Traefik behind another Traefik

kurtisane · August 29, 2023, 10:28am

Hi,
we have a VM running Traefik (lets call it T-Root) to destribute requests to our different environments seperated over different subdomains. This Traefik instance is also handling our SSL encryption.

Now we needed to introduce a traefik instance to each environment to also have SSL encryption when requesting over IP (instead of domain) when in our VPN.

We have set it up that we can activate/deactive the SSL encryption depending on a environment variable while deploying the environment. When SSL is deactivated requests over the domain and therefore over T-Root work perfectly fine as before. The traefik instances in every environment are not really doing anything. When SSL is active we are facing the issue that the forwarding is not working.

I have jaeger configured for T-Root and each traefik instance within the environments. I'm only seeing a trace in T-Root jaeger. So nothing is really reaching the other traefik instances.

The configuration :

 http:
  services:
    rr-staging:
      loadBalancer:
        servers:
          - url: "https://192.168.35.43"
  
  routers:
    rr-staging:
      rule: "Host(`mydomain.org`)"
      service: "rr-staging"
      entryPoints:
        - "websecure"
      tls:
        certResolver: myresolver

When SSL is deactivated we are using "http://192.168.35.43".

Any suggestions whats going on here ?

bluepuma77 · August 29, 2023, 2:05pm

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

You could just declare a default cert, which works for custom (purchased) certs and also for LetsEncrypt. You can also create your own cert and import it into the browser.

kurtisane · August 30, 2023, 9:17am

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.10.4
    command:
      - '--api.insecure=true'
      - '--providers.file.directory=/config'
      - '--providers.file.watch=true'
      - '--entryPoints.web.address=:80'
      - '--entryPoints.websecure.address=:443'
      - '--certificatesresolvers.myresolver.acme.email=test@test.com'
      - '--certificatesresolvers.myresolver.acme.storage=/config/acme.json'
      - '--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web'
      - '--tracing.jaeger=true'
      - '--tracing.serviceName=traefik'
      - '--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling'
      - '--tracing.jaeger.samplingType=const'
      - '--tracing.jaeger.samplingParam=1.0'
      - '--tracing.jaeger.localAgentHostPort=jaeger:6831'
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      - "/home/moti/reverse-proxy/config:/config"
    restart: always
  jaeger:
    image: jaegertracing/all-in-one:1.17
    environment:
      COLLECTOR_ZIPKIN_HTTP_PORT: 9411
      MEMORY_MAX_TRACES: 5000
    ports:
      - "5775:5775/udp"
      - "6831:6831/udp"
      - "6832:6832/udp"
      - "5778:5778"
      - "16686:16686"
      - "14268:14268"
      - "9411:9411"
    restart: always

And the piece of yaml I have send before is the config.
I'M not able to understand what is causing this behavior. I would at least expect something to hit the traefik instances in each environment. But thats not happening.

Topic		Replies	Views
Issues running Nginx reverse proxy that handles SSL BEHIND Traefik Traefik v2 (latest) docker-swarm	1	1385	November 6, 2022
Docker SSL Certificates Traefik v2 (latest) docker	6	4819	September 24, 2019
Traefik 2.1 and docker-compose over https Traefik v2 (latest) docker , middleware	4	966	May 5, 2020
External Host with SSL Backend Traefik v2 (latest) file , letsencrypt-acme	1	764	October 26, 2020
SSL terminated on host by server company. What do I need to do? Traefik v2 (latest) docker	4	328	November 29, 2022

Traefik behind another Traefik

Related Topics