Each time you have slightly different issues, you fix one, next crops up, so sorry, but I cannot really tell what certificates and HTTPS redirect
problem is.
Can you explain a bit more? Thanks.
Each time you have slightly different issues, you fix one, next crops up, so sorry, but I cannot really tell what certificates and HTTPS redirect
problem is.
Can you explain a bit more? Thanks.
No swarm here and now I just have the compose file wich is being modified whenever I have the time to test.
Well, what puzzled me was the fact that the last time the log had only one line. Not an error message which is good but one line can't help you identify what worked and what not.
At that moment bazarr.domain.com was accessible through http. I restarted the container and then it stopped being reachable through internet.
I'll start digging again today and see what's going on..
I guess that there was only one line in the log because I had traefik.log specified, now it's out.
Today's progress:
I managed to make the certificates going (according to the logs at least at some point, then apparently I've hit my rate limit).
However.
Also today I realised that I had some syntax issues in my compose file.
bazarr:
image: 'linuxserver/bazarr:latest'
container_name: bazarr
hostname: bazarr
volumes:
- '.\bazarr\config:/config'
ports:
- '6767:6767'
environment:
- TZ=Europe/Bucharest
- com.ouroboros.enable=true
restart: unless-stopped
env_file:
- .env
labels:
# - traefik.frontend.passHostHeader=true
# - traefik.port=6767
- "traefik.enable=true"
- "traefik.http.routers.bazarr.rule=Host(`bazarr.DOMAIN.com`)"
- "traefik.http.routers.bazarr.entrypoints=web"
- "traefik.http.routers.bazarr.tls=true"
- "traefik.http.routers.bazarr.tls.certresolver=basic"
- "traefik.http.routers.bazarr.tls.domains[0].main=DOMAIN.com"
- "traefik.http.routers.bazarr.tls.domains[0].sans=*.DOMAIN.com"
- "traefik.http.routers.bazarr.entrypoints=web-secure"
- "traefik.http.services.bazarr.loadbalancer.server.port=6767"
traefik_2.0.1:
image: 'traefik:2.0'
container_name: traefik_2.0
hostname: traefik_2.0
ports:
- '443:443'
- '80:80'
- '8080:8080'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
# - '.\traefik_2.0.1\traefik.yml:/etc/traefik/traefik.yml'
env_file:
- .env
restart: unless-stopped
domainname: '${ZONE}'
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=basic"
# - "traefik.http.routers.traefik_https.service=api@internal"
- "traefik.http.routers.traefik.tls.domains[0].main=DOMAIN.com"
- "traefik.http.routers.traefik.tls.domains[0].sans=*.DOMAIN.com"
- "traefik.http.routers.http_traefik.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
environment:
- 'CF_API_EMAIL=${EMAIL}'
- 'CF_API_KEY=${API_KEY}'
- com.ouroboros.enable=true
- TZ=Europe/Bucharest
command:
- '--log.level=DEBUG'
- '--log.format=json'
- '--global.checkNewVersion=true'
- '--global.sendAnonymousUsage=false'
- '--entryPoints.web.address=:80'
- '--entryPoints.web-secure.address=:443'
- '--api'
- '--api.debug'
- '--api.insecure'
- '--api.dashboard'
- '--ping'
- '--providers.docker.exposedByDefault=false'
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=false'
- '--certificatesresolvers.basic.acme.email=EMAIL@gmail.com'
- '--certificatesresolvers.basic.acme.storage=/acme.json'
- '--certificatesresolvers.basic.acme.dnschallenge=true'
- '--certificatesresolvers.basic.acme.dnschallenge.provider=cloudflare'
# - '--certificatesresolvers.basic.acme.dnsChallenge.delayBeforeCheck=60'
- '--certificatesresolvers.basic.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53'
{"level":"info","msg":"Shutting down","time":"2019-10-03T13:44:14+03:00"},
time="2019-10-03T13:44:18+03:00" level=info msg="Configuration loaded from flags.",
{"level":"info","msg":"Traefik version 2.0.1 built on 2019-09-26T16:18:03Z","time":"2019-10-03T13:44:18+03:00"},
{"level":"debug","msg":"Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"web-secure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}},\"api\":{\"insecure\":true,\"dashboard\":true,\"debug\":true},\"ping\":{\"entryPoint\":\"traefik\"},\"log\":{\"level\":\"DEBUG\",\"format\":\"json\"},\"certificatesResolvers\":{\"basic\":{\"acme\":{\"email\":\"EMAIL@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"resolvers\":[\"1.1.1.1:53\",\"8.8.8.8:53\"]}}}}}","time":"2019-10-03T13:44:18+03:00"},
{"level":"info","msg":"\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/v2.0/contributing/data-collection/\n","time":"2019-10-03T13:44:18+03:00"},
