I configured Traefik in docker using the guide: Put Wildcard Certificates and SSL on EVERYTHING - Traefik Tutorial
But when trying to access the dashboard - I see an error: 404 Page not found
A small description of the configuration I have (to understand what I want to do):
I have a domain example.com
. I created a global subdomain on it local.example.com
and sent it to the server ip (my work computer and the server are the same, I do all the actions on the server).
On the server itself there is bind9, which is my local zone local.example.com
assigns local subdomains to servers on the intra-container ip address 10.20.3.4
and *.servers - so that those local game servers that were created using pterodactyl have a local subdomain server1.servers.local.example.com
And I also made a local subdomain for Traefik, so that only I could log into it locally from the host machine.
- I have a microtic router that stands between my local home network and access to the global Internet, a static IP serves as access to the global Internet 93...***
The router, using fixed dhcp, assigns to my physical computer =ip server192.168.88.253
Important: the firewall on mikrotic is disabled (temporarily, while I'm testing the launch and activation of traefik+bind9+pterodactyl - Next comes the physical server = my computer on the ubuntu operating system, in which the firewall is also disabled. Bind9 and Traefik are on it.
Docker containers with bind9 and traefik do not have access to the local home network, but have access to proxy1 and dns-network networks (bind9 network).
Inside the dns network, the local ip zone is different: 10.20.0.0/8
That's where the grafting of these ip subdomains takes place. And already the output traffic from these networks is carried out by docker-compose in which ports 80,443,53 are open. It is through the ports that traffic is exchanged with the local and, if I want, even with the global Internet.
I have asked this question on several forums:
I've tried everything:
- disabled the firewall in ubuntu and in the router
- Tried to log in from both local ip and local machine ip: localhost and 192.168.88.253
- I configured docker compose file so that both Traefik and bind9 were in the same network and even configured a subdomain in bind 9 adding Traefik-dashboard entry to it.
I couldn't access Traefik dashboard from the domain, and still can't. However, I can't enter it either by local ip and localhost.
Below I'll give you all my tips, including docker-compose files, error logs, etc.
I would be very grateful if you could point out my flaws and help me solve this problem.
Let's start with traefik docker-compose.yml:
traefik docker-compose.yml
version: '3.8'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
proxy1:
dns-server_dns-network:
ipv4_address: 10.20.3.5
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=****@protonmail.com
- CF_DNS_API_TOKEN=mdc3Xlhxpuidm***
# - CF_API_KEY=YOUR_API_KEY
# be sure to use the correct one depending on if you are using a token or key
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/traefik/data/traefik.yml:/traefik.yml:ro
- /root/traefik/data/acme.json:/acme.json
- /root/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.****.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.****.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=local.****.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.****.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
dns-server_dns-network:
external: true
proxy1:
external: true
I'll give you a little explanation:
dns-server_dns-network is the network of the dns-server (bind9), which is also inside the docker container, but a different one. In this case it is necessary to assign a local subdomain and everything would work correctly.
proxy1 - network of Traefik itself.
Traefik config.yml
http:
#region routers
routers:
bind9:
entryPoints:
- "https"
rule: "Host(`bind9.local.*****.com`)"
middlewares:
- default-headers
- https-redirectscheme
tls: {}
service: bind9
pterodactyl:
entryPoints:
- "https"
rule: "Host(`pterodactyl.local.*****.com`)"
middlewares:
- default-headers
- https-redirectscheme
tls: {}
service: pterodactyl
#endregion
#region services
services:
bind9:
loadBalancer:
servers:
- url: "https://10.20.3.2:53"
passHostHeader: true
pterodactyl:
loadBalancer:
servers:
- url: "http://10.20.3.6:8082"
passHostHeader: true
#endregion
middlewares:
addprefix-pihole:
addPrefix:
prefix: "/admin"
https-redirectscheme:
redirectScheme:
scheme: https
permanent: true
redirectregex-pihole:
redirectRegex:
regex: /admin/$
replacement: /
default-headers:
headers:
frameDeny: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
idrac:
headers:
frameDeny: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipWhiteList:
sourceRange:
- "10.0.0.0/8"
- "192.168.88.0/24"
- "172.16.0.0/12"
secured:
chain:
middlewares:
- default-whitelist
- default-headers
Traefik.yml
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: ****@protonmail.com
storage: acme.json
dnsChallenge:
delayBeforeCheck: 5
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables>
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
acme.json file
{
"cloudflare": {
"Account": {
"Email": "*****@protonmail.com",
"Registration": {
"body": {
"status": "valid",
"contact": [
"mailto:****@protonmail.com"
]
},
"uri": "https://acme-v02.api.letsencrypt.org/acme/acct/1308****76"
},
"PrivateKey": "MIIJKQ**********fhYGyV2xowwa/O9WSHf+3GU>
"KeyType": "4096"
},
"Certificates": [
{
"domain": {
"main": "local.*****.com",
"sans": [
"*.local.*****.com"
]
},
"certificate": "LS0tLS1C***********N3VUEKTURJ>
"key": "LS0tLS1CRUdJTiBS*******Bejk4bzdCeTBtCnhLVFFC>
"Store": "default"
}
]
}
}
If you run Traefik with a container, there is nothing in the logs:
root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"
However, if you write restart, errors will appear in the logs:
root@riven:~/traefik/data# docker restart traefik
traefik
root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:36+03:00" level=info msg="Configuration loaded from file: /traefik.yml"
Just in case, here's a list of all the containers:
root@riven:~/dns-server/config# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78296a683271 traefik:latest "/entrypoint.sh trae…" 11 hours ago Up 25 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp traefik
5c3081b0c7df ubuntu/bind9:latest "docker-entrypoint.sh" 12 hours ago Up 8 minutes 0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp dns-server
