I don't understand what you mean with speed limits.
Traefik LetsEncrypt will create new certificates and save those in the acme.json. If the file is correctly configured in Traefik and placed in a correctly mounted folder, Traefik will not try to recreate certificates after a container restart.
I get the following error and the certificate is missing from the site.
{"entryPointName":"websecure","level":"warning","msg":"No domain found in rule PathPrefix(`/`), the TLS options applied for this router will depend on the SNI of each request","routerName":"websecure-matchlast@docker","time":"2022-11-19T16:17:35Z"}
{"entryPointName":"websecure","level":"warning","msg":"No domain found in rule HostRegexp(`{name:^www\\..*}`), the TLS options applied for this router will depend on the SNI of each request","routerName":"websecure-unmatchedwww@docker","time":"2022-11-19T16:17:35Z"}
{"ACME CA":"https://acme-v02.api.letsencrypt.org/directory","error":"unable to generate a certificate for the domains [nomeadominio.com www.nomeadominio.com]: error: one or more domains had a problem:\n[nomeadominio.com] acme: error: 400 :: urn:ietf:params:acme:error:tls :: ---------------------------------------: remote error: tls: internal error\n[www.nomeadominio.com] acme: error: 400 :: urn:ietf:params:acme:error:tls :: ---------------------------------------: remote error: tls: internal error\n","level":"error","msg":"Unable to obtain ACME certificate for domains \"nomeadominio.com,www.nomeadominio.com\"","providerName":"leresolver.acme","routerName":"websecure-tomcat-java@docker","rule":"Host(`www.nomeadominio.com`)","time":"2022-11-19T16:17:35Z"}
Of course, it can’t work with LetsEncrypt. They require a public domain name and that is validated. You can’t get a LE certificate for localhost.
I am working on a real server and an existing domain. The strange thing is that it worked in the past.
I have a server at Amazon AWS and two active domains. The first domain is on Freenom (something.ml), the second domain is on Ionos (something.com). This morning I deleted everything from the Amazon server and reloaded the project. I'll tell you what happened:
too many certificates (5) already issued for this exact set of domains in the last 168 hours
(On something.com I never got a certificate!)
(On the project I'm testing I have 5 subdomains. Is that too many?)
traefik.http.routers.dashboard.rule: Host(`www.proxy.${NOME_A_DOMINIO}`)
traefik.http.routers.dashboard.rule: Host(`www.proxy.${NOME_A_DOMINIO}`) || Host(`proxy.${NOME_A_DOMINIO}`)
docker compose up -d --force-recreate
This Traefik has 2 bugs:
The certificate is missing on traefik.something.extension. After entering the credentials, the certificate appears but before it is absent, as described in the first post.
You don't get the certificate after all volumes and containers are created (there is some malfunction). This is not a real problem, after a few minutes it resolves itself. This is just a malfunction.
This proxy has bugs. I'm sorry that the Traefik Team is not interested in this discussion but I am convinced that if they read my code they will find a new bug for Traefik.
This code doesn't work, it has a bug, sorry to say this but it's the truth. Try opening a domain on Freenom, it's free. You will see with your own eyes what I write.
LetsEncrypt has API usage limits, like create 5 certificates for a domain (or exact set of domains) within 168 hours.
You need to make sure that your persistently store the acme.json file to not create a new cert on every Traefik container re-create.
I'll try again with the .com domain in a week. The remaining problem is the one described in the first post. I tried to update Traefik version (v.2.9.5). The bug persists.
I also noticed that the acme.json file is empty. Is the following code correct with Traefik 2.9.5?
- ./volumes/data-letsencrypt/:/letsencrypt
If I save the acme.json file on my PC and replace it with the one on the server when I exceed the limits, do I solve it?
If you have a valid acme.json, you can copy it around and have Traefik use it. Be aware the LE certificates expire after around 90 days.