{"level":"debug","msg":"No default certificate, generating one","time":"2019-10-03T13:44:18+03:00"},
{"level":"info","msg":"Starting provider aggregator.ProviderAggregator {}","time":"2019-10-03T13:44:18+03:00"},
{"entryPointName":"web","level":"debug","msg":"Start TCP Server","time":"2019-10-03T13:44:18+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Start TCP Server","time":"2019-10-03T13:44:18+03:00"},
{"entryPointName":"web-secure","level":"debug","msg":"Start TCP Server","time":"2019-10-03T13:44:18+03:00"},
{"level":"info","msg":"Starting provider *acme.Provider {\"email\":\"EMAIL@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"resolvers\":[\"1.1.1.1:53\",\"8.8.8.8:53\"]},\"ResolverName\":\"basic\",\"store\":{},\"ChallengeStore\":{}}","time":"2019-10-03T13:44:18+03:00"},
{"level":"info","msg":"Testing certificate renew...","providerName":"basic.acme","time":"2019-10-03T13:44:18+03:00"},
{"level":"info","msg":"Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}","time":"2019-10-03T13:44:18+03:00"},
{"level":"debug","msg":"Configuration received from provider basic.acme: {\"http\":{},\"tls\":{}}","providerName":"basic.acme","time":"2019-10-03T13:44:18+03:00"},
{"level":"debug","msg":"No default certificate, generating one","time":"2019-10-03T13:44:18+03:00"},
{"level":"debug","msg":"Provider connection established with docker 19.03.2 (API 1.40)","providerName":"docker","time":"2019-10-03T13:44:18+03:00"},
{"container":"kibana-media-server-c1316fbc05f3a7eb527d270d1f1a037f84d0b8fff256f0abd5d5392bd8668291","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"container":"filebeat-media-server-f80e988ab2b068b18cdc6fb193817361377435241652be1cf18f20b37346bae5","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"container":"elasticsearch-media-server-48620b88fa282f6d4471f3ae2a36155d0e3c12d78dda63e59b49a1218e6111a8","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"container":"ouroboros-media-server-2c373d7a804d3b62c02c16fe99dda574996cbe0f7bb0c004a245b8a1c41166df","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"container":"chronograf-media-server-42f5ff510c4cae99e65defc4f42a9ce0c04466cda021117f9879cf3376f6504e","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"container":"influxdb-telegraf-media-server-5ea37b993a0dfa03a961971d7ca28b8cd9cc745642de30e541963e2b03259c93","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"container":"portainer-media-server-c5d350f8f78bd181729c91f52e3a9cbcfca18b4072c807a321307a5aca415a60","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"container":"logarr-media-server-c7cf89bea2d8bc5b4ffbfc25ab4513b9e5ffb714ecb18f46b793a7bdf93fd7f5","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"container":"cloudflare-ddns-media-server-c885127c8daf936bcec87b253a9aa404500bf662ff7c50f7e6fc63f898ae55c4","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"container":"piholeinflux-media-server-462d6822c39e3da20a725b24ad3c60ed7a2a61d37a996f9bf33431aeceada7b9","level":"debug","msg":"Filtering disabled container","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"Configuration received from provider docker: {\"http\":{\"routers\":{\"bazarr\":{\"entryPoints\":[\"web\"],\"service\":\"bazarr\",\"rule\":\"Host(`bazarr.DOMAIN.com`)\",\"tls\":{\"certResolver\":\"basic\",\"domains\":[{\"main\":\"DOMAIN.com\",\"sans\":[\"*.DOMAIN.com\"]}]}},\"grafana-media-server\":{\"service\":\"grafana-media-server\",\"rule\":\"Host(`grafana-media-server`)\"},\"heimdall-media-server\":{\"service\":\"heimdall-media-server\",\"rule\":\"Host(`heimdall-media-server`)\"},\"http_traefik\":{\"middlewares\":[\"https_redirect\"],\"service\":\"traefik-2-0-1-media-server\",\"rule\":\"Host(`traefik-2-0-1-media-server`)\"},\"ombi-media-server\":{\"service\":\"ombi-media-server\",\"rule\":\"Host(`ombi-media-server`)\"},\"organizr-media-server\":{\"service\":\"organizr-media-server\",\"rule\":\"Host(`organizr-media-server`)\"},\"tautulli-media-server\":{\"service\":\"tautulli-media-server\",\"rule\":\"Host(`tautulli-media-server`)\"},\"traefik\":{\"service\":\"traefik-2-0-1-media-server\",\"rule\":\"Host(`traefik.localhost`)\",\"tls\":{\"certResolver\":\"basic\",\"domains\":[{\"main\":\"DOMAIN.com\",\"sans\":[\"*.DOMAIN.com\"]}]}}},\"middlewares\":{\"https_redirect\":{\"redirectScheme\":{\"scheme\":\"https\",\"permanent\":true}}},