Hi.
Can somebody please tell me what I am doing wrong?
I am trying to do four things:
- all HTTP ingress must be redirected to HTTPS
- all HTTPS ingress for the path
/
should b forwarded tohttp://localhost:9000/cerebro/
- all HTTPS ingress for the path
/dashboard
should be sent to the internal dashboard service - all HTTPS ingress for the path
/api
should be sent to the internal api service
to simplify things, i am running traefik as root:
root@com:/home/karl# /opt/traefik/traefik --configfile=/etc/traefik/traefik.toml
Here's my static config:
root@com:/etc/traefik# cat traefik.toml
################################################################
# Global configuration
################################################################
[global]
checkNewVersion = true
# Nothing wrong w/ letting them know it's in use
# See: https://docs.traefik.io/contributing/data-collection/
sendAnonymousUsage = true
################################################################
# Entrypoints configuration
################################################################
# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
# We want all http to be immediately upgraded to https
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
# TODO: also get the traefik dashboard on this entry point, too
# I can't seem to get things "working" on the HTTPS endpoint, but at least
# i can move the port that traefik's API and Dashboard are on...
[entryPoints.traefik]
address = ":8081"
################################################################
# Traefik logs configuration
################################################################
[log]
# Log level
# TODO: switch back when done debugging!
level = "DEBUG"
format = "common"
################################################################
# Access logs configuration
################################################################
[accessLog]
################################################################
# API and dashboard configuration
# See: https://docs.traefik.io/v2.1/operations/api/
################################################################
# Enable API and dashboard
[api]
# Don't just have the api, also have a GUI
dashboard = true
# When enabled, the service is wired up do an entrypoint called "traefik" which appears to have no auth middleware
# and is on port 8080.
##
# TODO: when done debugging, turn off
insecure = true
################################################################
# Ping configuration
# See: https://docs.traefik.io/v2.1/operations/ping/
################################################################
# Enable ping endpoint; this is what consul-agent will check against!
[ping]
# Name of the related entry point
#
# Optional
# Default: "traefik"
entryPoint = "websecure"
################################################################
# Provider configuration
# See: https://docs.traefik.io/providers/file/
################################################################
[providers.file]
filename = "/etc/traefik/dynamic.toml"
And here's my dynamic config:
################################################################
# the Dynamic config for Traefik
################################################################
################################################################
# Routing configuration
# See: https://docs.traefik.io/routing/routers/
################################################################
[http.routers]
# A "catch-all" for HTTP -> HTTPS redirects
[http.routers.http-catchall]
# Anything that comes in over TCP/80
entryPoints = ["web"]
# And is destined for any host
rule = "hostregexp(`{host:[a-z-.]+}`)"
# Should get redirected to HTTPS
middlewares = ["redirect-to-https"]
# For reasons that are not clear or documented (typical for traefik...)
# the route never forms unless it has a service attached to it... but i don't know what
# service this should have since after the redirect, there should be no more involvement...
service = "cerebro"
[http.routers.cerebro]
# Any request that comes in on the HTTPS entrypoint
# NOTE: since the traefik entry point seems to work, see if i can wire up the router to it as well...
entryPoints = ["websecure", "traefik"]
# And is for the / path
rule = "Path(`/`)"
# Should get re-written so the the /cerebro/ path is added to the query
middlewares = ["add-cerebro-prefix"]
# And then forwarded to the cerebro service
service = "cerebro"
[http.routers.dashboard]
# Any request that comes in on the HTTPS entrypoint
entryPoints = ["websecure"]
# And is for the /dashboard path
rule = "PathPrefix(`/dashboard`)"
