Traefik seems to have stopped sending requests to some containers?

Traefik Traefik v2 (latest)
1

Well, I'm just confused. I have a couple of containers that worked fine behind Traefik v2 up until a few weeks ago. Then they just stopped working with Traefik, no idea why, I didn't change anything, I think I rebooted the Docker host and they stopped after that. I have in total 4 services with their own host names and certs from Let's Encrypt. 2 containers are being reverse proxied fine, 2 aren't anymore.

I'll just describe one of the broken ones, and see if anyone here can help me figure out the deal. First up, Traefik's dashboard sees everything fine. I see a router with the correct host name. I don't have any middleware defined for this particular service. I see the entry in HTTP services, with the correct IP and port.

I have the port mapped in my compose, and also exposed (I've also tried it just using expose, in case there was some collision, no change though). If I go directly to the Docker host on that port, I'm able to pull the application up fine. I see the request in the app logs. If I go to the public domain name though, I get a gateway timeout, and I don't ever see the request in the app logs. The public name issue happens from inside my network and outside it. I have NAT hairpinning enabled, so the request should be able to come from my local network and still work (and does for my other services that are working fine). The other app (actually, I forgot, there are 2 other apps) are both accessible from within the network under the public host name, so it doesn't seem like it's the NAT hairpin that's the problem.

Docker-compose is this more or less:

  MyApp:
    restart: unless-stopped
    image: linuxserver/MyApp
    container_name: MyApp
    environment:
      - TZ=America/Detroit
      - PUID=996
      - PGID=996
      - USER=obfuscated
      - PASS=obfuscated
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.MyApp.loadbalancer.server.port=9081"
      - "traefik.http.routers.MyApp.rule=Host(`hostname.mydomain.net`)"
      - "traefik.http.routers.MyApp.entrypoints=websecure"
      - "traefik.http.routers.MyApp.tls.certresolver=mytlschallenge"
    volumes:
      - /MyAppconfig:/config
      - /NAS/data:/data
    expose:
      - "9081"
    ports:
      - 8084:8080
      - 8085:9081

So basically:
http://docker:8085 works as expected
https://hostname.mydomain.net doesn't work at all, but used to. My 4 containers are all basically laid out like that one, but 2 work fine, and 2 stopped working at all, and I haven't been able to figure out why.

Any ideas?
Thanks!

2

I've determined some more specifics on this. I think that the core problem is when a redirect happens. The two apps this happens to, when going to the root, initially both redirect to a login page. That login page then submits to self and redirects back to the top level with a successful login.

What I've found is, that redirect to the login page fails, and the redirect after a login fails. So if I load the login page directly, it comes right up. But the login process seems to fail- the browser just spins until timeout after hitting submit. Except the login actually succeeded. If I explicitly then load the root page (i.e. just remove the login page and load the base URL), the app loads, and shows I've logged in.

So now I need to find out where/what the interaction is with Traefik that is impacting this. The kicker, as I mentioned, is that this only happens when my client is outside my network. If I'm local, but still accessing the app through Traefik, it works flawlessly. The only changes in that scenario are the connection isn't being port forwarded through my router, and I'm now local to the Docker host and containers. Something in that configuration is making it not work quite right for Internet access only, but I'm not sure what it is yet.