\"services\":{\"bazarr\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.17:6767\"}],\"passHostHeader\":true}},\"grafana-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.3:3000\"}],\"passHostHeader\":true}},\"heimdall-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.6:80\"}],\"passHostHeader\":true}},\"ombi-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.18:3579\"}],\"passHostHeader\":true}},\"organizr-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.8:80\"}],\"passHostHeader\":true}},\"tautulli-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.11:8181\"}],\"passHostHeader\":true}},\"traefik-2-0-1-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.10:80\"}],\"passHostHeader\":true}}}},\"tcp\":{}}","providerName":"docker","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"No entryPoint defined for this router, using the default one(s) instead: [traefik web-secure web]","routerName":"grafana-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"No entryPoint defined for this router, using the default one(s) instead: [traefik web-secure web]","routerName":"heimdall-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"No entryPoint defined for this router, using the default one(s) instead: [traefik web-secure web]","routerName":"ombi-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"No entryPoint defined for this router, using the default one(s) instead: [traefik web-secure web]","routerName":"organizr-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"No entryPoint defined for this router, using the default one(s) instead: [traefik web-secure web]","routerName":"tautulli-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"No entryPoint defined for this router, using the default one(s) instead: [traefik web-secure web]","routerName":"http_traefik@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"pipelining","middlewareType":"Pipelining","msg":"Creating middleware","routerName":"grafana-media-server@docker","serviceName":"grafana-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating load-balancer","routerName":"grafana-media-server@docker","serviceName":"grafana-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating server 0 http://172.18.0.3:3000","routerName":"grafana-media-server@docker","serverName":0,"serviceName":"grafana-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"tracing","middlewareType":"TracingForwarder","msg":"Added outgoing tracing middleware grafana-media-server","routerName":"grafana-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"pipelining","middlewareType":"Pipelining","msg":"Creating middleware","routerName":"heimdall-media-server@docker","serviceName":"heimdall-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating load-balancer","routerName":"heimdall-media-server@docker","serviceName":"heimdall-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating server 0 http://172.18.0.6:80","routerName":"heimdall-media-server@docker","serverName":0,"serviceName":"heimdall-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"tracing","middlewareType":"TracingForwarder","msg":"Added outgoing tracing middleware heimdall-media-server","routerName":"heimdall-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"pipelining","middlewareType":"Pipelining","msg":"Creating middleware","routerName":"ombi-media-server@docker","serviceName":"ombi-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating load-balancer","routerName":"ombi-media-server@docker","serviceName":"ombi-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating server 0 http://172.18.0.18:3579","routerName":"ombi-media-server@docker","serverName":0,"serviceName":"ombi-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"tracing","middlewareType":"TracingForwarder","msg":"Added outgoing tracing middleware ombi-media-server","routerName":"ombi-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"pipelining","middlewareType":"Pipelining","msg":"Creating middleware","routerName":"organizr-media-server@docker","serviceName":"organizr-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating load-balancer","routerName":"organizr-media-server@docker","serviceName":"organizr-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating server 0 http://172.18.0.8:80","routerName":"organizr-media-server@docker","serverName":0,"serviceName":"organizr-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"tracing","middlewareType":"TracingForwarder","msg":"Added