Traefik API inaccessible to Homepage

Homepage is a (Docker) containerised web UI that provide links to all my other self-hosted services. It can optionally access the API from various services (including Traefik) to display stats about the service.

I have successfully used Homepage's Automatic Service Discovery mechanism with several Docker containers. However, I am having a problem getting it to work with Traefik. (I am running Traefik v3.0.4 in a Docker container - compose file below)

Screenshot of what I see in Homepage here.

As you can see, I get an API error for Traefik, specifically. I can load the URL ( https://traefik-dashboard.mydomain.com/api/overview ) in my browser and see the JSON from the Traefik API just fine, so I'm guessing this might be an issue where the Homepage container can't access the Traefik container... but they're both definitely on the same network in their respective docker-compose.yml files.

docker-compose-homepage.yml:

services:
  homepage:
    image: ghcr.io/gethomepage/homepage:latest
    container_name: homepage
    restart: unless-stopped
    volumes:
      - ./config:/app/config # Make sure your local config directory exists
      - /var/run/docker.sock:/var/run/docker.sock # (optional) For docker integrations
      - /home/david/docker/homepage/images:/app/public/images # Path to background image stored on computer.
    networks:
      proxy:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homepage.entrypoints=http"
      - "traefik.http.routers.homepage.rule=Host(`homepage.mydomain.com`)"
      - "traefik.http.routers.homepage.middlewares=default-whitelist@file"
      - "traefik.http.middlewares.homepage-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.homepage.middlewares=homepage-https-redirect"
      - "traefik.http.routers.homepage-secure.entrypoints=https"
      - "traefik.http.routers.homepage-secure.rule=Host(`homepage.mydomain.com`)"
      - "traefik.http.routers.homepage-secure.tls=true"
      - "traefik.http.routers.homepage-secure.service=homepage"
      - "traefik.http.services.homepage.loadbalancer.server.port=3000"
    security_opt:
      - no-new-privileges:true

networks:
  proxy:
    external: true

docker-compose-traefik.yml:

services:
  traefik:
    image: traefik:v3.0.4
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80 #For internal services
      - 81:81 #For external services
      - 443:443 #For internal services
      - 444:444 #For external services
    environment:
      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets
      TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    secrets:
      - cf_api_token
    env_file: .env # use .env
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/config.yml:/config.yml:ro
      - ./logs:/var/log/traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.mydomain.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.mydomain.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=mydomain.com"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.mydomain.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - homepage.group=Network admin
      - homepage.name=Traefik
      - homepage.icon=traefik
      - homepage.href=https://traefik-dashboard.mydomain.com
      - homepage.description=HTTP reverse proxy and load balancer.
      - homepage.statusStyle=dot
      - homepage.widget.type=traefik
      - homepage.widget.url=https://traefik-dashboard.mydomain.com
      - homepage.widget.username:dave
      - homepage.widget.password:passwordhere
      - homepage.showStats=true
secrets:
  cf_api_token:
    file: ./cf_api_token.txt

networks:
  proxy:
    external: true

I noticed these errors in the Homepage log (as seen in Portainer):

"Listening on port 3000
[2024-07-16T01:59:00.284Z] error: <service-helpers> Error getting services from Docker server 'docker1': Error: connect EACCES /var/run/docker.sock
    at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1555:16) {
  errno: -13,
  code: 'EACCES',
  syscall: 'connect',
  address: '/var/run/docker.sock'
}
[2024-07-16T01:59:00.494Z] error: <service-helpers> Error getting services from Docker server 'docker1': Error: connect EACCES /var/run/docker.sock
    at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1555:16) {
  errno: -13,
  code: 'EACCES',
  syscall: 'connect',
  address: '/var/run/docker.sock'
}
[2024-07-16T01:59:00.871Z] error: <dockerStatusService> Error: connect EACCES /var/run/docker.sock
    at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1555:16)
[2024-07-16T01:59:01.087Z] error: <service-helpers> Error getting services from Docker server 'docker1': Error: connect EACCES /var/run/docker.sock
    at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1555:16) {
  errno: -13,
  code: 'EACCES',
  syscall: 'connect',
  address: '/var/run/docker.sock'
}
[2024-07-16T01:59:01.109Z] error: <httpProxy> Error calling https://traefik-dashboard.mydomain.com/api/overview...
[2024-07-16T01:59:01.110Z] error: <httpProxy> [
  500,
  Error: getaddrinfo ENOTFOUND traefik-dashboard.mydomain.com
      at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:118:26) {
    errno: -3008,
    code: 'ENOTFOUND',
    syscall: 'getaddrinfo',
    hostname: 'traefik-dashboard.mydomain.com'
  }"

I noted specifically "Error: connect EACCES /var/run/docker.sock". I thought it may be because /var/run/docker.sock didn't exist on my system. I found this and followed the instructions in the accepted answer (indeed, I was running Docker via systemctl and it was set to containerd.sock instead within /lib/systemd/system/docker.service (as shown in that answer), and so I changed it (again, as per the answer), so now I have /var/run/docker.sock (I also then rebooted, just in case).