In general you can not use LetsEncrypt with localhost. LE will try to verify your domain name and the IP, and of course it can't reach your localhost to do that.
Here is a workin example docker-compose.yml with Traefik, dashboard, LetsEncrypt, LE certs stored on host, http->https and www redirect - and a service:
#docker-compose.yml
version: '3.9'
services:
traefik:
image: traefik:v2.9
ports:
- published: 80
target: 80
protocol: tcp
mode: host
- published: 443
target: 443
protocol: tcp
mode: host
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/traefik-certificates:/traefik-certificates
command:
--providers.docker=true
--providers.docker.network=proxy
--providers.docker.exposedByDefault=false
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entryPoint.to=websecure
--entryPoints.web.http.redirections.entryPoint.scheme=https
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls=true
--api.debug=true
--api.dashboard=true
--log.level=DEBUG
--accesslog=true
--certificatesResolvers.myresolver.acme.email=mail@example.com
--certificatesResolvers.myresolver.acme.tlschallenge=true
--certificatesResolvers.myresolver.acme.storage=/traefik-certificates/acme.json
labels:
- traefik.enable=true
- traefik.http.routers.mydashboard.entrypoints=websecure
- traefik.http.routers.mydashboard.rule=Host(`traefik.example.com`) || Host(`www.traefik.example.com`)
- traefik.http.routers.mydashboard.tls.certresolver=myresolver
- traefik.http.routers.mydashboard.service=api@internal
- traefik.http.routers.mydashboard.middlewares=myauth,mywwwremove
- traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/
- traefik.http.middlewares.mywwwremove.redirectregex.regex=^https://www\.(.*)
- traefik.http.middlewares.mywwwremove.redirectregex.replacement=https://$${1}
- traefik.http.services.dummy-svc.loadbalancer.server.port=9999
whoami:
image: traefik/whoami:v1.8
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.mywhoami.entrypoints=websecure
- traefik.http.routers.mywhoami.rule=Host(`example.com`) || Host(`www.example.com`)
- traefik.http.routers.mywhoami.tls.certresolver=myresolver
- traefik.http.routers.mywhoami.middlewares=mywwwremove
- traefik.http.services.mywhoami.loadbalancer.server.port=80
networks:
proxy:
name: proxy
driver: overlay
attachable: true
example.com, www.example.com )docker compose will automatically create the network if not in Swarm modeI tried your code and it works the same as mine:
Now do you believe me when I tell you that Traefik has a bug?
I also answer your question regarding the network. Yes, you need to create the proxy network.
I am sorry that the Traefik team is not interested in my question. It is a thread dated October 17, 2022 with 222 visits and 28 replies. Seems like superficial behavior to me. On the site I can't even find an email to write to the Traefik team.
I also noticed that after running your code it takes some time for the browser to find the certificate. I don't understand why this happens but it's absolutely not a problem to wait a few minutes.
Thanks
Try latest image: traefik:v2.9.6.
I just tested it again, it works for me. If you don't get a LetsEncrypt certificate, than you need to check your Traefik logs for errors. Make sure your DNS ist set for the right (sub-)domains and IPs.
Try changing example.com and traefik.example.com around between the services to see if it makes a difference.
This is a community forum with community support. If you want to create official tickets with Traefik, then you probably have to buy a support package.
image: traefik:v2.9.6
I tried again now with 2.9.6 and I get the same result.
The fact that the Team is not even contactable is a sign of superficiality.
I saw that Traefik 3 is also there. Are you sure 2.9.6 is the latest?
My dns is set up correctly:
'' A 3600 ip-server
www A 3600 ip-server
traefik A 3600 ip-server
www.traefik A 3600 ip-server
Can you show me your domain that the script works on?
Can you tell me which dns you use? I use freenom.
Can you tell me which cloud you use? I use Amazon AWS.
Can you show me your dns configuration?
I am using exactly your code. I just can't figure out how it can work on your server and not work on mine. Please use the exact code you posted and try again.