outgoing tracing middleware organizr-media-server","routerName":"organizr-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"pipelining","middlewareType":"Pipelining","msg":"Creating middleware","routerName":"tautulli-media-server@docker","serviceName":"tautulli-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating load-balancer","routerName":"tautulli-media-server@docker","serviceName":"tautulli-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating server 0 http://172.18.0.11:8181","routerName":"tautulli-media-server@docker","serverName":0,"serviceName":"tautulli-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"tracing","middlewareType":"TracingForwarder","msg":"Added outgoing tracing middleware tautulli-media-server","routerName":"tautulli-media-server@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"pipelining","middlewareType":"Pipelining","msg":"Creating middleware","routerName":"http_traefik@docker","serviceName":"traefik-2-0-1-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating load-balancer","routerName":"http_traefik@docker","serviceName":"traefik-2-0-1-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","msg":"Creating server 0 http://172.18.0.10:80","routerName":"http_traefik@docker","serverName":0,"serviceName":"traefik-2-0-1-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"tracing","middlewareType":"TracingForwarder","msg":"Added outgoing tracing middleware traefik-2-0-1-media-server","routerName":"http_traefik@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"https_redirect@docker","middlewareType":"RedirectScheme","msg":"Creating middleware","routerName":"http_traefik@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"https_redirect@docker","middlewareType":"RedirectScheme","msg":"Setting up redirection to https ","routerName":"http_traefik@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"https_redirect@docker","msg":"Adding tracing to middleware","routerName":"http_traefik@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"traefik-internal-recovery","middlewareType":"Recovery","msg":"Creating middleware","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web-secure","level":"debug","middlewareName":"traefik-internal-recovery","middlewareType":"Recovery","msg":"Creating middleware","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","middlewareName":"traefik-internal-recovery","middlewareType":"Recovery","msg":"Creating middleware","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"No entryPoint defined for this router, using the default one(s) instead: [traefik web-secure web]","routerName":"traefik@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","middlewareName":"pipelining","middlewareType":"Pipelining","msg":"Creating middleware","routerName":"traefik@docker","serviceName":"traefik-2-0-1-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","msg":"Creating load-balancer","routerName":"traefik@docker","serviceName":"traefik-2-0-1-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","msg":"Creating server 0 http://172.18.0.10:80","routerName":"traefik@docker","serverName":0,"serviceName":"traefik-2-0-1-media-server","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","middlewareName":"tracing","middlewareType":"TracingForwarder","msg":"Added outgoing tracing middleware traefik-2-0-1-media-server","routerName":"traefik@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","middlewareName":"pipelining","middlewareType":"Pipelining","msg":"Creating middleware","routerName":"bazarr@docker","serviceName":"bazarr","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","msg":"Creating load-balancer","routerName":"bazarr@docker","serviceName":"bazarr","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","msg":"Creating server 0 http://172.18.0.17:6767","routerName":"bazarr@docker","serverName":0,"serviceName":"bazarr","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","middlewareName":"tracing","middlewareType":"TracingForwarder","msg":"Added outgoing tracing middleware bazarr","routerName":"bazarr@docker","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web","level":"debug","middlewareName":"traefik-internal-recovery","middlewareType":"Recovery","msg":"Creating middleware","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"traefik","level":"debug","middlewareName":"traefik-internal-recovery","middlewareType":"Recovery","msg":"Creating middleware","time":"2019-10-03T13:44:19+03:00"},
