Traefik and rport (non-docker)

Has anyone managed to get rport working behind traefik as a external non docker app? all i get is 404 no matter what i try. Here is my dynamic yml for it.

tcp:
  routers:
    rport-rpi-rtr:
      rule: "HostSNI(`rport.domain.com`)"
      entryPoints:
        - https
    # middlewares:
    #     - chain-no-auth
      service: rport-rpi-svc
      tls:
        passthrough: true
  services:
      rport-rpi-svc:
        loadBalancer:
          servers:
            - address: "https://192.168.13.190:5000"

I also tried:

http:
  routers:
    rport-rpi-rtr:
      rule: "Host(`rport.domain.com`)"
      entryPoints:
        - rport
    # middlewares:
    #     - chain-no-auth
      service: rport-rpi-svc
      tls: true
  services:
      rport-rpi-svc:
        loadBalancer:
          serversTransport: rport_trans
          servers:
            - url: "https://192.168.13.190:5000"
  serversTransports:
    rport_trans:
      insecureSkipVerify: true

Also how can you handle multi-port? This is the code to setup rport

sudo bash rportd-installer.sh \
 --email user@example.com \
 --client-port 8000 \
 --api-port 5000 \
 --fqdn rport.localnet \
 --port-range 20000-20050

What are you trying to achieve? Will Traefik and your service run on the same node? If so, if you install your service on the host, the ports will probably be open already.

What ports of your service do you want to expose? Do you want to run both ports 5000+8000 through Traefik? Do you need ports 2000-2500 to run through Traefik? Are they http or TCP, are they TLS encrypted, is your service creating own certs? With LetsEncrypt?

What i want to do is reverse proxy rport so i can have access to it from the outside using my domain. I want to connect my remote servers to it. This is to replace my guacamole.

It is running on the same host as traefik. 5000 is the Web internface. 8000 is used to connect the client machine to server. Here is the diagram from there instructions for on-prem install

Also when i trying to connect the client to my server, it was looking to connect via http://rport.domain.com:8000 (but i think in the config i can fix it to point https URL which could be RP to port 8000 internal.

It does create self-signed certs in /etc/rport/ssl

My understanding is you only want to access the GUI from external through Traefik. Do you want to use the custom cert or do you want to use a LetsEncrypt signed cert for the external connection?

Yes i want to be able to reach the GUI via Traefik.

I want to use the LE if possible since that is what is used for traefik already

Don’t use tls.passthrough, that will forward the LE encrypted traffic. But Traefik uses the LE cert and your service a custom cert.

Use serverTransport.insecureskipverify to enable Traefik to connect to unknown TLS targets.

That way Traefik should terminate LE TLS and forward with different TLS cert.

ok, i will try and report back

It worked for the GUI

http:
  routers:
    rport-rpi-rtr:
      rule: "Host(`rport.domain.com`)"
      entryPoints:
        - https
    # middlewares:
    #     - chain-no-auth
      service: rport-rpi-svc
      tls: true
  services:
      rport-rpi-svc:
        loadBalancer:
          serversTransport: rport_trans
          servers:
            - url: "https://192.168.13.190:5000"
  serversTransports:
    rport_trans:
      insecureSkipVerify: true

now what about the multi ports or if i need to have http://rport.domain.com:8001 ?

I created a entrypoint in my traefik

- --entryPoints.rport.address=:8001
- --entryPoints.rport.forwardedHeaders.insecure

but after that do i need to create something like this?

http:
  routers:
    rportAPI-rpi-rtr:
      rule: "Host(`rport.saitohhome.com`)"
      entryPoints:
        - rport
      service: rportAPI-rpi-svc
  services:
      rportAPI-rpi-svc:
        loadBalancer:
          servers:
            - url: "http://192.168.13.190:8001"

Tried it and i get an error with the install..

Installing rport client
Detected Linux Distribution: Ubuntu 20.04.5 LTS
*   Trying 175.93.245.90:8001... (represents my home ip)
* TCP_NODELAY set
* Connection timed out after 5000 milliseconds
* Closing connection 0

Testing the connection to the RPort server on http://rport.domain.com:8001 failed.
* Check your internet connection and firewall rules.
* Check if a transparent HTTP proxy is sniffing and blocking connections.
* Check if a virus scanner is inspecting HTTP connections.
FATAL: No connection to the RPort server. Exit!

Why did you skip those two lines? I would assume that the other port is using http and TLS, too.

it is http
Testing the connection to the RPort server on http://rport.domain.com:8001 failed.