Hello friends,
This is the first time i'm using Traefik to redirect some services on my local NAS. Okay, a little background: I have a little self-assembled personal NAS, this NAS has running several services on docker containers like syncthing, portainer, a minecraft server, pihole and so on. Since its running my DNS I just setup some local nameservers for my NAS and other machines. In the case my server is called "elizabeth.lan" on my local domain (yes, i know i should be using home.arpa, but i'll get there).
I dont want to buy a custom complex domain to my personal local network just to access some administrative panels on my NAS. This domain will never leave my network and the whole point is to be extremely simple. So, lets-encrypt is not the way.
Before I just typed the IP address of the NAS and some random default port for each service and enable per-service self-signed HTTPS, that worked fine for me. But being able to type portainer.elizabeth.lan is far better than 192.168.50.32:9443...
So. I'm fighting Traefik to do that, redirect my docker container services to some subdomain i've setup on my DNS. But every time i enable HTTPS I get a 404 page not found and I cannot leave that.
My stack (docker-compose):
version: '3.8'
services:
traefik:
image: traefik:v2.8
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /docker/traefik/traefik.yml:/traefik.yml
- /docker/traefik/traefik_dynamic.yml:/traefik_dynamic.yml
#- /docker/traefik/cert.crt:/cert.crt
#- /docker/traefik/cert.key:/cert.key
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- web
container_name: traefik
restart: unless-stopped
networks:
web:
external: true
my traefik.yml
entryPoints:
web:
address: ":80"
#http:
#redirections:
# entryPoint:
# to: "websecure"
# scheme: "https"
websecure:
address: ":443"
api:
dashboard: true
insecure: true
providers:
docker:
watch: true
network: web
file:
filename: "traefik_dynamic.yml"
log:
level: DEBUG
my traefik_dynamic.yml
http:
services:
syncthing:
loadBalancer:
servers:
- url: "http://10.0.1.2:8384"
middlewares:
auth:
basicAuth:
users:
- "admin:$apr1$0hyBtB/T$j.cjuoMj7JH/MNx/g5CTX/"
routers:
# api:
# rule: "Host(`traefik.elizabeth.lan`)"
# entrypoints:
# - websecure
# middlewares: "auth"
# service: "api@internal"
syncthing:
rule: "Host(`syncthing.elizabeth.lan`)"
entrypoints:
- websecure
service: syncthing
My pihole stack:
version: "3.8"
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- 53:53/tcp
- 53:53/udp
- 67:67/udp
environment:
TZ: America/Sao_Paulo
# VIRTUAL_HOST: pihole.elizabeth.lan
# VIRTUAL_PORT: 80
# SELF_SIGNED_HOST: pihole.elizabeth.lan
volumes:
- /docker/pihole/:/etc/pihole
- /docker/pihole/dnsmasq.d:/etc/dnsmasq.d
cap_add:
- NET_ADMIN
restart: unless-stopped
dns:
- 127.0.0.1
networks:
- web
labels:
- traefik.enable=true
- traefik.http.routers.pihole.rule=Host(`pihole.elizabeth.lan`)
- traefik.http.routers.pihole.entrypoints=websecure
- traefik.http.services.pihole.loadbalancer.server.port=80
- traefik.http.services.pihole.loadbalancer.server.scheme=http
networks:
web:
external: true
I've added the pihole stack just as an example but nothing HTTPS is working. When i change the entrypoint from websecure to web and try to connect trought normal http everything just works fine, when I try to enable HTTPS using a self signed certificate or (as is) with Traefik self generated certificate i just got an 404 page not found.
My traefik debug log when connecting to pihole.elizabeth.lan
time="2022-08-04T01:06:12Z" level=debug msg="Serving default certificate for request: \"pihole.elizabeth.lan\""
time="2022-08-04T01:06:12Z" level=debug msg="http: TLS handshake error from 10.0.1.20:61971: remote error: tls: bad certificate"
time="2022-08-04T01:06:13Z" level=debug msg="Serving default certificate for request: \"pihole.elizabeth.lan\""**strong text**