{"entryPointName":"web-secure","level":"debug","middlewareName":"traefik-internal-recovery","middlewareType":"Recovery","msg":"Creating middleware","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"No entryPoint defined for this router, using the default one(s) instead: [traefik web-secure web]","routerName":"traefik@docker","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"No default certificate, generating one","time":"2019-10-03T13:44:19+03:00"},
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"DOMAIN.com\" \"*.DOMAIN.com\"]...","providerName":"basic.acme","time":"2019-10-03T13:44:20+03:00"},
{"level":"debug","msg":"Domains [\"DOMAIN.com\" \"*.DOMAIN.com\"] need ACME certificates generation for domains \"DOMAIN.com,*.DOMAIN.com\".","providerName":"basic.acme","time":"2019-10-03T13:44:20+03:00"},
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"DOMAIN.com\" \"*.DOMAIN.com\"]...","providerName":"basic.acme","time":"2019-10-03T13:44:20+03:00"},
{"level":"debug","msg":"Domains [\"DOMAIN.com\" \"*.DOMAIN.com\"] need ACME certificates generation for domains \"DOMAIN.com,*.DOMAIN.com\".","providerName":"basic.acme","time":"2019-10-03T13:44:20+03:00"},
{"level":"debug","msg":"Loading ACME certificates [DOMAIN.com *.DOMAIN.com]...","providerName":"basic.acme","time":"2019-10-03T13:44:20+03:00"},
{"level":"debug","msg":"Building ACME client...","providerName":"basic.acme","time":"2019-10-03T13:44:20+03:00"},
{"level":"debug","msg":"https://acme-v02.api.letsencrypt.org/directory","providerName":"basic.acme","time":"2019-10-03T13:44:20+03:00"},
{"level":"debug","msg":"Loading ACME certificates [DOMAIN.com *.DOMAIN.com]...","providerName":"basic.acme","time":"2019-10-03T13:44:20+03:00"},
{"level":"debug","msg":"Using DNS Challenge provider: cloudflare","providerName":"basic.acme","time":"2019-10-03T13:44:21+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com, *.DOMAIN.com] acme: Obtaining bundled SAN certificate","time":"2019-10-03T13:44:21+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com, *.DOMAIN.com] acme: Obtaining bundled SAN certificate","time":"2019-10-03T13:44:21+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/614059449","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/614059451","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: use dns-01 solver","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Could not find solver for: tls-alpn-01","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Could not find solver for: http-01","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: use dns-01 solver","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Preparing to solve DNS-01","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/614059449","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/614059451","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: use dns-01 solver","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Could not find solver for: tls-alpn-01","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Could not find solver for: http-01","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: use dns-01 solver","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Preparing to solve DNS-01","time":"2019-10-03T13:44:22+03:00"},
{"level":"debug","msg":"legolog: [INFO] cloudflare: new record for DOMAIN.com, ID 947d616c0e7143959887c4f470f67407","time":"2019-10-03T13:44:23+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Preparing to solve DNS-01","time":"2019-10-03T13:44:23+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Preparing to solve DNS-01","time":"2019-10-03T13:44:23+03:00"},
{"level":"debug","msg":"legolog: [INFO] cloudflare: new record for DOMAIN.com, ID b51297c9025c562a167087f7d774d15b","time":"2019-10-03T13:44:24+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Trying to solve DNS-01","time":"2019-10-03T13:44:24+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Checking DNS record propagation using [1.1.1.1:53 8.8.8.8:53]","time":"2019-10-03T13:44:24+03:00"},
