Tried a v2.2 YAML tutorial, getting 404 when curl'ing localhost

Traefik Traefik v2
, , ,
1

Hi All,
I finally have to seek outside advice on a Traefik v2.2 issue I'm having. I tried a tutorial that looked very similar to what we're trying to do at my company (Traefik/YAML, web application in Docker, Let's encrypt for end-to-end SSL). When I attempt to curl from localhost I get "404 not found":

curl -L -k localhost

Here is the link to the tutorial:

https://joshuaavalon.io/setup-traefik-v2-step-by-step

Unfortunately, it doesn't give a complete docker-compose.yml file and has a lot of missing pieces which I am trying to infer.

Here are the files I came up with:

docker-compose.yml:

version: "3"

services:
  traefik:
    container_name: traefik
    image: traefik:2.2
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /etc/traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy
    environment:
      - CF_API_EMAIL
      - CF_DNS_API_TOKEN
      - CF_ZONE_API_TOKEN

  whoami:
    image: containous/whoami
    restart: unless-stopped
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`whoami.XXXX.com`)
      - traefik.http.routers.whoami.tls=true
      - traefik.http.routers.whoami.tls.certresolver=letsEncrypt
      - traefik.http.routers.whoami.service=whoami
      - traefik.http.services.whoami.loadbalancer.server.port=80
      - traefik.http.routers.whoami.entrypoints=https
networks:
  proxy:
    external: true

traefik.yml

# /etc/traefik/traefik.yml

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
#    tls: 
#      certificates:
#        certFile = "/certs/website.crt"
#        keyFile  = "/certs/website.key"
  traefik:
    address: ":8080"  

certificatesResolvers:
  letsEncrypt:
    acme:
      email: "michael@XXXX.com"
      storage: "/etc/traefik/acme/acme.json"
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: "cloudflare"
        delayBeforeCheck: 5

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: "proxy"
  file:
    directory: "/etc/traefik/dynamic/"

api:
  dashboard: true
  insecure: true
log:
  level: DEBUG
  filepath: "/etc/traefik/logs/mainLog"
accessLog: 
  filepath: "/etc/traefik/logs/accessLog"

dashboard.yml:


http:
  routers:
    dashboard:
      entryPoints:
        - traefik
      rule: Host(`dash.reservetrust.io`)
      service: api@internal # This is the defined name for api. You cannot change it.
      tls:
        certresolver: letsEncrypt

I have temporarily removed the redirect.yml, clientAuthentication.yml, and custom.yml from outlined in the tutorial so that I can have the minimum number of components to deal with.

I have set the CF_API_EMAIL, CF_DNS_API_TOKEN, and CF_ZONE_API_TOKEN environment variables, created my Cloudflare API tokens, and letsEncrypt works correctly as evidenced by the logs and the certs.

I am using the letsencrypt staging server until I get everything working, hence the -k argument in my curl command.

curl -L -k localhost:8080 loads the dashboard with no authentication.
curl -L -k localhost gives "404 Not Found"
curl -L -k "https://localhost" gives "404 Not Found"

If I bind port 80 to the whoami container instead of the traefik container, it works, so it's not a problem with the destination container, it's a problem with my Traefik setup.

Thank you for reading.

2

You have a Host rule that is not being matched by localhost the --resolve flag is good for testing both http and https.

curl https://dash.reservetrust.io --resolve dash.reservetrust.io:443:127.0.0.1

If you just want to test http you can set the host header with -H Host: dash.reservetrust.io this is shown in the Quick Start

3

@cakiwi, thanks for the reply! This is good syntax to have and will make it possible for me to test from localhost in a way that actually works.

Since the ports 80 and 443 are supposed to route to the whoami container, not the traefik container, I did this instead:

curl https://whoami.XXXX.com --resolve whoami.XXXX.com:443:127.0.0.1

I get a 502 error. I also get a 502 when using port 80 instead of 443. This makes me wonder if there is something wrong with my whoami.XXXX.com rule which is set in the labels of the whoami container.

When I try the -H Host syntax below, I get a 404 instead of a 502, which is the same as I was getting before.

curl localhost -H "Host: whoami.XXXX.com"

I'm a little closer, but not working yet. Suggestions?

4

@cakiwi
I added the http->https port redirection back in with the following file:

# /etc/traefik/dynamic/redirect.yml
http:
  routers:
    http:
      entryPoints:
        - http
      middlewares:
        - https_redirect
      rule: HostRegexp(`{any:.+}`)
      service: noop

  services:
    # noop service, the URL will be never called
    noop:
      loadBalancer:
        servers:
          - url: http://192.168.0.1

  middlewares:
    https_redirect:
      redirectScheme:
        scheme: https
        permanent: true

Everything started working when using the syntax:

curl https://whoami.XXXX.com --resolve whoami.XXXX.com:443:127.0.0.1 -k -L

So your suggestion about the rule was in fact accurate and has been marked as the solution.

5

After adding the redirect.yml file back in and using your syntax, things started working if I hit port 443. If I try to hit port 80 and let traefik redirect from http to https, I get an infinite redirect loop. I'm still doing something wrong.