Try to redirect localhost:port to a subdomain.domain.exemple

azyouwant · October 2, 2022, 8:57pm

Hi all,

I use Traefik (on docker) for a long time to redirect other dockers services. I'm far from an expert on Traefik configuration, I only succeed thanks to exemples.
With other docker services, everything works but I tried to do a different thing :

On my local network I use Home assistant and I have Traefik install on a distant server.
I want to access Home Assistant through my distant server on a subdomain.

So I succeed to create a SSH tunnel from home assistant to my distant server (if I create an other SSH tunnel between a pc and the server, I can access to the Home Assistant interface) , but now I want Traefik to redirect the interface (localhost:44400 on the server) to a subdomain.

This is the docker-compose and the Traefik Toml files that I tried : (remplace my domain by domain.fr to privacy)

version: "3"
services:
  traefik:
    image: traefik:latest
    command: --api.insecure --providers.docker
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /dockers/traefik/traefik.toml:/traefik.toml
      - /dockers/traefik/acme.json:/acme.json
    networks:
      - webgateway
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik-srv1.domain.fr`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.hass.entrypoints=websecure"
      - "traefik.http.routers.hass.rule=Host(`homeassistant.domain.fr`)"
      - "traefik.http.routers.hass.service=hass_service"

networks:
  webgateway:
    external: true

debug=false
logLevel = "ERROR"

[api]
  dashboard = true
  # insecure = true

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"
          permanent = true

  [entryPoints.websecure]
    address = ":443"
      [entryPoints.websecure.http.tls]
        certResolver = "default"

# [serversTransport]
  # insecureSkipVerify = true

[providers]
  [providers.docker]
    watch = true
    exposedByDefault = false
    network = "webgateway"

[certificatesResolvers]
  [certificatesResolvers.default]
    [certificatesResolvers.default.acme]
      email = "<my email>"
      storage = "acme.json"
      caServer = "https://acme-v01.api.letsencrypt.org/directory"
      [certificatesResolvers.default.acme.tlsChallenge]

[http.services]
  [http.services.hass_service.loadBalancer]
    [[http.services.hass_service.loadBalancer.servers]]
      url = "http://127.0.0.1:44400/"

For this configuration I only get a 404 page not found

For information, this configuration works on a docker service :

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.radarr.rule=Host(`radarr.domain.fr`)"
  - "traefik.http.routers.radarr.entrypoints=websecure"

If anybody can help me, thanks

Pierre.

bluepuma77 · October 4, 2022, 7:45am

Do you want it to redirect, so let the browser change the URL, or do you want to proxy it, forward all traffic through Traefik under the original URL?

azyouwant · October 5, 2022, 8:13am

I think I want to proxy it :
I want to use homeassistant.domain.fr to access my homeassistant page, through Traefik and through my SSL tunnel (this part already works) .

For other services I already have the SSL certificate managed by traefik, hope it is possible in that case too.

thanks.

bluepuma77 · October 5, 2022, 8:48am

I think there are a few mistakes in your overall configuration.

Multiple static configs and config file probably not even read by Traefik
Solution: Only use command: --configFile=/traefik.toml and your static config file
Dynamic config (service) in static config file
Solution: use a dynamic config file, place your [http.services] in it and load it in your static config file via file provider

azyouwant · October 5, 2022, 9:37am

For the 1. , don't really sure what is the static config, but except that the homeassistant configuration, every thing works perfectly (the traefik-srv1.domain.fr works, and the SSL redirection describe in the .toml works too) so I assume that both labels in docker compose and toml file are read by traefik.

For 2. , I use providers to add the [http.services] in an other file :

debug=false
logLevel = "ERROR"

[api]
  dashboard = true
  # insecure = true

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"
          permanent = true

  [entryPoints.websecure]
    address = ":443"
      [entryPoints.websecure.http.tls]
        certResolver = "default"

# [serversTransport]
  # insecureSkipVerify = true

[providers]
  [providers.docker]
    watch = true
    exposedByDefault = false
    network = "webgateway"

[certificatesResolvers]
  [certificatesResolvers.default]
    [certificatesResolvers.default.acme]
      email = "<my email>"
      storage = "acme.json"
      caServer = "https://acme-v01.api.letsencrypt.org/directory"
      [certificatesResolvers.default.acme.tlsChallenge]

[providers.file]
  filename = "/services/homeassistant.toml"

/services/homeassistant.toml :

[http.services]
  [http.services.hass_service.loadBalancer]
    [[http.services.hass_service.loadBalancer.servers]]
      url = "http://127.0.0.1:44400/"

docker-compose :

version: "3"
services:
  traefik:
    image: traefik:latest
    command: --api.insecure --providers.docker
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /dockers/traefik/traefik.toml:/traefik.toml
      - /dockers/traefik/acme.json:/acme.json
      - /dockers/traefik/services:/services
    networks:
      - webgateway
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik-srv1.domain.fr`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.hass.entrypoints=websecure"
      - "traefik.http.routers.hass.rule=Host(`homeassistant.domain.fr`)"
      - "traefik.http.routers.hass.service=hass_service@file"

networks:
  webgateway:
    external: true

With this config, I have now a "bad gateway" on homeassistant.domain.fr .
The file providers works (if I missname the service in homeassistant.toml , I have an error on the traefik dashboard.

Maybe the traefik docker can't access 127.0.0.1:44400 internally ?

azyouwant · October 5, 2022, 10:31am

After some tests, it seems that the docker can't access the 44400 port of the host. So not a traefik issue.

I have not found now the solution yet.

bluepuma77 · October 6, 2022, 9:57am

Traefik in the container can not just access your host's localhost - that's for security reasons.

Potential solution:

If you are using Docker-for-Linux 20.10.0+ [or later], you can also use the host host.docker.internal if you started your Docker container with the --add-host host.docker.internal:host-gateway option.

Source: stackoverflow

Topic		Replies	Views
Problems with port forwarding Traefik v2 docker	1	1110	October 11, 2022
Reverse proxy redirect subdomain to a local IP on LAN Traefik v2 docker	1	4905	January 1, 2021
Redirect specific url to different homeserver Traefik v2 docker	1	425	November 29, 2022
Subdomain forwarding only if within the home network Traefik v2 docker , file	2	846	July 21, 2021
Redirect problem to another server Traefik v2 docker	5	2078	April 8, 2023

Try to redirect localhost:port to a subdomain.domain.exemple

Related Topics