{"level":"debug","msg":"legolog: [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]","time":"2019-10-03T13:44:24+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Waiting for DNS record propagation.","time":"2019-10-03T13:44:24+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Cleaning DNS-01 challenge","time":"2019-10-03T13:44:24+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Cleaning DNS-01 challenge","time":"2019-10-03T13:44:25+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Waiting for DNS record propagation.","time":"2019-10-03T13:44:26+03:00"},
{"level":"error","msg":"Unable to obtain ACME certificate for domains \"DOMAIN.com,*.DOMAIN.com\" : unable to generate a certificate for the domains [DOMAIN.com *.DOMAIN.com]: acme: Error -\u003e One or more domains had a problem:\n[*.DOMAIN.com] [*.DOMAIN.com] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 400: content \"{\\\"success\\\":false,\\\"errors\\\":[{\\\"code\\\":81057,\\\"message\\\":\\\"The record already exists.\\\"}],\\\"messages\\\":[],\\\"result\\\":null}\"\n[DOMAIN.com] [DOMAIN.com] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 400: content \"{\\\"success\\\":false,\\\"errors\\\":[{\\\"code\\\":81057,\\\"message\\\":\\\"The record already exists.\\\"}],\\\"messages\\\":[],\\\"result\\\":null}\"\n","providerName":"basic.acme","time":"2019-10-03T13:44:26+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Waiting for DNS record propagation.","time":"2019-10-03T13:44:28+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Waiting for DNS record propagation.","time":"2019-10-03T13:44:30+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Waiting for DNS record propagation.","time":"2019-10-03T13:44:32+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Waiting for DNS record propagation.","time":"2019-10-03T13:44:34+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Waiting for DNS record propagation.","time":"2019-10-03T13:44:36+03:00"},
perhaps a gist then.
Your compose file does not contain required lines at the top:
version: "3"
services:
While you might think, that everyone who works with compose would know to add ones, there is no really reason for you to delete them: you simply making it more difficult to help you. If I want to paste your example to a file and run it, I would need to spend some valuable time to figuring out why docker-compose up
throwing a error. It's not major slow down but it is a slowdown and completely unnecessary at that.
I'll ignore certificate issues for now, and deal with your 404s.
For the dashboard, you need to decide whether you are using api.insecure
or not. If you are using it, it's just exposed directly, no certs, no explicit routing no nothing. If you want it on https behind a cert you need to make the following changes:
--api.insecure
traefik.http.routers.traefik_https.service=api@internal
If you want to listen on both web
and web-secure
and redirect from one to the other you will need two separate routers for that. One on web
then will get use of that middleware.
traefik.http.routers.traefik_https.entrypoints=web-secure
, traefik.http.routers.traefik.entrypoints=web
.traefik.http.routers.traefik.rule=Host(`traefik.localhost`)
on the traefik_https
router too, you need both.tls
definitions from traefik
router to traefik_https
router. It's the latter one you want tls on.http_traefik
to traefik
. What's is http_traefik
at all, you are not using it anywhere else?This covers your 404 with the dashboard.
Similarly with bazar, if you want both entry points, you also want two routers, one for each. Currently you define entry point twice and this is not gonna work. Create two routers if that's what you want each with it's own entry points, both with host rules, one tls, one non-tls, one without redirect middleware and the other with one.
I suggest using staging environment so that does not happen, staging does not have the rate limit.
Hope this helps.
Sorry for the fact that the compose wasn't usable, I moved up my two containers so now the compose should be usable for tests:
Additional explanations:
In the below picture you can see how the dashboard currently looks like:
(ignore the rest of the containers, bazarr and traefik are the only ones who should be the subject of the traefik config for now)
Later Edit:
I'll stop here and patiently wait for your invaluable help before I mess things up again
LE: Commented out some stuff and now everything seems to work. traefik.localhost still has that certificate warning but everything else seems to be working as expected. Starting to migrate my services to the new config.
