Traefik + ECS Fargate. How?

numToStr · January 30, 2021, 8:48am

I've been trying to deploy multiple services behind a Traefik proxy inside the ECS Fargate cluster. But Traefik is not been able to connect to the services, it always says Gateway Timeout. I don't know what I am doing wrong. Maybe I am missing something in my terraform code or my Traefik config.

Traefik Proxy Service

[
    {
        "name": "proxy",
        "image": "traefik:latest",
        "command": [
            "traefik",
            "--accesslog=true",
            "--log.level=DEBUG",
            "--entryPoints.web.address=:80",
            "--providers.ecs.region=${region}",
            "--providers.ecs.clusters=${cluster_name}",
            "--providers.ecs.exposedByDefault=true",
            "--providers.ecs.refreshSeconds=60"
        ],
        "portMappings": [
            {
                "hostPort": 80,
                "containerPort": 80
            }
        ],
        "logConfiguration": {
            "logDriver": "awslogs",
            "options": {
                "awslogs-create-group": "true",
                "awslogs-group": "ecs/${cluster_name}/proxy",
                "awslogs-region": "${region}",
                "awslogs-stream-prefix": "ecs"
            }
        },
        "dockerLabels": {
            "traefik.enable": "false"
        }
    }
]

Backend Service

[
    {
        "name": "backend",
        "image": "traefik/whoami",
        "essential": true,
        "portMappings": [
            {
                "containerPort": 80
            }
        ],
        "logConfiguration": {
            "logDriver": "awslogs",
            "options": {
                "awslogs-create-group": "true",
                "awslogs-group": "ecs/${cluster_name}/backend",
                "awslogs-region": "${region}",
                "awslogs-stream-prefix": "ecs"
            }
        },
        "dockerLabels": {
            "traefik.enable": "true",
            "traefik.http.routers.backend.rule": "Host(`${alb_dns}`)",
            "traefik.http.routers.backend.entrypoints": "web"
        }
    }
]

