Hi All,
I finally have to seek outside advice on a Traefik v2.2 issue I'm having. I tried a tutorial that looked very similar to what we're trying to do at my company (Traefik/YAML, web application in Docker, Let's encrypt for end-to-end SSL). When I attempt to curl from localhost I get "404 not found":
curl -L -k localhost
Here is the link to the tutorial:
Unfortunately, it doesn't give a complete docker-compose.yml file and has a lot of missing pieces which I am trying to infer.
Here are the files I came up with:
docker-compose.yml:
version: "3"
services:
traefik:
container_name: traefik
image: traefik:2.2
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /etc/traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy
environment:
- CF_API_EMAIL
- CF_DNS_API_TOKEN
- CF_ZONE_API_TOKEN
whoami:
image: containous/whoami
restart: unless-stopped
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.XXXX.com`)
- traefik.http.routers.whoami.tls=true
- traefik.http.routers.whoami.tls.certresolver=letsEncrypt
- traefik.http.routers.whoami.service=whoami
- traefik.http.services.whoami.loadbalancer.server.port=80
- traefik.http.routers.whoami.entrypoints=https
networks:
proxy:
external: true
traefik.yml
# /etc/traefik/traefik.yml
entryPoints:
http:
address: ":80"
https:
address: ":443"
# tls:
# certificates:
# certFile = "/certs/website.crt"
# keyFile = "/certs/website.key"
traefik:
address: ":8080"
certificatesResolvers:
letsEncrypt:
acme:
email: "michael@XXXX.com"
storage: "/etc/traefik/acme/acme.json"
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
dnsChallenge:
provider: "cloudflare"
delayBeforeCheck: 5
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: "proxy"
file:
directory: "/etc/traefik/dynamic/"
api:
dashboard: true
insecure: true
log:
level: DEBUG
filepath: "/etc/traefik/logs/mainLog"
accessLog:
filepath: "/etc/traefik/logs/accessLog"
dashboard.yml:
http:
routers:
dashboard:
entryPoints:
- traefik
rule: Host(`dash.reservetrust.io`)
service: api@internal # This is the defined name for api. You cannot change it.
tls:
certresolver: letsEncrypt
I have temporarily removed the redirect.yml, clientAuthentication.yml, and custom.yml from outlined in the tutorial so that I can have the minimum number of components to deal with.
I have set the CF_API_EMAIL, CF_DNS_API_TOKEN, and CF_ZONE_API_TOKEN environment variables, created my Cloudflare API tokens, and letsEncrypt works correctly as evidenced by the logs and the certs.
I am using the letsencrypt staging server until I get everything working, hence the -k argument in my curl command.
curl -L -k localhost:8080 loads the dashboard with no authentication.
curl -L -k localhost gives "404 Not Found"
curl -L -k "https://localhost" gives "404 Not Found"
If I bind port 80 to the whoami container instead of the traefik container, it works, so it's not a problem with the destination container, it's a problem with my Traefik setup.
Thank you for reading.