Now let's move on to the dns server bind9, which is also running in a container:
bind9 docker-compose.yml
version: '3'
networks:
dns-network:
driver: bridge
ipam:
config:
- subnet: 10.20.0.0/16
services:
bind9:
container_name: dns-server
image: ubuntu/bind9:latest
environment:
- BIND9_USER=root
- TZ=Europe/Moscow
networks:
dns-network:
ipv4_address: 10.20.3.2
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- ./config:/etc/bind
- ./cache:/var/cache/bind
- ./records:/var/lib/bind
restart: unless-stopped
named.conf file
acl internal {
10.10.0.0/16;
10.11.0.0/16;
10.20.0.0/16;
10.50.0.0/16;
192.168.88.0/24;
};
options {
forwarders {
1.1.1.1;
1.0.0.1;
};
allow-query { internal; };
};
zone "local.*****.com" IN {
type master;
file "/etc/bind/local-*****-com.zone";
};
local-*****-com.zone file
$TTL 2D
$ORIGIN local.*****.com.
@ IN SOA ns.local.*****.com. admin.*****.com. (
2023083100 ; serial
12h ; refresh
15m ; retry
3w ; expire
2h ; minimum ttl
)
IN NS ns.local.*****.com.
ns IN A 10.20.3.2
; -- add dns records below
servers IN A 10.20.3.4
*.servers IN A 10.20.3.4
traefik-dashboard IN A 10.20.3.5
Bind9 logs
root@riven:~/dns-server/config# docker logs --tail=200 dns-server
Starting named...
exec /usr/sbin/named -u "root" "-g" ""
14-Sep-2023 14:54:56.133 starting BIND 9.18.12-1ubuntu1.1-Ubuntu (Extended Support Version) <id:>
14-Sep-2023 14:54:56.133 running on Linux x86_64 6.2.0-32-generic #32~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 18 10:40:13 UTC 2
14-Sep-2023 14:54:56.133 built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fdebug-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=/usr/src/bind9-1:9.18.12-1ubuntu1.1 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
14-Sep-2023 14:54:56.133 running as: named -u root -g
14-Sep-2023 14:54:56.133 compiled by GCC 12.2.0
14-Sep-2023 14:54:56.133 compiled with OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 linked to OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 compiled with libxml2 version: 2.9.14
14-Sep-2023 14:54:56.133 linked to libxml2 version: 20914
14-Sep-2023 14:54:56.133 compiled with json-c version: 0.16
14-Sep-2023 14:54:56.133 linked to json-c version: 0.16
14-Sep-2023 14:54:56.133 compiled with zlib version: 1.2.13
14-Sep-2023 14:54:56.133 linked to zlib version: 1.2.13
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 BIND 9 is maintained by Internet Systems Consortium,
14-Sep-2023 14:54:56.133 Inc. (ISC), a non-profit 501(c)(3) public-benefit
14-Sep-2023 14:54:56.133 corporation. Support and training for BIND 9 are
14-Sep-2023 14:54:56.133 available at https://www.isc.org/support
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 found 8 CPUs, using 8 worker threads
14-Sep-2023 14:54:56.133 using 8 UDP listeners per interface
14-Sep-2023 14:54:56.133 DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
14-Sep-2023 14:54:56.133 DS algorithms: SHA-1 SHA-256 SHA-384
14-Sep-2023 14:54:56.133 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
14-Sep-2023 14:54:56.133 TKEY mode 2 support (Diffie-Hellman): yes
14-Sep-2023 14:54:56.133 TKEY mode 3 support (GSS-API): yes
14-Sep-2023 14:54:56.137 config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
14-Sep-2023 14:54:56.137 loading configuration from '/etc/bind/named.conf'
14-Sep-2023 14:54:56.137 unable to open '/etc/bind/bind.keys'; using built-in keys instead
14-Sep-2023 14:54:56.137 looking for GeoIP2 databases in '/usr/share/GeoIP'
14-Sep-2023 14:54:56.137 using default UDP/IPv4 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 using default UDP/IPv6 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 listening on IPv4 interface lo, 127.0.0.1#53
14-Sep-2023 14:54:56.141 listening on IPv4 interface eth0, 10.20.3.2#53
14-Sep-2023 14:54:56.141 Could not open '//run/named/named.pid'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/named.pid': Permission denied
14-Sep-2023 14:54:56.141 generating session key for dynamic DNS
14-Sep-2023 14:54:56.141 Could not open '//run/named/session.key'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/session.key': Permission denied
14-Sep-2023 14:54:56.141 could not create //run/named/session.key
14-Sep-2023 14:54:56.141 failed to generate session key for dynamic DNS: permission denied
14-Sep-2023 14:54:56.141 sizing zone task pool based on 1 zones
14-Sep-2023 14:54:56.141 none:99: 'max-cache-size 90%' - setting to 57829MB (out of 64255MB)
14-Sep-2023 14:54:56.141 using built-in root key for view _default
14-Sep-2023 14:54:56.141 set up managed keys zone for view _default, file 'managed-keys.bind'
14-Sep-2023 14:54:56.141 automatic empty zone: 10.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 16.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 17.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 18.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 19.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 20.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 21.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 22.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 23.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 24.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 25.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 26.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 27.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 28.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 29.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 30.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 31.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 168.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 64.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 65.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 66.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 67.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 68.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 69.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 70.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 71.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 72.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 73.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 74.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 75.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 76.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 77.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 78.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 79.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 80.