# TODO: SHould get AUTH applied to it
# for now, just replicate the middlewares that exist when insecure=true is set...
##
# Note: removed "dashboard_stripprefix@internal" and dashboard_redirect@internal"due to
# middleware "dashboard_stripprefix@internal" does not exist entryPointName=websecure routerName=dashboard@file
# middleware "dashboard_redirect@internal" does not exist entryPointName=websecure routerName=dashboard@file
middlewares = []
# And then forwarded to the internal dashboard/api service
# See: https://docs.traefik.io/v2.1/operations/dashboard/#secure-mode
service = "dashboard@internal"
[http.routers.api]
# Any request that comes in on the HTTPS entrypoint
entryPoints = ["websecure"]
# And is for the /api
rule = "PathPrefix(`/api`)"
# And then forwarded to the internal dashboard/api service
# See: https://docs.traefik.io/v2.1/operations/dashboard/#secure-mode
service = "api@internal"
################################################################
# Services configuration
# See: https://docs.traefik.io/routing/services/
################################################################
## Dynamic configuration
[http.services]
[http.services.cerebro.loadBalancer]
[[http.services.cerebro.loadBalancer.servers]]
# Cerebro will expect traffic on port 9000
url = "http://127.0.0.1:9000/"
################################################################
# Midleware configuration
# See: https://docs.traefik.io/middlewares/addprefix/
################################################################
# Prefixing with /cerebro
[http.middlewares]
[http.middlewares.add-cerebro-prefix.addPrefix]
# a request for / will be turnd into a request for /cerrebro/ and then forwarded...
prefix = "/cerebro"
[http.middlewares.redirect-to-https.redirectScheme]
# See: https://docs.traefik.io/middlewares/redirectscheme/
scheme = "https"
And here's a full log from startup to making two small requests on the dashboard:
root@com:/home/karl# /opt/traefik/traefik --configfile=/etc/traefik/traefik.toml
INFO[0000] Configuration loaded from file: /etc/traefik/traefik.toml
INFO[2019-12-13T20:26:12Z] Traefik version 2.1.1 built on 2019-12-12T19:01:37Z
DEBU[2019-12-13T20:26:12Z] Static configuration loaded {"global":{"checkNewVersion":true,"sendAnonymousUsage":true},"serversTransport":{"maxIdleConnsPerHost":200},"entryPoints":{"traefik":{"address":":8081","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{}},"web":{"address":":80","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{}},"websecure":{"address":":443","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{}}},"providers":{"providersThrottleDuration":2000000000,"file":{"watch":true,"filename":"/etc/traefik/dynamic.toml"}},"api":{"insecure":true,"dashboard":true},"ping":{"entryPoint":"websecure"},"log":{"level":"DEBUG","format":"common"},"accessLog":{"format":"common","filters":{},"fields":{"defaultMode":"keep","headers":{"defaultMode":"drop"}}}}
INFO[2019-12-13T20:26:12Z] Stats collection is enabled.
INFO[2019-12-13T20:26:12Z] Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.
INFO[2019-12-13T20:26:12Z] Help us improve Traefik by leaving this feature on :)
INFO[2019-12-13T20:26:12Z] More details on: https://docs.traefik.io/v2.0/contributing/data-collection/
INFO[2019-12-13T20:26:12Z] Starting provider aggregator.ProviderAggregator {}
DEBU[2019-12-13T20:26:12Z] Start TCP Server entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Start TCP Server entryPointName=web
DEBU[2019-12-13T20:26:12Z] Start TCP Server entryPointName=traefik
INFO[2019-12-13T20:26:12Z] Starting provider *file.Provider {"watch":true,"filename":"/etc/traefik/dynamic.toml"}
INFO[2019-12-13T20:26:12Z] Starting provider *traefik.Provider {}
DEBU[2019-12-13T20:26:12Z] Configuration received from provider file: {"http":{"routers":{"api":{"entryPoints":["websecure"],"service":"api@internal","rule":"PathPrefix(`/api`)"},"cerebro":{"entryPoints":["websecure","traefik"],"middlewares":["add-cerebro-prefix"],"service":"cerebro","rule":"Path(`/`)"},"dashboard":{"entryPoints":["websecure"],"service":"dashboard@internal","rule":"PathPrefix(`/dashboard`)"},"http-catchall":{"entryPoints":["web"],"middlewares":["redirect-to-https"],"service":"cerebro","rule":"hostregexp(`{host:[a-z-.]+}`)"}},"middlewares":{"add-cerebro-prefix":{"addPrefix":{"prefix":"/cerebro"}},"redirect-to-https":{"redirectScheme":{"scheme":"https"}}},"services":{"cerebro":{"loadBalancer":{"servers":[{"url":"http://127.0.0.1:9000/"}],"passHostHeader":null}}}},"tcp":{},"tls":{}} providerName=file