Logs

time="2021-01-30T12:27:34Z" level=info msg="Configuration loaded from flags."
time="2021-01-30T12:27:34Z" level=info msg="Traefik version 2.4.0 built on 2021-01-19T17:26:51Z"
time="2021-01-30T12:27:34Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"ecs\":{\"exposedByDefault\":true,\"refreshSeconds\":60,\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"clusters\":[\"demo\"],\"region\":\"us-east-1\"}},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}}}"
time="2021-01-30T12:27:34Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2021-01-30T12:27:34Z" level=info msg="Starting provider aggregator.ProviderAggregator 
{}
"
time="2021-01-30T12:27:34Z" level=debug msg="Start TCP Server" entryPointName=web
time="2021-01-30T12:27:34Z" level=info msg="Starting provider *acme.ChallengeTLSALPN {\"Timeout\":2000000000}"
time="2021-01-30T12:27:34Z" level=info msg="Starting provider *ecs.Provider {\"exposedByDefault\":true,\"refreshSeconds\":60,\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"clusters\":[\"demo\"],\"region\":\"us-east-1\"}"
time="2021-01-30T12:27:34Z" level=debug msg="ECS Clusters: [demo]" providerName=ecs
time="2021-01-30T12:27:34Z" level=info msg="Starting provider *traefik.Provider 
{}
"
time="2021-01-30T12:27:34Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"services\":{\"noop\":{}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"tls\":{}}" providerName=internal
time="2021-01-30T12:27:34Z" level=debug msg="No default certificate, generating one"
time="2021-01-30T12:27:34Z" level=debug msg="Filtering disabled ecs instance service-proxy-proxy (12eb8667bdbe)" providerName=ecs ecs-instance=service-proxy-proxy-12eb8667bdbe
time="2021-01-30T12:27:34Z" level=debug msg="Configuration received from provider ecs: {\"http\":{\"routers\":{\"backend\":{\"entryPoints\":[\"web\"],\"service\":\"service-backend-backend\",\"rule\":\"Host(`demo-alb-1097608198.us-east-1.elb.amazonaws.com`)\"}},\"services\":{\"service-backend-backend\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://10.0.1.22:80\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=ecs
time="2021-01-30T12:27:35Z" level=debug msg="No default certificate, generating one"
time="2021-01-30T12:27:35Z" level=debug msg="Creating middleware" routerName=backend@ecs entryPointName=web middlewareName=pipelining middlewareType=Pipelining serviceName=service-backend-backend
time="2021-01-30T12:27:35Z" level=debug msg="Creating load-balancer" routerName=backend@ecs entryPointName=web serviceName=service-backend-backend
time="2021-01-30T12:27:35Z" level=debug msg="Creating server 0 http://10.0.1.22:80" routerName=backend@ecs entryPointName=web serviceName=service-backend-backend serverName=0
time="2021-01-30T12:27:35Z" level=debug msg="Added outgoing tracing middleware service-backend-backend" routerName=backend@ecs entryPointName=web middlewareName=tracing middlewareType=TracingForwarder
time="2021-01-30T12:27:35Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery
time="2021-01-30T12:27:35Z" level=debug msg="No default certificate, generating one"
time="2021-01-30T12:27:37Z" level=debug msg="No default certificate, generating one"
10.0.3.231 - - [30/Jan/2021:12:27:58 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 1 "-" "-" 0ms
10.0.4.45 - - [30/Jan/2021:12:27:58 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 2 "-" "-" 0ms
10.0.3.231 - - [30/Jan/2021:12:28:28 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 3 "-" "-" 0ms
10.0.4.45 - - [30/Jan/2021:12:28:28 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 4 "-" "-" 0ms
time="2021-01-30T12:28:34Z" level=debug msg="ECS Clusters: [demo]" providerName=ecs
time="2021-01-30T12:28:34Z" level=debug msg="Found cached task definition for arn:aws:ecs:us-east-1:141542542529:task/demo/335007b0151b4f999def12eb8667bdbe. Skipping the call" providerName=ecs
time="2021-01-30T12:28:34Z" level=debug msg="Found cached task definition for arn:aws:ecs:us-east-1:141542542529:task/demo/7aeed2f9b39a40478cb59b1a4a07e364. Skipping the call" providerName=ecs
time="2021-01-30T12:28:34Z" level=debug msg="Filtering disabled ecs instance service-proxy-proxy (12eb8667bdbe)" providerName=ecs ecs-instance=service-proxy-proxy-12eb8667bdbe
time="2021-01-30T12:28:34Z" level=debug msg="Configuration received from provider ecs: {\"http\":{\"routers\":{\"backend\":{\"entryPoints\":[\"web\"],\"service\":\"service-backend-backend\",\"rule\":\"Host(`demo-alb-1097608198.us-east-1.elb.amazonaws.com`)\"}},\"services\":{\"service-backend-backend\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://10.0.1.22:80\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=ecs
time="2021-01-30T12:28:34Z" level=info msg="Skipping same configuration" providerName=ecs
10.0.4.45 - - [30/Jan/2021:12:28:58 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 5 "-" "-" 0ms
10.0.3.231 - - [30/Jan/2021:12:28:58 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 6 "-" "-" 0ms
time="2021-01-30T12:29:09Z" level=info msg="I have to go..."
time="2021-01-30T12:29:09Z" level=info msg="Stopping server gracefully"
time="2021-01-30T12:29:09Z" level=debug msg="Waiting 10s seconds before killing connections." entryPointName=web
time="2021-01-30T12:29:09Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-01-30T12:29:09Z" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-01-30T12:29:09Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-01-30T12:29:09Z" level=debug msg="Entry point web closed" entryPointName=web
time="2021-01-30T12:29:09Z" level=info msg="Server stopped"
time="2021-01-30T12:29:09Z" level=info msg="Shutting down"

Full source code

Any help is appreciated

JohnPreston · March 19, 2023, 2:46pm

Hello,
For anyone who would find this post, here is a documented solution, and with ECS Anywhere

Topic		Replies	Views
Intermittent Response and Routing from Traefik in AWS ECS/Fargate Traefik v2 (latest) ecs , docker	0	781	June 7, 2022
Traefik gateway timeout for every service Traefik v2 (latest) docker-swarm	2	3634	January 8, 2022
Traefik 502 Bad Gateway with WSS on AWS ECS Fargate Traefik v2 (latest) ecs	1	627	September 29, 2022
Issue (Gateway Timeout) when using Traefik and exposing port with Docker Traefik v2 (latest) docker , docker-swarm	5	29687	December 4, 2020
Gateway 504 error with services Traefik v2 (latest) docker-swarm	12	4329	May 16, 2022

Traefik + ECS Fargate. How?

Traefik Proxy Service

Backend Service

Logs

Related Topics