Despite this change, and despite restarting the Docker host entirely, I still see the same error in the Homepage log (as seen in Portainer) and also the API error in the Homepage web UI (as seen in the screenshot provided).

Any ideas what I might've stuffed up, please?

The error indicates your Docker container can’t access the Docker socket on host.

It seems this is rather a Linux host and Docker permission issue, has nothing to do with Traefik.

Docker forum (link) is usually very helpful, but mention your special installation.

1 Like

Thank you. I'll post in the Docker forums. :grinning:
I will report back here with the solution, should I find one.

Ok, after a long and convoluted troubleshooting process, I've added an IP address to my Pi-Hole compose file, and then set that same IP address as the DNS address for the Traefik compose file.

i.e., for Pi-Hole:

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "500:80/tcp"
    networks:
      pihole_internal:
        ipv4_address: 172.70.9.3
      proxy:
        ipv4_address: 172.22.0.14
(this is a shortened version of the entire file)

...and for Homepage:

services:
  homepage:
    image: ghcr.io/gethomepage/homepage:latest
    container_name: homepage
    restart: unless-stopped
    dns: 172.22.0.14
(this is also shortened)

Now, the error message shown in the Homepage logs has changed:

[2024-07-21T23:53:58.034Z] error: <httpProxy> Error calling http://traefik/api/overview...
[2024-07-21T23:53:58.035Z] error: <httpProxy> [
  500,
  Error [ERR_FR_REDIRECTION_FAILURE]: Redirected request failed: Protocol "https:" not supported. Expected "http:"
      at RedirectableRequest._onNativeResponse (/app/node_modules/.pnpm/follow-redirects@1.15.6/node_modules/follow-redirects/index.js:95:17)
      at Object.onceWrapper (node:events:632:26)
      ... 2 lines matching cause stack trace ...
      at HTTPParser.parserOnHeadersComplete (node:_http_common:119:17)
      at Socket.socketOnData (node:_http_client:541:22)
      at Socket.emit (node:events:517:28)
      at addChunk (node:internal/streams/readable:368:12)
      at readableAddChunk (node:internal/streams/readable:341:9)
      at Readable.push (node:internal/streams/readable:278:10) {
    cause: TypeError [ERR_INVALID_PROTOCOL]: Protocol "https:" not supported. Expected "http:"
        at new NodeError (node:internal/errors:405:5)
        at new ClientRequest (node:_http_client:188:11)
        at Object.request (node:https:366:10)
        at RedirectableRequest._performRequest (/app/node_modules/.pnpm/follow-redirects@1.15.6/node_modules/follow-redirects/index.js:326:24)
        at RedirectableRequest._processResponse (/app/node_modules/.pnpm/follow-redirects@1.15.6/node_modules/follow-redirects/index.js:483:8)
        at RedirectableRequest._onNativeResponse (/app/node_modules/.pnpm/follow-redirects@1.15.6/node_modules/follow-redirects/index.js:91:12)
        at Object.onceWrapper (node:events:632:26)
        at ClientRequest.emit (node:events:517:28)
        at HTTPParser.parserOnIncomingClient (node:_http_client:700:27)
        at HTTPParser.parserOnHeadersComplete (node:_http_common:119:17) {
      code: 'ERR_INVALID_PROTOCOL'
    },
    code: 'ERR_FR_REDIRECTION_FAILURE'
  }
]

I'm no longer seeing that Docker socket error, but instead now this new error about https not being supported.

Any idea how to fix that please?

Hmm, the forum's anti-spam functionality has blocked one of my comments.
In any case, I have been able to fix the problem by specifying an IP address for my Pi-Hole instance, and then using Traefik's FQDN in its compose file.

This is explained in detail here, for anyone wondering.

Thanks bluepuma77 for your advice earlier.

1 Like

Maybe you should have mentioned earlier, that you manipulate DNS with PiHole :wink:

Despite the meme, I had no idea that DNS was to blame when I started troubleshooting this issue. :laughing: