Subdomain not connected to traefik

Traefik Traefik v2
1

Hi everyone
New to traefik

I have setup a cname DNS record on cloudflare for the subdoman traefik.williamwoldum.dev in hopes of reaching my traefik dashboard here.

I use labels to generate wildcard certificates for williamwoldum.dev and *.williamwoldum.dev and everything seems to be working fine. Yet if i try to access traefik.williamwoldum.dev i get a connection timeout. Not even the debug logs outputs anything. It seems that there is no link at all between traefik.williamwoldum.dev and the traefik dashboard. I am not running any other docker containers.

This is the cloudflare setup:

image
image1260×143 18.1 KB

File structure:

traefik
├── data
│   ├── acme.json
│   └── traefik.yml
└── docker-compose.yml

This is the traefik docker-compose file:

version: '3'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=mymail@gmail.com
      - CF_API_KEY=abcdefg
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /home/pi/traefik/data/traefik.yml:/traefik.yml:ro
      - /home/pi/traefik/data/acme.json:/acme.json
      - /home/pi/traefik/data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.williamwoldum.dev`)"

      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:asdasdasdasdasdasd"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"

      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.williamwoldum.dev`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=williamwoldum.dev"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.williamwoldum.dev"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

This is the traefic.yml file:

accessLog: {}
log:
  level: DEBUG
api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: mymail@gmail.com
      storage: /acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

For good measure here are the logs on container startup:

pi@raspberrypi:~/traefik $ docker-compose up
Recreating traefik ... done
Attaching to traefik
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="Configuration loaded from file: /traefik.yml"
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="Traefik version 2.9.6 built on 2022-12-07T14:17:58Z"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"https\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483646}}},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"},\"file\":{\"watch\":true,\"filename\":\"/config.yml\"}},\"api\":{\"dashboard\":true,\"debug\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"cloudflare\":{\"acme\":{\"email\":\"mymail@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"dnsChallenge\":{\"provider\":\"cloudflare\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]}}}}}"
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="Starting TCP Server" entryPointName=https
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="Starting provider *file.Provider"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="*file.Provider provider configuration: {\"watch\":true,\"filename\":\"/config.yml\"}"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="Starting TCP Server" entryPointName=http
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="Starting provider *traefik.Provider"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="*traefik.Provider provider configuration: {}"
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="Starting provider *acme.Provider"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="*acme.Provider provider configuration: {\"email\":\"mymail@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"dnsChallenge\":{\"provider\":\"cloudflare\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]},\"ResolverName\":\"cloudflare\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="Testing certificate renew..." providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
traefik    | time="2023-01-13T15:22:04+01:00" level=info msg="Starting provider *docker.Provider"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"http-to-https\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"redirect-http-to-https\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483646}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"redirect-http-to-https\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}},\"serversTransports\":{\"default\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=cloudflare.acme
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="Provider connection established with docker 20.10.22 (API 1.41)" providerName=docker
traefik    | time="2023-01-13T15:22:04+01:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"traefik\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"traefik-https-redirect\"],\"service\":\"traefik-traefik\",\"rule\":\"Host(`traefik.williamwoldum.dev`)\"},\"traefik-secure\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"traefik-auth\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.williamwoldum.dev`)\",\"tls\":{\"certResolver\":\"cloudflare\",\"domains\":[{\"main\":\"williamwoldum.dev\",\"sans\":[\"*.williamwoldum.dev\"]}]}}},\"services\":{\"traefik-traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.23.0.2:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"sslheader\":{\"headers\":{\"customRequestHeaders\":{\"X-Forwarded-Proto\":\"https\"}}},\"traefik-auth\":{\"basicAuth\":{\"users\":[\"admin:abcdefg\"]}},\"traefik-https-redirect\":{\"redirectScheme\":{\"scheme\":\"https\"}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
traefik    | time="2023-01-13T15:22:16+01:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
traefik    | time="2023-01-13T15:22:16+01:00" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=http routerName=http-to-https@internal middlewareName=tracing middlewareType=TracingForwarder
traefik    | time="2023-01-13T15:22:16+01:00" level=debug msg="Creating middleware" middlewareType=RedirectScheme routerName=http-to-https@internal entryPointName=http middlewareName=redirect-http-to-https@internal
traefik    | time="2023-01-13T15:22:16+01:00" level=debug msg="Setting up redirection to https 443" routerName=http-to-https@internal entryPointName=http middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme
traefik    | time="2023-01-13T15:22:16+01:00" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal
traefik    | time="2023-01-13T15:22:16+01:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery entryPointName=http middlewareType=Recovery
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Creating middleware" entryPointName=http routerName=traefik@docker serviceName=traefik-traefik middlewareName=pipelining middlewareType=Pipelining
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Creating load-balancer" serviceName=traefik-traefik entryPointName=http routerName=traefik@docker
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Creating server 0 http://172.23.0.2:80" routerName=traefik@docker serviceName=traefik-traefik serverName=0 entryPointName=http
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="child http://172.23.0.2:80 now UP"
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Propagating new UP status"
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Added outgoing tracing middleware traefik-traefik" middlewareName=tracing middlewareType=TracingForwarder entryPointName=http routerName=traefik@docker
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Creating middleware" middlewareType=RedirectScheme middlewareName=traefik-https-redirect@docker entryPointName=http routerName=traefik@docker
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Setting up redirection to https " entryPointName=http routerName=traefik@docker middlewareType=RedirectScheme middlewareName=traefik-https-redirect@docker
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Adding tracing to middleware" routerName=traefik@docker middlewareName=traefik-https-redirect@docker entryPointName=http
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=http routerName=http-to-https@internal middlewareName=tracing middlewareType=TracingForwarder
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Creating middleware" middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme entryPointName=http routerName=http-to-https@internal
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Adding tracing to middleware" entryPointName=http middlewareName=redirect-http-to-https@internal routerName=http-to-https@internal
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=http
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=https routerName=traefik-secure@docker middlewareName=tracing middlewareType=TracingForwarder
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Creating middleware" routerName=traefik-secure@docker middlewareName=traefik-auth@docker middlewareType=BasicAuth entryPointName=https
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Adding tracing to middleware" entryPointName=https routerName=traefik-secure@docker middlewareName=traefik-auth@docker
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=https middlewareName=traefik-internal-recovery
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Adding route for traefik.williamwoldum.dev with TLS options default" entryPointName=https
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"williamwoldum.dev\" \"*.williamwoldum.dev\"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Domains [\"williamwoldum.dev\" \"*.williamwoldum.dev\"] need ACME certificates generation for domains \"williamwoldum.dev,*.williamwoldum.dev\"." providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
traefik    | time="2023-01-13T15:22:24+01:00" level=debug msg="Loading ACME certificates [williamwoldum.dev *.williamwoldum.dev]..." providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
traefik    | time="2023-01-13T15:25:08+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
traefik    | time="2023-01-13T15:25:08+01:00" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
traefik    | time="2023-01-13T15:25:09+01:00" level=info msg=Register... providerName=cloudflare.acme
traefik    | time="2023-01-13T15:25:09+01:00" level=debug msg="legolog: [INFO] acme: Registering account for mymail@gmail.com"
traefik    | time="2023-01-13T15:25:10+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
traefik    | time="2023-01-13T15:25:10+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev, *.williamwoldum.dev] acme: Obtaining bundled SAN certificate"
traefik    | time="2023-01-13T15:25:13+01:00" level=debug msg="legolog: [INFO] [*.williamwoldum.dev] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1....197"
traefik    | time="2023-01-13T15:25:13+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1....207"
traefik    | time="2023-01-13T15:25:13+01:00" level=debug msg="legolog: [INFO] [*.williamwoldum.dev] acme: use dns-01 solver"
traefik    | time="2023-01-13T15:25:13+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] acme: Could not find solver for: tls-alpn-01"
traefik    | time="2023-01-13T15:25:13+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] acme: Could not find solver for: http-01"
traefik    | time="2023-01-13T15:25:13+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] acme: use dns-01 solver"
traefik    | time="2023-01-13T15:25:13+01:00" level=debug msg="legolog: [INFO] [*.williamwoldum.dev] acme: Preparing to solve DNS-01"
traefik    | time="2023-01-13T15:25:15+01:00" level=debug msg="legolog: [INFO] cloudflare: new record for williamwoldum.dev, ID 1....e"
traefik    | time="2023-01-13T15:25:15+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] acme: Preparing to solve DNS-01"
traefik    | time="2023-01-13T15:25:16+01:00" level=debug msg="legolog: [INFO] cloudflare: new record for williamwoldum.dev, ID e.....8"
traefik    | time="2023-01-13T15:25:16+01:00" level=debug msg="legolog: [INFO] [*.williamwoldum.dev] acme: Trying to solve DNS-01"
traefik    | time="2023-01-13T15:25:16+01:00" level=debug msg="legolog: [INFO] [*.williamwoldum.dev] acme: Checking DNS record propagation using [1.1.1.1:53 1.0.0.1:53]"
traefik    | time="2023-01-13T15:25:18+01:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]"
traefik    | time="2023-01-13T15:25:18+01:00" level=debug msg="legolog: [INFO] [*.williamwoldum.dev] acme: Waiting for DNS record propagation."
traefik    | time="2023-01-13T15:25:23+01:00" level=debug msg="legolog: [INFO] [*.williamwoldum.dev] The server validated our request"
traefik    | time="2023-01-13T15:25:23+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] acme: Trying to solve DNS-01"
traefik    | time="2023-01-13T15:25:23+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] acme: Checking DNS record propagation using [1.1.1.1:53 1.0.0.1:53]"
traefik    | time="2023-01-13T15:25:25+01:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]"
traefik    | time="2023-01-13T15:25:27+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] The server validated our request"
traefik    | time="2023-01-13T15:25:27+01:00" level=debug msg="legolog: [INFO] [*.williamwoldum.dev] acme: Cleaning DNS-01 challenge"
traefik    | time="2023-01-13T15:25:28+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] acme: Cleaning DNS-01 challenge"
traefik    | time="2023-01-13T15:25:29+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev, *.williamwoldum.dev] acme: Validations succeeded; requesting certificates"
traefik    | time="2023-01-13T15:28:27+01:00" level=debug msg="legolog: [INFO] [williamwoldum.dev] Server responded with a certificate."
traefik    | time="2023-01-13T15:28:27+01:00" level=debug msg="Certificates obtained for domains [williamwoldum.dev *.williamwoldum.dev]" providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
traefik    | time="2023-01-13T15:28:27+01:00" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=cloudflare.acme
traefik    | time="2023-01-13T15:28:27+01:00" level=debug msg="Adding certificate for domain(s) *.williamwoldum.dev,williamwoldum.dev"
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Added outgoing tracing middleware noop@internal" routerName=http-to-https@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Creating middleware" middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme entryPointName=http routerName=http-to-https@internal
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Setting up redirection to https 443" routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme entryPointName=http
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=http routerName=traefik@docker serviceName=traefik-traefik middlewareName=pipelining
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=traefik@docker serviceName=traefik-traefik
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Creating server 0 http://172.23.0.2:80" routerName=traefik@docker serverName=0 serviceName=traefik-traefik entryPointName=http
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="child http://172.23.0.2:80 now UP"
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Propagating new UP status"
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Added outgoing tracing middleware traefik-traefik" middlewareName=tracing middlewareType=TracingForwarder entryPointName=http routerName=traefik@docker
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Creating middleware" routerName=traefik@docker middlewareName=traefik-https-redirect@docker middlewareType=RedirectScheme entryPointName=http
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Setting up redirection to https " middlewareName=traefik-https-redirect@docker middlewareType=RedirectScheme entryPointName=http routerName=traefik@docker
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Adding tracing to middleware" routerName=traefik@docker entryPointName=http middlewareName=traefik-https-redirect@docker
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Added outgoing tracing middleware api@internal" routerName=traefik-secure@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=https
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Creating middleware" routerName=traefik-secure@docker middlewareName=traefik-auth@docker middlewareType=BasicAuth entryPointName=https
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Adding tracing to middleware" middlewareName=traefik-auth@docker entryPointName=https routerName=traefik-secure@docker
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=https
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Adding route for traefik.williamwoldum.dev with TLS options default" entryPointName=https
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"williamwoldum.dev\" \"*.williamwoldum.dev\"]..." providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
traefik    | time="2023-01-13T15:28:52+01:00" level=debug msg="No ACME certificate generation required for domains [\"williamwoldum.dev\" \"*.williamwoldum.dev\"]." providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"

