Traefik Bad Gateway for node.js application

Traefik Traefik v2
1

hello, i have set my project up using traefik and docker compose, its a simple blog application it also have a mongodb image and mongo express frontend, the problem is that although i can deploy and expose my mongo client with no problem when i try my main blog application i simply get a Bad Gateway message in my browser, here is my docker-compose:

version: '3'

networks:
  web:
    external: true
  internal:
    external: false

services:
  traefik:
    image: "traefik:v2.5"
    container_name: "traefik"
    networks:
      - web
      - internal
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - ./logs/traefik.log:/var/log/traefik.log
      - "./traefik.toml:/traefik.toml"
      - "./traefik_dynamic.toml:/traefik_dynamic.toml"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  mongo:
    container_name: mongo
    image: mongo
    volumes:
      - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
      - ./volumes/mongo-data:/data/db
    command: mongod --port 27019
    labels:
      - traefik.enable=false
    ports:
      - "0.0.0.0:27019:27019"
    networks:
      - internal
  blog:
    container_name: crypto_blog
    build: ./
    restart: always
    env_file: ./.env
    ports:
        - "4300:4300"
    links:
        - mongo
    depends_on:
      # - jaeger
      - mongo
    labels:
      - traefik.http.routers.blog.rule=Host(`mydomain.info`)
      - traefik.http.routers.blog.tls=false
      - traefik.port=80
    networks:
        - internal
        - web
    volumes:
      - ./public/uploads:/usr/src/app/public/uploads
  mongoexpress:
    image: mongo-express
    container_name: mongoexpress
    labels:
      - traefik.http.routers.mongo.rule=Host(`mongo.mydomain.info`)
      - traefik.http.routers.mongo.tls=false
      - traefik.port=80
    ports:
        - "8023:8081"
    links:
        - mongo
    networks:
      - internal
      - web
    environment:
        ME_CONFIG_MONGODB_SERVER: mongo
        ME_CONFIG_MONGODB_PORT: 27019

here is my traefik.toml :

[entryPoints]
  [entryPoints.web]
    address = ":80"
    # [entryPoints.web.http.redirections.entryPoint]
    #   to = "websecure"
    #   scheme = "https"

  [entryPoints.websecure]
    address = ":443"

[api]
  dashboard = true

[certificatesResolvers.lets-encrypt.acme]
  email = "xxx@dmoain.com"
  storage = "acme.json"
  [certificatesResolvers.lets-encrypt.acme.tlsChallenge]

[providers.docker]
  watch = true
  network = "web"

[providers.file]
  filename = "traefik_dynamic.toml"

and my traefik_dynamic.toml:

[http.middlewares.simpleAuth.basicAuth]
  users = [
    "admin:$apr1$EsFGGunJ$EokXWJhvqykI0h1oVK6PF."
  ]

[http.routers.api]
  rule = "Host(`monitor.alphainvest.info`)"
  entrypoints = ["web"]
  middlewares = ["simpleAuth"]
  service = "api@internal"
#   [http.routers.api.tls]
#     certResolver = "lets-encrypt"

also my traefik logs don't show any problems, i would appreciate it if you can help me, thanks.

2

Hello @hamidm21,

i think that traefik doesn't have the information what port your service listenes to.
You should add a label to each service:

- "traefik.http.services.SERVICENAME.loadbalancer.server.port=PORT"

Besides, there may be some severe security issues with this configuration.
Don't expose ports you don't need to the internet.
Don't expose anything to the internet which is unencrypted.
Then, if everything works, you may want to add some secure headers middleware and configure tls to be more safe.

Here are some hints in the docker-compose.yaml:

version: '3' # the new compose spec doesn't need the version any more, see https://github.com/compose-spec/compose-spec/blob/master/spec.md

networks:
  web:
    external: true
  internal:
    external: false

services:
  traefik:
    image: "traefik:v2.5"
#    container_name: "traefik" # you usually don't need to set the container name explicitly, compose does this for you
    networks:
      - web
      - internal
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080" # i wouldn't recommend exposing the dashboard to the public
    volumes:
      - ./logs/traefik.log:/var/log/traefik.log # maybe you want to configure traefik to put the logs to stdout
      - "./traefik.toml:/traefik.toml"
      - "./traefik_dynamic.toml:/traefik_dynamic.toml"
      - "/var/run/docker.sock:/var/run/docker.sock:ro" # consider using a docker-socket-proxy (e.g. from tecnativa) instead of mounting the socket directly

  mongo:
#    container_name: mongo
    image: mongo # i recommend pinning an specific version instead of using 'latest'
    volumes:
      - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
      - ./volumes/mongo-data:/data/db
    command: mongod --port 27019
    labels:
      - traefik.enable=false
#    ports:
#      - "0.0.0.0:27019:27019"  # you don't need to expose the port if you use it only for internal communication
    networks:
      - internal

  blog:
#    container_name: crypto_blog
    build: ./
    restart: always
    env_file: ./.env
#    ports:
#        - "4300:4300"  # i assume your container listenes on port 4300? You normally don't have to expose this port
    links:
        - mongo
    depends_on:
      # - jaeger
      - mongo
    labels:
      - traefik.http.routers.blog.rule=Host(`mydomain.info`)  # you hopefully want to switch to encrypted communication after testing, right?
      - traefik.http.routers.blog.tls=false
#      - traefik.port=80
      - traefik.http.services.blog.loadbalancer.server.port=4300
    networks:
        - internal
        - web
    volumes:
      - ./public/uploads:/usr/src/app/public/uploads

  mongoexpress:
    image: mongo-express
#    container_name: mongoexpress
    labels:
      - traefik.http.routers.mongo.rule=Host(`mongo.mydomain.info`)  # do you REALLY want to expose this container unencrypted to the web???
      - traefik.http.routers.mongo.tls=false
#      - traefik.port=80
    ports:
        - "8023:8081" # do you really need this?
    links:
        - mongo
    networks:
      - internal
      - web
    environment:
        ME_CONFIG_MONGODB_SERVER: mongo
        ME_CONFIG_MONGODB_PORT: 27019

Regards,
Wolfgang

3

thanks Mr Wolfgang adding this

- "traefik.http.services.SERVICENAME.loadbalancer.server.port=PORT"

to my configuration worked perfectly, also i appreciate your security tips although i should point out this configuration is for testing and development.

i thank you again for your solution and i wish you well.

1 Like
4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.