traefik stuck when I set forwardAuth address to the Traefik address itself

Traefik Traefik v2
1

Here my IP: 192.168.30.226

docker-compose file

version: '2'
services:
  traefik:
    image: docker.idatatlas.com/traefik:v2.10
    command:
      - "--configFile=/etc/traefik/traefik.yml"
    ports:
      - 80:80
      - 8080:8080
      - 8082:8082
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik:/etc/traefik

  consul:
    image: registry.cn-hangzhou.aliyuncs.com/mdt/mdt_consul:v1.0.0
    ports:
      - 8301:8301
      - 8302:8302
      - 8300:8300
      - 8500:8500
      - 8600:53/udp
    command: consul agent -server -dev -client=0.0.0.0 -ui -bootstrap -log-level debug -data-dir=/consul-data -config-dir=/consul-conf
    volumes:
      - ./consul-data:/consul-data
      - ./consul-conf:/consul-conf
      - ./consul-watch-scripts:/app/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.consul.rule=Host(`consul.docker.localhost`)"
      - "traefik.http.services.consul.loadbalancer.server.port=8500"

  whoiam3:
    image: docker.idatatlas.com/containous/whoami
    scale: 1
    ports:
      - 9001:80

I register for two services.

One is the authentication service.


{
  "service": {
    "name": "flask-auth-demo",
    "address": "192.168.30.226",
    "port": 5000,
    "tags": [
      "traefik.enable=true",
      "traefik.http.routers.flask-auth-demo.rule=Headers(`X-Service`, `flask-auth-demo`)",
      "traefik.http.routers.flask-auth-demo.entrypoints=web",
      "traefik.http.routers.flask-auth-demo.service=flask-auth-demo"
    ],
    "checks": [
      {
        "id": "tcp-check",
        "name": "TCP Health Check",
        "tcp": "192.168.30.226:5000",
        "interval": "10s",
        "timeout": "1s"
      }
    ]
  }
}

The other one whoiam3 service which has started in docker-compose file.

{
  "service": {
    "name": "whoiam3",
    "address": "192.168.30.226",
    "port": 9001,
    "tags": [
      "traefik.enable=true",
      "traefik.http.routers.whoiam3.rule=Headers(`X-Service`, `whoiam3`)",
      "traefik.http.routers.whoiam3.entrypoints=web",
      "traefik.http.routers.whoiam3.service=whoiam3",
      "traefik.http.routers.whoiam3.middlewares=demo-auth@file"
    ],
    "checks": [
      {
        "id": "tcp-check",
        "name": "TCP Health Check",
        "tcp": "192.168.30.226:9001",
        "interval": "10s",
        "timeout": "1s"
      }
    ]
  }
}

Service whoiam3 has a middleware demo-auth@file defined below

http:
  middlewares:
    # demo-auth中间件
    demo-auth:
      forwardAuth:
        # 192.168.30.226 is traefik address. path /auth  which is defined below.
        address: "http://192.168.30.226/auth"
        trustForwardHeader: true
        authResponseHeaders:
          - "mdt-user"
    demo-auth1:
      rule: "PathPrefix(`/auth`)" # authentication path
      service: "flask-auth-demo@consulcatalog" # forward to service flask-auth-demo

But when I curl service whoiam3 like that

 curl - v -H "X-Service: whoiam3" -H "Authentication: xxx" localhost:80/

Output is:

*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 80 (#0)
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.64.1
> Accept: */*
> X-Service: whoiam3
> Authentication: xxx
> 
< HTTP/1.1 500 Internal Server Error
< Content-Length: 0
< Date: Wed, 30 Aug 2023 08:02:49 GMT
< 
* Connection #0 to host localhost left intact
* Closing connection 0

but when I curl /auth, right response returns.


 curl http://192.168.30.226/auth                                     
Response with custom header%
2

This seems to be a router defined under middlewares, that’s strange:

I doubt that the status 500 is coming from Traefik, but rather from one of your target services.

Check Traefik debug (doc) and access log (doc).