Tcp mariadb with file provider does not work (no docker)

Problem with traefik:v2.4 and traefik:v2.5:

  • cannot connect to mariadb over tcp without tls
  • transport endpoint is not connected

Static conf

entryPoints:
  stackdb:
    address: ':63001'
    proxyProtocol:
      insecure: true

Dynamic conf

tcp:
  routers:
    stackdb:
      rule: "HostSNI(`*`)"
      service: stackdb
      entryPoints:
        - stackdb

  services:
    stackdb:
      loadBalancer:
        servers:
          - address: "192.168.54.112:3306"
[mariadb]
bind_address = 0.0.0.0
proxy-protocol-networks = *
MariaDB [(none)]> SHOW GRANTS FOR 'dizbi'@'%';
+------------------------------------------------------------------------------------------------------+
| Grants for dizbi@%                                                                                   |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `dizbi`@`%` IDENTIFIED BY PASSWORD '*2507C83A880C4CB12C16D3DD57E5A28F08717081' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `dizbi`.* TO `dizbi`@`%`                                     |
+------------------------------------------------------------------------------------------------------+

Try to connect

mysql --host 192.168.54.108 --port 63001 --user dizbi --verbose -p --connect-timeout 3
Enter password: 
ERROR 2013 (HY000): Lost connection to MySQL server at 'handshake: reading initial communication packet', system error: 110

Or just telnet

telnet 192.168.54.108 63001
Trying 192.168.54.108...
Connected to 192.168.54.108.
Escape character is '^]'.
bye
m
5.5.5-10.6.4-MariaDB-1:10.6.4+maria~focalpegVW4:h{��`SmLs|8?tJTIOmysql_native_passwordConnection closed by foreign host.

Traefik logs

time="2021-08-10T11:35:37Z" level=debug msg="No default certificate, generating one"
time="2021-08-10T11:35:37Z" level=debug msg="Creating TCP server 0 at 192.168.54.112:3306" entryPointName=stackdb routerName=stackdb@file serviceName=stackdb serverName=0
time="2021-08-10T11:35:37Z" level=debug msg="Adding route * on TCP" entryPointName=stackdb routerName=stackdb@file

time="2021-08-10T11:35:37Z" level=debug msg="No default certificate, generating one"
time="2021-08-10T11:35:37Z" level=debug msg="Creating TCP server 0 at 192.168.54.112:3306" serviceName=stackdb serverName=0 entryPointName=stackdb routerName=stackdb@file
time="2021-08-10T11:35:37Z" level=debug msg="Adding route * on TCP" entryPointName=stackdb routerName=stackdb@file
time="2021-08-10T11:35:49Z" level=debug msg="Handling connection from 192.168.54.22:37120"
time="2021-08-10T11:35:49Z" level=error msg="Error during connection: read tcp 192.168.54.108:36008->192.168.54.112:3306: read: connection reset by peer"
time="2021-08-10T11:35:49Z" level=debug msg="Error while terminating connection: close tcp 192.168.54.108:36008->192.168.54.112:3306: shutdown: transport endpoint is not connected"
time="2021-08-10T11:36:01Z" level=debug msg="Handling connection from 192.168.54.22:37126"

I cannot replicate this exactly.

But it is likely that you are setting the proxy protocol in the wrong point.

Setting it in the entrypoint is for if traefik is receiving a proxyprotocol connection.

You will want to be setting it in the server definition:

  services:
    stackdb:
      loadBalancer:
        proxyProtocol:
          version: 2
        servers:
          - address: "192.168.54.112:3306"

Tried your suggestion - did not make a difference.
I am not sure that proxyprotocol is even needed.
It must be something on mariadb-client then if not on Traefik side. Not sure what!?

mariadb journal has this warning

Aug 10 15:49:36 repo-db mariadbd[23428]: 2021-08-10 15:49:36 31 [Warning] Aborted connection 31 to db: 'unconnected' user: 'unauthenticated' host: '192.168.54.22' (This connection closed normally without authentication)

How can I confirm that Traefik does in fact work and sends auth data to mariadb?
Logs only have this one line when I make a request...

time="2021-08-10T15:49:36Z" level=debug msg="Handling connection from 192.168.54.22:44534"

Btw. plain tcp nat rule on mikrotik works OK when connecting to the same mariadb vps.

Ok, here is my working example.
I just started again from scratch with minimal settings.

├── config
│   └── stackdb.yml
├── docker-compose.yml
├── logs
│   ├── access.log
│   └── log.log
└── traefik.yml
## traefik.yml
api:
  dashboard: true
  insecure: true
log:
  level: DEBUG
  filePath: /logs/log.log
accessLog:
  filePath: /logs/access.log
providers:
  file:
    directory: /traefik-dynamic
    watch: true
entryPoints:
  stackdb:
    address: ':63003'
## docker-compose.yml
version: "3"
services:
  traefik:
    container_name: traefik-mariadb
    image: traefik:v2.5
    ports:
      - 8080:8080
      - 63003:63003 
    volumes:
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./config/:/traefik-dynamic/:ro
      - ./logs/:/logs/
## config/stackdb.yml
tcp:
  routers:
    stackdb:
      rule: "HostSNI(`*`)"
      service: stackdb
      entryPoints:
        - stackdb

  services:
    stackdb:
      loadBalancer:
        servers:
          - address: "192.168.54.112:3306"

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.