Try to redirect localhost:port to a subdomain.domain.exemple

Hi all,

I use Traefik (on docker) for a long time to redirect other dockers services. I'm far from an expert on Traefik configuration, I only succeed thanks to exemples.
With other docker services, everything works but I tried to do a different thing :

On my local network I use Home assistant and I have Traefik install on a distant server.
I want to access Home Assistant through my distant server on a subdomain.

So I succeed to create a SSH tunnel from home assistant to my distant server (if I create an other SSH tunnel between a pc and the server, I can access to the Home Assistant interface) , but now I want Traefik to redirect the interface (localhost:44400 on the server) to a subdomain.

This is the docker-compose and the Traefik Toml files that I tried : (remplace my domain by domain.fr to privacy)

version: "3"
services:
  traefik:
    image: traefik:latest
    command: --api.insecure --providers.docker
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /dockers/traefik/traefik.toml:/traefik.toml
      - /dockers/traefik/acme.json:/acme.json
    networks:
      - webgateway
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik-srv1.domain.fr`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.hass.entrypoints=websecure"
      - "traefik.http.routers.hass.rule=Host(`homeassistant.domain.fr`)"
      - "traefik.http.routers.hass.service=hass_service"

networks:
  webgateway:
    external: true
debug=false
logLevel = "ERROR"

[api]
  dashboard = true
  # insecure = true

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"
          permanent = true

  [entryPoints.websecure]
    address = ":443"
      [entryPoints.websecure.http.tls]
        certResolver = "default"

# [serversTransport]
  # insecureSkipVerify = true

[providers]
  [providers.docker]
    watch = true
    exposedByDefault = false
    network = "webgateway"

[certificatesResolvers]
  [certificatesResolvers.default]
    [certificatesResolvers.default.acme]
      email = "<my email>"
      storage = "acme.json"
      caServer = "https://acme-v01.api.letsencrypt.org/directory"
      [certificatesResolvers.default.acme.tlsChallenge]

[http.services]
  [http.services.hass_service.loadBalancer]
    [[http.services.hass_service.loadBalancer.servers]]
      url = "http://127.0.0.1:44400/"

For this configuration I only get a 404 page not found

For information, this configuration works on a docker service :

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.radarr.rule=Host(`radarr.domain.fr`)"
  - "traefik.http.routers.radarr.entrypoints=websecure"

If anybody can help me, thanks

Pierre.

Do you want it to redirect, so let the browser change the URL, or do you want to proxy it, forward all traffic through Traefik under the original URL?

I think I want to proxy it :
I want to use homeassistant.domain.fr to access my homeassistant page, through Traefik and through my SSL tunnel (this part already works) .

For other services I already have the SSL certificate managed by traefik, hope it is possible in that case too.

thanks.

I think there are a few mistakes in your overall configuration.

  1. Multiple static configs and config file probably not even read by Traefik
    Solution: Only use command: --configFile=/traefik.toml and your static config file

  2. Dynamic config (service) in static config file
    Solution: use a dynamic config file, place your [http.services] in it and load it in your static config file via file provider

For the 1. , don't really sure what is the static config, but except that the homeassistant configuration, every thing works perfectly (the traefik-srv1.domain.fr works, and the SSL redirection describe in the .toml works too) so I assume that both labels in docker compose and toml file are read by traefik.

For 2. , I use providers to add the [http.services] in an other file :

debug=false
logLevel = "ERROR"

[api]
  dashboard = true
  # insecure = true

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"
          permanent = true

  [entryPoints.websecure]
    address = ":443"
      [entryPoints.websecure.http.tls]
        certResolver = "default"

# [serversTransport]
  # insecureSkipVerify = true

[providers]
  [providers.docker]
    watch = true
    exposedByDefault = false
    network = "webgateway"

[certificatesResolvers]
  [certificatesResolvers.default]
    [certificatesResolvers.default.acme]
      email = "<my email>"
      storage = "acme.json"
      caServer = "https://acme-v01.api.letsencrypt.org/directory"
      [certificatesResolvers.default.acme.tlsChallenge]

[providers.file]
  filename = "/services/homeassistant.toml"

/services/homeassistant.toml :

[http.services]
  [http.services.hass_service.loadBalancer]
    [[http.services.hass_service.loadBalancer.servers]]
      url = "http://127.0.0.1:44400/"

docker-compose :

version: "3"
services:
  traefik:
    image: traefik:latest
    command: --api.insecure --providers.docker
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /dockers/traefik/traefik.toml:/traefik.toml
      - /dockers/traefik/acme.json:/acme.json
      - /dockers/traefik/services:/services
    networks:
      - webgateway
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik-srv1.domain.fr`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.hass.entrypoints=websecure"
      - "traefik.http.routers.hass.rule=Host(`homeassistant.domain.fr`)"
      - "traefik.http.routers.hass.service=hass_service@file"

networks:
  webgateway:
    external: true

With this config, I have now a "bad gateway" on homeassistant.domain.fr .
The file providers works (if I missname the service in homeassistant.toml , I have an error on the traefik dashboard.

Maybe the traefik docker can't access 127.0.0.1:44400 internally ?

After some tests, it seems that the docker can't access the 44400 port of the host. So not a traefik issue.

I have not found now the solution yet.

Traefik in the container can not just access your host's localhost - that's for security reasons.

Potential solution:

If you are using Docker-for-Linux 20.10.0+ [or later], you can also use the host host.docker.internal if you started your Docker container with the --add-host host.docker.internal:host-gateway option.

Source: stackoverflow