DEBU[2019-12-13T20:26:12Z] Configuration received from provider internal: {"http":{"routers":{"api":{"entryPoints":["traefik"],"service":"api@internal","rule":"PathPrefix(`/api`)","priority":2147483646},"dashboard":{"entryPoints":["traefik"],"middlewares":["dashboard_redirect@internal","dashboard_stripprefix@internal"],"service":"dashboard@internal","rule":"PathPrefix(`/`)","priority":2147483645},"ping":{"entryPoints":["websecure"],"service":"ping@internal","rule":"PathPrefix(`/ping`)","priority":2147483647}},"middlewares":{"dashboard_redirect":{"redirectRegex":{"regex":"^(http:\\/\\/[^:]+(:\\d+)?)/$","replacement":"${1}/dashboard/","permanent":true}},"dashboard_stripprefix":{"stripPrefix":{"prefixes":["/dashboard/","/dashboard"]}}},"services":{"api":{},"dashboard":{},"ping":{}}},"tcp":{},"tls":{}} providerName=internal
DEBU[2019-12-13T20:26:12Z] Creating middleware serviceName=cerebro middlewareName=pipelining middlewareType=Pipelining entryPointName=traefik routerName=cerebro@file
DEBU[2019-12-13T20:26:12Z] Creating load-balancer serviceName=cerebro entryPointName=traefik routerName=cerebro@file
DEBU[2019-12-13T20:26:12Z] Creating server 0 http://127.0.0.1:9000/ entryPointName=traefik routerName=cerebro@file serviceName=cerebro serverName=0
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware cerebro entryPointName=traefik routerName=cerebro@file middlewareType=TracingForwarder middlewareName=tracing
DEBU[2019-12-13T20:26:12Z] Creating middleware middlewareType=AddPrefix entryPointName=traefik routerName=cerebro@file middlewareName=add-cerebro-prefix@file
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware routerName=cerebro@file entryPointName=traefik middlewareName=add-cerebro-prefix@file
DEBU[2019-12-13T20:26:12Z] Creating middleware middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery
DEBU[2019-12-13T20:26:12Z] Creating middleware entryPointName=web routerName=http-catchall@file serviceName=cerebro middlewareName=pipelining middlewareType=Pipelining
DEBU[2019-12-13T20:26:12Z] Creating load-balancer entryPointName=web routerName=http-catchall@file serviceName=cerebro
DEBU[2019-12-13T20:26:12Z] Creating server 0 http://127.0.0.1:9000/ routerName=http-catchall@file serviceName=cerebro serverName=0 entryPointName=web
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware cerebro entryPointName=web routerName=http-catchall@file middlewareType=TracingForwarder middlewareName=tracing
DEBU[2019-12-13T20:26:12Z] Creating middleware entryPointName=web middlewareName=redirect-to-https@file middlewareType=RedirectScheme routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Setting up redirection to https entryPointName=web middlewareName=redirect-to-https@file middlewareType=RedirectScheme routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware entryPointName=web routerName=http-catchall@file middlewareName=redirect-to-https@file
DEBU[2019-12-13T20:26:12Z] Creating middleware entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware dashboard@internal entryPointName=websecure routerName=dashboard@file middlewareType=TracingForwarder middlewareName=tracing
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware api@internal routerName=api@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Creating middleware middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] No default certificate, generating one
DEBU[2019-12-13T20:26:12Z] Creating middleware entryPointName=websecure routerName=cerebro@file serviceName=cerebro middlewareName=pipelining middlewareType=Pipelining
DEBU[2019-12-13T20:26:12Z] Creating load-balancer entryPointName=websecure routerName=cerebro@file serviceName=cerebro
DEBU[2019-12-13T20:26:12Z] Creating server 0 http://127.0.0.1:9000/ routerName=cerebro@file serviceName=cerebro serverName=0 entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware cerebro entryPointName=websecure routerName=cerebro@file middlewareName=tracing middlewareType=TracingForwarder
DEBU[2019-12-13T20:26:12Z] Creating middleware middlewareName=add-cerebro-prefix@file middlewareType=AddPrefix entryPointName=websecure routerName=cerebro@file
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware routerName=cerebro@file middlewareName=add-cerebro-prefix@file entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware dashboard@internal routerName=dashboard@file entryPointName=websecure middlewareType=TracingForwarder middlewareName=tracing
