Hello, I am trying to implement the following scheme
client -> aws alb -> ec2 instance -> docker containers (with lets encrypt)
Here are my configuration files:
certificatesResolvers:
myresolver:
acme:
email: "example@smt.com"
storage: "/etc/traefik/acme.json"
dnsChallenge:
provider: route53
defaultEntryPoints:
- https
- http
entryPoints:
http:
address: ':80'
http:
redirections:
entryPoint:
to: https
scheme: https
permanent: true
https:
address: ':443'
traefik:
address: ':8443'
http:
redirections:
entryPoint:
to: https
scheme: https
providers:
docker:
exposedByDefault: false
file:
filename: /etc/traefik/traefik.dynamic.yml
ping:
entryPoint: http
api:
insecure: true
dashboard: true
loglevel: "DEBUG"
accessLog: {}
http:
middlewares:
cors-aimer:
headers:
accessControlAllowHeaders:
- "content-type"
- "authorization"
- "*"
accessControlAllowCredentials: true
accesscontrolalloworiginlistregex:
- "(.+).example.cloud"
accessControlAllowMethods:
- POST
- GET
- DELETE
- PUT
- PATCH
cors-reporter:
headers:
accessControlAllowHeaders:
- "content-type"
- "authorization"
accessControlAllowCredentials: true
accesscontrolalloworiginlistregex:
- "(.+).example.cloud"
cors-auth:
headers:
accessControlAllowHeaders:
- "content-type"
- "authorization"
accessControlAllowCredentials: true
accesscontrolalloworiginlistregex:
- "(.+).example.cloud"
tls:
stores:
default:
defaultGeneratedCert:
resolver: myresolver
domain:
main: "example.com"
options:
default:
minVersion: VersionTLS12
sniStrict: false
networks:
edgerouter_traefik:
external: true
internal:
external: true
services:
traefik:
image: 'traefik:v2.9'
container_name: 'traefik'
ports:
- '80:80'
- '443:443'
- '8443:8443'
volumes:
....
networks:
- edgerouter_traefik
labels:
- traefik.enable=true
- traefik.docker.network=edgerouter_traefik
- traefik.http.routers.traefik_https.rule=Host(`example.com`)
- traefik.http.routers.traefik_https.entrypoints=traefik
- traefik.http.routers.traefik_https.tls=true
- traefik.http.routers.traefik_https.service=api@internal
- traefik.http.routers.traefik_https.tls.certresolver=myresolver
application:
networks:
- edgerouter_traefik
- internal
ports:
- "127.0.0.1:8080:8080"
labels:
- traefik.docker.network=edgerouter_traefik
- traefik.http.middlewares.aimer-strip-prefix.stripprefix.prefixes=/
- traefik.http.middlewares.aimer-strip-prefix.stripprefix.forceSlash=false
- traefik.http.middlewares.fsm.chain.middlewares=cors-aimer@file,aimer-strip-prefix@docker
- traefik.enable=true
- traefik.http.services.aimer.loadbalancer.server.port=8080
- traefik.http.routers.aimer.rule=(Host(`example.com`) || Host(`172.31.13.33`)) && PathPrefix(`/`)
- traefik.http.routers.aimer.entrypoints=https
- traefik.http.routers.aimer.tls=true
- traefik.http.routers.aimer.middlewares=fsm
First of all, I have disabled strict SNI checks.
After that, I started to get response codes for health checks on my load balancer. The thing is that aws load balancer uses private IP's. My problem is that I'm getting a response with the status code 404. As I understood it is happening because LB forwarded it to the following address
172.31.13.33:443/docs
instead of
. So how can I fix that and do proper redirects? And is there any better way to add private IP's to be used?
Another question is that my health checks start to fail when I use the http2 protocol on my aws target groups and they work only with the http1 protocol. What is the root problem for that?
I can add any additional details such as curl responses, tcpdump etc.