Thanks in advance

2

Enable Traefik access log to see if any requests arrive at Traefik. Cloudflare states "proxied", so it seems it's not only DNS but forwarding the requests. What's the target configured for forwarding requests?

1 Like
3

I recommend to set an absolute path (/acme.json) to ensure it's written to the mounted folder

1 Like
4

Thanks for the replies @bluepuma77.
I have enabled the access logs and added the absolute storage path. I've changed the provided yml files above accordingly. Also, I have added all logs from when I launched the container with a clean acme.json file.

The "proxied" toggle is enabled to hide my public IP. It should forward any request to the domain onto my public IP, which is the one covered with a red marker in the picture.

I have tested with this toggle disabled ("DNS only") and the issue still persists.

In an earlier setup using a local domain in the host rule instead, I remember seeing logs about successful TCP connections. However when I request traefik.williamwoldum.dev i just get 522 error code and no outputs in the logs, even with access logs explicitly enabled.

I hope the added logs can bring some insight.
It seems to me that the certificate generation is working

5

Then maybe Cloudflare has an issue connecting to your Traefik. Check what their docs tell you about your reverse proxy, how it should be TLS secured.

Potentially create a second subdomain where you enter your direct server IP into DNS to test if that works, no Cloudflare proxying.

.rule=Host(`traefik.williamwoldum.dev`) || Host(`direct.traefik.williamwoldum.dev`)