Hi @Milano2022,
you have to recognize that I am just an average Traefik user. I probably spend 1h of my free time with your issue, not being paid. If it does not work, it seems I can not help you.
You seem very demanding, why don't you check things yourself, like the latest release (Github, Docker). And without providing full config and debug logs (grep for error), everyone else who might want to support you is navigating blindly.
Here is my latest docker-compose.yml, I use tlschallenge, moved resolver-assignment to entrypoint (reduces labels) and place acme.json in a Docker volume. The existing network proxy is overlay. This works for me on a plain Docker node, not Swarm member. The only things I replaced was email and domains.
version: '3.9'
services:
traefik:
image: traefik:v2.9.6
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-certificates:/certificates
command:
--providers.docker=true
--providers.docker.exposedByDefault=false
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entryPoint.to=websecure
--entryPoints.web.http.redirections.entryPoint.scheme=https
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls=true
--entryPoints.websecure.http.tls.certResolver=myresolver
--api.debug=true
--api.dashboard=true
--log.level=DEBUG
--accesslog=true
--certificatesResolvers.myresolver.acme.email=mail@example.com
--certificatesResolvers.myresolver.acme.storage=/certificates/acme.json
--certificatesresolvers.myresolver.acme.tlschallenge=true
labels:
- traefik.enable=true
- traefik.http.routers.api.entrypoints=websecure
- traefik.http.routers.api.rule=Host(`traefik.example.com`)
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=auth
- 'traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/'
whoami:
image: traefik/whoami:v1.8
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.whoami.entrypoints=websecure
- traefik.http.routers.whoami.rule=Host(`whoami.example.com`)
- traefik.http.services.whoami.loadbalancer.server.port=80
whoami2:
image: traefik/whoami:v1.8
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.whoami2.entrypoints=websecure
- traefik.http.routers.whoami2.rule=Host(`example2.com`) || Host(`whoami.example2.com`)
- traefik.http.services.whoami2.loadbalancer.server.port=80
networks:
proxy:
name: proxy
external: true
volumes:
traefik-certificates:
PS: It takes some seconds for Traefik to generate a new LE cert, so if you are quick enough after startup you might see at least an error about a wrong certificate in your browser.
You are right, sorry for my dislike but I am exasperated with this issue.
I tested your second code and I keep seeing the same problem.
1 - Before entering the credentials, the connection is not secure;
2 - After I have entered the credentials, the connection becomes secure.
I don't think the code you sent me on your server works.
In my opinion, you too have the same problem or you are using a different code than the one you insert in this post.
Can you provide me your URL so I can try your proxy control panel?
1 - Server features
docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.9.1-docker)
compose: Docker Compose (Docker Inc., v2.12.2)
scan: Docker Scan (Docker Inc., v0.21.0)
Server:
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 2
Server Version: 20.10.21
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: active
NodeID: vyrqu3lgn68vvuuy62tadrl2h
Is Manager: true
ClusterID: uq28qbgtomc1ekrqhdiud4giq
Managers: 1
Nodes: 1
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 172.31.93.187
Manager Addresses:
172.31.93.187:2377
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: a05d175400b1145e5e6a735a6710579d181e7fb0
runc version: v1.1.4-0-g5fd4c4d
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 5.15.0-1023-aws
Operating System: Ubuntu 22.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.926GiB
Name: ip-172-31-93-187
ID: LZQ7:JFU4:YTJK:LV4U:TKDI:SQLE:O25P:JQP7:QMRF:DIKO:OFGK:D5AH
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
2 - Docker releases
docker version
Client: Docker Engine - Community
Version: 20.10.21
API version: 1.41
Go version: go1.18.7
Git commit: baeda1f
Built: Tue Oct 25 18:01:58 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.21
API version: 1.41 (minimum version 1.12)
Go version: go1.18.7
Git commit: 3056208
Built: Tue Oct 25 17:59:49 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.12
GitCommit: a05d175400b1145e5e6a735a6710579d181e7fb0
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
3 - I don't use Github
4 - Log