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 81.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 82.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 83.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 84.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 85.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 86.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 87.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 88.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 89.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 90.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 91.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 92.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 93.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 94.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 95.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 96.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 97.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 98.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 99.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 101.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 102.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 103.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 104.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 105.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 106.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 107.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 108.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 109.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 110.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 111.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 112.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 113.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 114.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 115.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 116.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 117.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 118.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 119.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 120.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 121.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 122.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 123.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 124.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 125.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 126.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 0.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 254.169.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 2.0.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.51.198.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 113.0.203.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: D.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 9.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: A.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: B.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: EMPTY.AS112.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: HOME.ARPA
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on 127.0.0.1#953
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on ::1#953
14-Sep-2023 14:54:56.145 not using config file logging statement for logging due to -g option
14-Sep-2023 14:54:56.145 managed-keys-zone: loaded serial 2
14-Sep-2023 14:54:56.149 zone local.*****.com/IN: loaded serial 2023083100
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:1::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:dc3::35#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:ba3e::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fe::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:12::d0d#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2::c#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2f::f#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:a8::e#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:9f::42#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fd::1#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:c27::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:200::b#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2d::d#53
14-Sep-2023 14:54:56.153 all zones loaded
14-Sep-2023 14:54:56.153 running
14-Sep-2023 14:54:56.173 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
14-Sep-2023 14:54:56.177 resolver priming query complete: success
All my networks
root@riven:~/dns-server/config# docker network ls
NETWORK ID NAME DRIVER SCOPE
bed0ea1726ee bridge bridge local
37f54b168f7e dns-server_dns-network bridge local
8db2a758902a host host local
d5d2a3a56006 none null local
44f6196d71d9 proxy1 bridge local
Checking ip addresses of containers
root@riven:~/dns-server/config# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78296a683271 traefik:latest "/entrypoint.sh trae…" 11 hours ago Up 25 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp traefik
5c3081b0c7df ubuntu/bind9:latest "docker-entrypoint.sh" 12 hours ago Up 8 minutes 0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp dns-server
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 78296a683271
10.20.3.5172.18.0.2
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 5c3081b0c7df
10.20.3.2
But as you can see DNS server is working fine, you can see it from nslookup queries:
nslookup queries
root@riven:~/dns-server/config# nslookup local.*****.com
Server: 192.168.88.1
Address: 192.168.88.1#53
Non-authoritative answer:
Name: local.*****.com
Address: 91.***.***.1*4
root@riven:~/dns-server/config# nslookup servers.local.*****.com 10.20.3.2
Server: 10.20.3.2
Address: 10.20.3.2#53
Name: servers.local.*****.com
Address: 10.20.3.4
root@riven:~/dns-server/config# nslookup traefik-dashboard.local.*****.com 10.20.3.2
Server: 10.20.3.2
Address: 10.20.3.2#53
Name: traefik-dashboard.local.*****.com
Address: 10.20.3.5
Also if I go to the local domain (local.*****.com) I will see my microtik router page
But if I go into the traefik panel, I see that nothing is working:
Note that I am doing all of the above from a local host machine and with the ubuntu firewall (UFW) completely disabled
And also with mikrotik firewall disabled!!!
I have no idea what I did wrong or how to make it all work. At least how to make the Traefik panel work. I would be grateful for help and advice.