Current dashboard status
Now as far as I could gather from the documentation I need two TCP routers ?
I have two systems installed outside docker which were handled by rules.toml previously. If someone could help me to integrate these two services into the traefik setup (preferably without any file as currently I have no config file) I would be very much appreciative.
[entryPoints]
[entryPoints.http]
address = ":8080"
[frontends]
[frontends.sonarr]
backend = "sonarr"
[frontends.sonarr.routes.test_1]
rule = "Host:sonarr.DOMAIN.com"
[frontends.radarr]
backend = "radarr"
[frontends.radarr.routes.test_1]
rule = "Host:radarr.DOMAIN.com"
[backends]
[backends.sonarr]
[backends.sonarr.servers.server1]
url = "http://192.168.0.55:8989"
[backends.radarr]
[backends.radarr.servers.server1]
url = "http://192.168.0.55:20000"
Later Edit: sometimes I noticed that I need to add https:// in front of my subdomain, otherwise I get a 404, however I don't know what causes this
According to what I understood from documentation I should have a file for the TCP services that I want add.
Here's my rules.yml as I could make it
How could I use this ?
By mounting the rules.yml file and then reference it as below ?
--providers.file.filename=rules.yml
Can someone please take a look on my compose file, I am pretty sure that something is not right there but I can't actually pinpoint the exact piece of code
Many thanks.
Hi @losif, if the 2 TCP "backend services" are served outside Docker, using the file provider would be the way to go.
--providers.file.filename=rules.yml
enables the provider "File" and set it up to get its configuration from the file located on ./rules.yml
rules.yml
to the Traefik container: did you notice that I used a dot-slach (./
) for the location of rules.yml
? Because the value you've set for the flag providers.file.filename
is a relative path INSIDE the Traefik container. You have to share this file between your machine and the traefik container, by mounting it on a specified path, as you did with v1.7 with the traefik.toml
. My recommendation for you:
- ./rules.yml:/rules.yml
in the directive volumes:
of the docker-compose "service" Traefik (https://gist.github.com/IosifZ/f85ce274e02692bea100aa0f75e422e9#file-docker-compose-yml-L38).--providers.file.filename
to the value /rules.yml
Many thanks for that one.
Here's what my log says now:
{"level":"error","msg":"Cannot start the provider *file.Provider: yaml: line 14: did not find expected alphabetic or numeric character","time":"2019-10-09T14:49:58+03:00"}
Here's my rules file
Could I use the tags from .env file inside the rules.yml file as I am using it inside compose ? It's a real PITA to always replace the domain name all the time
Here's my updated compose file
Also I am not sure that I have the correct setup for HTTP to HTTPS global redirect and for subdomain entrypoint. I still need someone to take a look on that one (the whole compose file).
This error means that you're on the right path: Traefik tells you that it cannot parse the YAML line 14 in your file. It means that you enabled the file provider successfully!
Now, time for you to read a bit documentation:
Rules for the TCP routers are different than HTTP routers: https://docs.traefik.io/v2.0/routing/routers/#rule_1. TCP does NOT provide concepts as "hostname" or "path" or even "headers", so you cannot do advanced routing. You should use the generic rule HostSNI(`*`)
as a starter: it means you need one entrypoint per backend, as there is no concepot of "virtual host".
The error message is quite clear: it cannot parse the first character of the value on line 14. Please check the syntax at https://docs.traefik.io/v2.0/routing/routers/#domains_1 : you forgot something
On line 14 is the sans which is usually mentioned in all other routers.