time="2022-12-10T19:54:12Z" level=debug msg="Authentication failed" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:20Z" level=debug msg="Serving default certificate for request: \"traefik.-----.cf\""
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:21Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:27Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:27Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:27Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:28Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:28Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:28Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:28Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:29Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
time="2022-12-10T19:54:29Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:29Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:30Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:32Z" level=debug msg="Authentication succeeded" middlewareName=auth@docker middlewareType=BasicAuth
time="2022-12-10T19:54:37Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=auth@docker
5 - Certificate
{
"myresolver": {
"Account": {
"Email": "mail@federicogalimberti.tk",
"Registration": {
"body": {
"status": "valid",
"contact": [
"mailto:mail@federicogalimberti.tk"
]
},
"uri": "https://acme-v02.api.letsencrypt.org/acme/acct/865339287"
},
"PrivateKey": "...",
"KeyType": "4096"
},
"Certificates": [
{
"domain": {
"main": "traefik.federicogalimberti.tk"
},
"certificate": "...",
"key": "...",
"Store": "default"
},
{
"domain": {
"main": "federicogalimberti.tk"
},
"certificate": "...",
"key": "...",
"Store": "default"
}
]
}
}
6 - The code I use to launch the project
version: '3.9'
services:
traefik:
image: traefik:v2.9.6
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./volumes/data-letsencrypt/:/certificates
- ./volumes/data-log/:/data-log
command:
--providers.docker=true
--providers.docker.exposedByDefault=false
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entryPoint.to=websecure
--entryPoints.web.http.redirections.entryPoint.scheme=https
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls=true
--entryPoints.websecure.http.tls.certResolver=myresolver
--api.debug=true
--api.dashboard=true
--log.level=DEBUG
--log.filePath=/data-log/traefik.log
--accesslog=true
--certificatesResolvers.myresolver.acme.email=mail@federicogalimberti.tk
--certificatesResolvers.myresolver.acme.storage=/certificates/acme.json
--certificatesresolvers.myresolver.acme.tlschallenge=true
labels:
- traefik.enable=true
- traefik.http.routers.api.entrypoints=websecure
- traefik.http.routers.api.rule=Host(`traefik.federicogalimberti.tk`)
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=auth
- 'traefik.http.middlewares.auth.basicauth.users=test:$$1$$t0sCijNf$$zTvbPuELQC0/wvqNfZ4mc0'
whoami:
image: traefik/whoami:v1.8
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.whoami.entrypoints=websecure
- traefik.http.routers.whoami.rule=Host(`federicogalimberti.tk`)
- traefik.http.services.whoami.loadbalancer.server.port=80
networks:
proxy:
name: proxy
external: true
cd /home/ubuntu/www.federicogalimberti.tk
#
docker swarm leave --force
docker compose down --volumes
docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)
docker volume rm $(docker volume ls -q)
docker container prune -f
docker volume prune -f
docker network prune -f
docker image prune -f
docker system prune -f
docker system prune -a -f
#
docker images
docker container ls
docker volume ls
docker network ls
docker node ls
#
sudo rm -rf /home/ubuntu/www.federicogalimberti.tk/volumes/data-log/*
sudo mkdir -p /home/ubuntu/www.federicogalimberti.tk/volumes/data-log/
sudo echo '{}' > /home/ubuntu/www.federicogalimberti.tk/volumes/data-log/traefik.log
sudo chmod 600 /home/ubuntu/www.federicogalimberti.tk/volumes/data-log/traefik.log
#
sudo rm -rf /home/ubuntu/www.federicogalimberti.tk/volumes/data-letsencrypt/*
sudo mkdir -p /home/ubuntu/www.federicogalimberti.tk/volumes/data-letsencrypt/
sudo echo '{}' > /home/ubuntu/www.federicogalimberti.tk/volumes/data-letsencrypt/acme.json
sudo chmod 600 /home/ubuntu/www.federicogalimberti.tk/volumes/data-letsencrypt/acme.json
#
docker swarm init
docker network create --driver overlay --attachable proxy
docker compose up -d --build
#
docker images
docker container ls
docker volume ls
docker node ls
docker network ls
#
sudo chmod 777 /home/ubuntu/www.federicogalimberti.tk/volumes/data-log/traefik.log
sudo chmod 777 /home/ubuntu/www.federicogalimberti.tk/volumes/data-letsencrypt/acme.json
7 - DNS configuration
8 - Errors on the browser (Use 'test' and 'password' to see.)