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware ping@internal routerName=ping@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware api@internal entryPointName=websecure middlewareName=tracing middlewareType=TracingForwarder routerName=api@file
DEBU[2019-12-13T20:26:12Z] Creating middleware entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware api@internal routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware dashboard@internal routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
DEBU[2019-12-13T20:26:12Z] Creating middleware entryPointName=traefik middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix routerName=dashboard@internal
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
DEBU[2019-12-13T20:26:12Z] Creating middleware entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
DEBU[2019-12-13T20:26:12Z] Setting up redirection from ^(http:\/\/[^:]+(:\d+)?)/$ to ${1}/dashboard/ entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
DEBU[2019-12-13T20:26:12Z] Creating middleware entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
DEBU[2019-12-13T20:26:12Z] Creating middleware entryPointName=web routerName=http-catchall@file serviceName=cerebro middlewareName=pipelining middlewareType=Pipelining
DEBU[2019-12-13T20:26:12Z] Creating load-balancer entryPointName=web routerName=http-catchall@file serviceName=cerebro
DEBU[2019-12-13T20:26:12Z] Creating server 0 http://127.0.0.1:9000/ serverName=0 serviceName=cerebro entryPointName=web routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware cerebro middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Creating middleware middlewareName=redirect-to-https@file middlewareType=RedirectScheme entryPointName=web routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Setting up redirection to https routerName=http-catchall@file middlewareName=redirect-to-https@file middlewareType=RedirectScheme entryPointName=web
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware entryPointName=web routerName=http-catchall@file middlewareName=redirect-to-https@file
DEBU[2019-12-13T20:26:12Z] Creating middleware middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery
DEBU[2019-12-13T20:26:12Z] No default certificate, generating one
my.internal.ipv4.addy - - [13/Dec/2019:20:26:13 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 1 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:13 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 2 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:18 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 3 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:18 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 4 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:18 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 5 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:19 +0000] "GET /api/http/routers?search=&status=&per_page=10&page=1 HTTP/1.1" 200 1410 "-" "-" 6 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:21 +0000] "GET /api/http/routers/dashboard@file HTTP/1.1" 200 178 "-" "-" 7 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:21 +0000] "GET /api/entrypoints/websecure HTTP/1.1" 200 165 "-" "-" 8 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:23 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 9 "api@internal" - 0ms
^CINFO[2019-12-13T20:26:24Z] I have to go...
INFO[2019-12-13T20:26:24Z] Stopping server gracefully
DEBU[2019-12-13T20:26:24Z] Waiting 10s seconds before killing connections. entryPointName=websecure
DEBU[2019-12-13T20:26:24Z] Waiting 10s seconds before killing connections. entryPointName=traefik
ERRO[2019-12-13T20:26:24Z] accept tcp [::]:443: use of closed network connection entryPointName=websecure
ERRO[2019-12-13T20:26:24Z] accept tcp [::]:8081: use of closed network connection entryPointName=traefik
DEBU[2019-12-13T20:26:24Z] Entry point websecure closed entryPointName=websecure
DEBU[2019-12-13T20:26:24Z] Waiting 10s seconds before killing connections. entryPointName=web
ERRO[2019-12-13T20:26:24Z] accept tcp [::]:80: use of closed network connection entryPointName=web
DEBU[2019-12-13T20:26:24Z] Entry point web closed entryPointName=web
DEBU[2019-12-13T20:26:25Z] Entry point traefik closed entryPointName=traefik
INFO[2019-12-13T20:26:25Z] Server stopped
INFO[2019-12-13T20:26:25Z] Shutting down
Can somebody tell me what i am missing?