Hello,
I'm trying to get Traefik container configured on my Firewalla Gold (posted in their forum but no response yet).
Already had my domain registered on cloudflare with two records as DNS only, no proxy.
A record > WAN IP
CNAME record > mydomain
I'm also using a pi-hole container running fine using 172.16.0.2/24.
Container is running but timing out on API to cloudflare with this log:
Unable to obtain ACME certificate for domains "Get "https://acme-v02.api.letsencrypt.org/directory/": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:35897->127.0.0.11:53: i/o timeout"
My docker-compose file:
root@firewalla:/mnt/traefik# cat docker-compose.yml
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=****
- CF_DNS_API_TOKEN=****
# - CF_API_KEY=YOU_API_KEY
# be sure to use the correct one depending on if you are using a token or key
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /mnt/traefik/data/traefik.yml:/traefik.yml:ro
- /mnt/traefik/data/acme.json:/acme.json
- /mnt/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard-internal.local.mydomain.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:****"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard-internal.local.mydomain.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=local.mydomain.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.mydomain.example.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: true
traefik.yml file:
root@firewalla:/mnt/traefik/data# cat traefik.yml
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: liquid_322@Hotmail.com
storage: acme.json
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
Cant resolve anything from inside the container.
Bypassed all rules in my firewalla and same symptom.
root@firewalla:/mnt/traefik/data# docker network list
NETWORK ID NAME DRIVER SCOPE
e32e3a5f2eaa bridge bridge local
58e2044a2cb8 host host local
ebe968f9d0a0 none null local
ad951abeebca pi-hole_default bridge local
dc1d1432326f proxy bridge local
root@firewalla:/mnt/traefik/data# docker network inspect proxy
[
{
"Name": "proxy",
"Id": "dc1d1432326f7138b88053c13416d17c2b9c2658e4fce6984e14874884beb59c",
"Created": "2022-11-20T12:35:47.666214591-10:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"2333bf675279538a0882a6e56f62467a005679516d431952453daa6746d34090": {
"Name": "traefik",
"EndpointID": "57a86f375a93643eb9d0b60e6b3150e43201eb83f3c0846ce8362abffbfb0558",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
root@firewalla:/mnt/traefik/data#
Thinking this may be due to DNS but unsure where to look.