad42cd0     info	Client connected
c2s55b40ad42cd0     info	Client disconnected: closed

However when I make a connection to Traefik, nothing gets forwarded to prosody. They connection does open, but nothing happens afterwards.
I did attempt using SNI with TLS pass through originally, but discovered from this reddit post that letting Traefik handle TLS for XMPP will fail due to the different ways they handle TLS.
Everything looks correct in the dashboard as far as entrypoints connected to routes connected to my service. What am I missing?

Nevermind, I found my issue. This should have been networks plural

I diagnosed this by doing a docker exec into the container (docker exec -it services_lb /bin/sh) and then running nc 172.19.0.6 5280 from before. That's when I realized traefik couldn't connect to that container and then I noticed the IP address was on the wrong subnet.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.