TLS certificates with Docker

Hello,

i have a strange issue when using custom certificates with traefik. I'm using traefik 2.0. It worked well before adding lines for certificates.

I created a certicated with openssl and it generated two files (cert and key). Then, i followed the documentation to make my yaml configuration file:

api:
  dashboard: true

log:
  level: DEBUG

entryPoints:
  web:
    address: ":80"
  web-secure:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: traefik
    tls:
      cert: /opt/traefik/cert.crt
      key: /opt/traefik/cert.key

My traefik launch :

docker run -d \
  --name traefik-prod \
  --network=traefik \
  --restart always \
  -p 80:80 \
  -p 443:443 \
  --volume /var/run/docker.sock:/var/run/docker.sock:ro \
  --volume /opt/traefik/traefik.yml:/traefik.yml:ro \
  --volume /opt/traefik/cert.crt:/opt/traefik/cert.crt:ro \
  --volume /opt/traefik/cert.key:/opt/traefik/cert.key:ro \
  --volume /opt/traefik/acme.json:/acme.json \
  --label 'traefik.http.routers.traefik.rule=Host(`domain.com`)' \
  --label 'traefik.http.services.traefik.loadbalancer.server.port=8080' \
  --label 'traefik.http.routers.traefik.service=api@internal' \
  --label 'traefik.enable=true' \
  --label 'traefik.docker.network=traefik' \
  traefik:2.0.0 \
  --api \
  --providers.docker \
  --global.sendAnonymousUsage=false \
  --global.debug \
  --log.loglevel=debug \
  --accesslog \
  --metrics

I have this error :

time="2019-09-18T14:00:38Z" level=debug msg="FIXME: Got an status-code for which error does not match any expected type!!!: -1" status_code=-1 module=api
time="2019-09-18T14:00:38Z" level=error msg="Failed to retrieve information of the docker client and server host: error during connect: Get https://%2Fvar%2Frun%2Fdocker.sock/v1.24/version: http: server gave HTTP response to HTTPS client" providerName=docker
time="2019-09-18T14:00:38Z" level=error msg="Provider connection error error during connect: Get https://%2Fvar%2Frun%2Fdocker.sock/v1.24/version: http: server gave HTTP response to HTTPS client, retrying in 1.666393453s" providerName=docker
time="2019-09-18T14:00:39Z" level=debug msg="FIXME: Got an status-code for which error does not match any expected type!!!: -1" module=api status_code=-1
time="2019-09-18T14:00:39Z" level=error msg="Failed to retrieve information of the docker client and server host: error during connect: Get https://%2Fvar%2Frun%2Fdocker.sock/v1.24/version: http: server gave HTTP response to HTTPS client" providerName=docker
time="2019-09-18T14:00:39Z" level=error msg="Provider connection error error during connect: Get https://%2Fvar%2Frun%2Fdocker.sock/v1.24/version: http: server gave HTTP response to HTTPS client, retrying in 4.204102903s" providerName=docker
time="2019-09-18T14:00:44Z" level=debug msg="FIXME: Got an status-code for which error does not match any expected type!!!: -1" status_code=-1 module=api
time="2019-09-18T14:00:44Z" level=error msg="Failed to retrieve information of the docker client and server host: error during connect: Get https://%2Fvar%2Frun%2Fdocker.sock/v1.24/version: http: server gave HTTP response to HTTPS client" providerName=docker
time="2019-09-18T14:00:44Z" level=error msg="Provider connection error error during connect: Get https://%2Fvar%2Frun%2Fdocker.sock/v1.24/version: http: server gave HTTP response to HTTPS client, retrying in 8.401962033s" providerName=docker

All searchs i made for this error target error about Docker and registries... i don't understand why traefik has a problem with docker when certificates files are added.

The used documentation is here : https://docs.traefik.io/providers/docker/#tls

Thank you :slight_smile:

Edit: Same error here but not same conditions : "Server gave HTTP response to HTTPS client". Linked issue ?

@Tchoupinax,

Configuring TLS in the docker provider enables HTTPS communication with your docker daemon for configuration updates.

This is usually done when your docker daemon requires authentication.

Note that this configuration has nothing to do with web traffic at all. Only the connection between Traefik and the docker daemon. See (Server gave HTTP response to HTTPS client) for more information.

Thank you !

Why configuring TLS requires a HTTPS connection between Traefik and the Docker Daemon ?