Sometimes I shut down the server to save money. If you try now you will find everything turned on.
Here you will find all the information and the complete log file.
Password: dh37254dbhjdi72gf1js7856abdh
Wow, that was probably a lot of work. I understand your distress, been there many times, lost many hairs (much hair?) while wondering why Traefik is not doing what I want 
Think about removing or reducing your last post, you have many domains (personal, cupido), your email and dashboard PW in there.
The log is good. Searching for error show some information.
Browser not happy with served cert, it's a custom Traefik default, no LE yet
time="2022-12-10T19:04:46Z" level=debug msg="Serving default certificate for request: \"traefik.fedxyz.tk\""
time="2022-12-10T19:04:46Z" level=debug msg="http: TLS handshake error from 151.44.42.98:11974: remote error: tls: unknown certificate"
LetsEncrypt certificate acquired for domain
time="2022-12-10T19:05:00Z" level=debug msg="legolog: [INFO] [traefik.fedxyz.tk] Server responded with a certificate."
time="2022-12-10T19:05:00Z" level=debug msg="Certificates obtained for domains [traefik.fedxyz.tk]" routerName=api@docker rule="Host(`traefik.fedxyz.tk`)" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
Later, LetsEncrypt certificate already exists and does not need to be renewed
time="2022-12-10T19:05:02Z" level=debug msg="No ACME certificate generation required for domains [\"traefik.fedxyz.tk\"]." routerName=api@docker rule="Host(`traefik.fedxyz.tk`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
Currently the server is not reachable. That's too bad because I have the browsers' network tab already open and I expect that I do get a forward and then a TLS/SSL connection when calling 'http://traefik.fedxyz.tk'.
I am a bit suspicious if your browser shows you the real thing. It looks so Windows Because in reality we are talking about 3 request/response pairs to get to the dashboard:
http://traefik.fedxyz.tk/dashboard/HTTP/1.1 301 Moved Permanently
Location: https://traefik.fedxyz.tk/dashboard/
https://traefik.fedxyz.tk/dashboard/HTTP/2 401
content-type: text/plain
www-authenticate: Basic realm="traefik"
https://traefik.fedxyz.tk/dashboard/ (with credentials)HTTP/2 200
You can check in the browsers' network tab or on the command line with the curl utility:
curl -v http://traefik.fedxyz.tk/dashboard/
curl -v https://traefik.fedxyz.tk/dashboard/
I reopened the instance. If you try now it works.
I'm glad you understood the problem.
I removed the information relating to sites that are not mine, the rest can remain.
Anyone who clicks on that link and reads that the connection is not secure thinks that the site is not professional or has dangerous links.
This evening I'll try to see with Linux and Apple if I get the same problem. I use Windows.
As expected, http -> https and TLS/SSL are working fine.
I don't have your password, so I did not do step 3.
I never said the redirect was incorrect.
All browsers provide this message:
Your connection to this site is not secure
The site does not have a certificate.
Since the connection is not secure, information (such as passwords or credit cards) will not be sent securely to this site and could be intercepted or viewed by others.
Basically the https protocol, as shown in my previous images, is present but the certificate is missing.
In the post above you will find the credentials to log in, they are written in bold. You have to use 'test' and 'password'.
