Traefik and rport (non-docker)

saitoh183 · February 10, 2023, 12:59am

Has anyone managed to get rport working behind traefik as a external non docker app? all i get is 404 no matter what i try. Here is my dynamic yml for it.

tcp:
  routers:
    rport-rpi-rtr:
      rule: "HostSNI(`rport.domain.com`)"
      entryPoints:
        - https
    # middlewares:
    #     - chain-no-auth
      service: rport-rpi-svc
      tls:
        passthrough: true
  services:
      rport-rpi-svc:
        loadBalancer:
          servers:
            - address: "https://192.168.13.190:5000"

I also tried:

http:
  routers:
    rport-rpi-rtr:
      rule: "Host(`rport.domain.com`)"
      entryPoints:
        - rport
    # middlewares:
    #     - chain-no-auth
      service: rport-rpi-svc
      tls: true
  services:
      rport-rpi-svc:
        loadBalancer:
          serversTransport: rport_trans
          servers:
            - url: "https://192.168.13.190:5000"
  serversTransports:
    rport_trans:
      insecureSkipVerify: true

Also how can you handle multi-port? This is the code to setup rport

sudo bash rportd-installer.sh \
 --email user@example.com \
 --client-port 8000 \
 --api-port 5000 \
 --fqdn rport.localnet \
 --port-range 20000-20050

bluepuma77 · February 10, 2023, 9:51am

What are you trying to achieve? Will Traefik and your service run on the same node? If so, if you install your service on the host, the ports will probably be open already.

What ports of your service do you want to expose? Do you want to run both ports 5000+8000 through Traefik? Do you need ports 2000-2500 to run through Traefik? Are they http or TCP, are they TLS encrypted, is your service creating own certs? With LetsEncrypt?

saitoh183 · February 10, 2023, 2:28pm

What i want to do is reverse proxy rport so i can have access to it from the outside using my domain. I want to connect my remote servers to it. This is to replace my guacamole.

It is running on the same host as traefik. 5000 is the Web internface. 8000 is used to connect the client machine to server. Here is the diagram from there instructions for on-prem install

Also when i trying to connect the client to my server, it was looking to connect via http://rport.domain.com:8000 (but i think in the config i can fix it to point https URL which could be RP to port 8000 internal.

It does create self-signed certs in /etc/rport/ssl

bluepuma77 · February 10, 2023, 4:15pm

My understanding is you only want to access the GUI from external through Traefik. Do you want to use the custom cert or do you want to use a LetsEncrypt signed cert for the external connection?

saitoh183 · February 10, 2023, 6:43pm

Yes i want to be able to reach the GUI via Traefik.

I want to use the LE if possible since that is what is used for traefik already

bluepuma77 · February 10, 2023, 7:33pm

Don’t use tls.passthrough, that will forward the LE encrypted traffic. But Traefik uses the LE cert and your service a custom cert.

Use serverTransport.insecureskipverify to enable Traefik to connect to unknown TLS targets.

That way Traefik should terminate LE TLS and forward with different TLS cert.

saitoh183 · February 11, 2023, 4:52pm

ok, i will try and report back

saitoh183 · February 13, 2023, 6:10am

It worked for the GUI

http:
  routers:
    rport-rpi-rtr:
      rule: "Host(`rport.domain.com`)"
      entryPoints:
        - https
    # middlewares:
    #     - chain-no-auth
      service: rport-rpi-svc
      tls: true
  services:
      rport-rpi-svc:
        loadBalancer:
          serversTransport: rport_trans
          servers:
            - url: "https://192.168.13.190:5000"
  serversTransports:
    rport_trans:
      insecureSkipVerify: true

now what about the multi ports or if i need to have http://rport.domain.com:8001 ?

I created a entrypoint in my traefik

- --entryPoints.rport.address=:8001
- --entryPoints.rport.forwardedHeaders.insecure

but after that do i need to create something like this?

http:
  routers:
    rportAPI-rpi-rtr:
      rule: "Host(`rport.saitohhome.com`)"
      entryPoints:
        - rport
      service: rportAPI-rpi-svc
  services:
      rportAPI-rpi-svc:
        loadBalancer:
          servers:
            - url: "http://192.168.13.190:8001"

saitoh183 · February 13, 2023, 6:13am

Tried it and i get an error with the install..

Installing rport client
Detected Linux Distribution: Ubuntu 20.04.5 LTS
*   Trying 175.93.245.90:8001... (represents my home ip)
* TCP_NODELAY set
* Connection timed out after 5000 milliseconds
* Closing connection 0

Testing the connection to the RPort server on http://rport.domain.com:8001 failed.
* Check your internet connection and firewall rules.
* Check if a transparent HTTP proxy is sniffing and blocking connections.
* Check if a virus scanner is inspecting HTTP connections.
FATAL: No connection to the RPort server. Exit!

bluepuma77 · February 13, 2023, 6:33am

Why did you skip those two lines? I would assume that the other port is using http and TLS, too.

saitoh183 · February 13, 2023, 2:48pm

it is http
Testing the connection to the RPort server on http://rport.domain.com:8001 failed.

Topic		Replies	Views
Configuration of non http port without TLS Traefik v2 docker , tcp	4	6594	May 14, 2020
TCP TLS server with non-TLS TCP router Traefik v2 file , tcp	6	4909	June 9, 2023
Getting TCP routers to work with Traefik Traefik v2 docker-swarm , tcp	10	2625	September 9, 2019
Traefik behind Traefik Traefik v2 docker , tcp	1	990	April 6, 2023
Help needed with multiple traefik instances and routing to services on different servers Traefik v2 docker , tcp	4	954	March 23, 2024

Traefik and rport (non-docker)

Related topics