I've replaced Host with HostSNI, same behaviour
Got it, I had to put:
rule: "HostSNI(`sonarr.DOMAIN.com`)"
instead of
rule: HostSNI(`sonarr.DOMAIN.com`)
Now I'm back to the compose file who still needs some in depth analysis.
sans
and domains
on the documentation at https://docs.traefik.io/v2.0/routing/routers/#domains_1 (click on the "File (YAML)" tab) with yours: "something" is missing to allow Traefik to parse the value (you need to search a little on this to learn it)sonarr.DOMAIN.com
and radarr.DOMAIN.com
:
=> The goal is to decide:
The syntax is fixed and the Traefik dashboard now successfully displys my two additional services (installed outside Docker).
Although now I get a 404 for those services.
Those two services were configured in rules.toml previously and they were making use of the let's encrypt certificate obtained by traefik 1.7.
So coming back to my initial goals.
Certificates:
I would like to have certificates issued only for my domain and not one per subdomain. This should also include the additional services that are mentioned in the file provided and installed outside docker.
TCP or HTTP ?
I thought that I should use TCP instead of HTTP for those 2 services because they are accessible through local IP and port which is outside docker network.
Also about HTTP->HTTPS redirect:
Hi @losif, based on your previous answer:
Your requirement for TLS termination/certificates is clear. You want termination of TLS at Traefik level, with auto management of the certificates.
=> This means that you must not use the option tls.passthrough
on any router. Only enable tls
and specify the certificate resolver to benefit from Let's Encrypt as you already figured out successfully.
TCP vs. HTTP: the reason to choose TCP would be either "backend does NOT use HTTP(S) - for instance you want to route to MongoDB, SSH, MySQL, etc.", or "Backend uses HTTPS and terminate TLS itself, so Traefik must not manage TLS and pass trough HTTP traffic".
=> So you need to use HTTP routers, and you can revert the router rules to Host()
and forget all the verbiage around "SNI".
About HTTP to HTTPS redirect globally: check this section of the blog post: https://blog.containo.us/traefik-2-0-docker-101-fc2893944b9d#49a5 . The idea is to define a "default http router" on Traefik itself, that catch all the traffic without TLS, and use a middleware for redirection.
TCP vs HTTP: I arrived on the same conclusion when I made a double check with my previous rules.toml (used by 1.7).
updated rules.yaml still with 404
Regarding certificates now I got a weird error in the log:
{"level":"error","msg":"Unable to obtain ACME certificate for domains \"DOMAIN.com,*.DOMAIN.com\" : unable to generate a certificate for the domains [DOMAIN.com *.DOMAIN.com]: acme: Error -\u003e One or more domains had a problem:
\n[*.DOMAIN.com] [*.DOMAIN.com] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 400: content \"{\\\"success\\\":false,\\\"errors\\\":[{\\\"code\\\":81057,\\\"message\\\":\\\"The record already exists.\\\"}],\\\"messages\\\":[],\\\"result\\\":null}\"
\n[DOMAIN.com] [DOMAIN.com] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 400: content \"{\\\"success\\\":false,\\\"errors\\\":[{\\\"code\\\":81057,\\\"message\\\":\\\"The record already exists.\\\"}],\\\"messages\\\":[],\\\"result\\\":null}\"
\n","providerName":"basic.acme","time":"2019-10-10T10:18:06+03:00"}
I tried my luck with two skip verify flags with no luck trying to get rid of the below kind of errors:
{"level":"debug","msg":"http: TLS handshake error from 172.18.0.1:44962: remote error: tls: unknown certificate","time":"2019-10-10T11:20:44+03:00"}
For the rules.yml
, routers are only attached to the entrypoint web
but have tls enabled: https://gist.github.com/IosifZ/f2a271d95e64c8203354273b3d496399#file-rules-yml-L15.
It means you need to hit https://domain:80./
. What you want is the port 443, so you must attach the routers to web-secure
as well.
About the Cloudflare error, I don't have any experience in this part so not really sure. I tend to avoid DNS wildcard as much as I can, en use the tlsChallenge easier to configure, since Traefik manages the domains and renewal for me. However given the error message, I would do the following:
Thank you, 404 solved.
However the certificates are still not being generated. I've checked my Cloudflare dashboard and there are no txt records there.