Hi All,
I was using traefik with http challange and http to https redirect middleware successfully but I had to move and I cannot set it up with the new router. I opened port 80 and 443 on the new router.
Here is my traefik.yml file:
## STATIC CONFIGURATION
log:
level: INFO
api:
insecure: true
dashboard: true
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: "traefik.yml"
watch: true
certificatesResolvers:
lets-encr:
acme:
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
storage: acme.json
email: myValidEmail.email.com
httpChallenge:
entryPoint: web
## DYNAMIC CONFIGURATION
http:
routers:
route-to-local-ip:
rule: "Host(`myexampledomain.com`)"
service: route-to-local-ip-service
priority: 1000
entryPoints:
- websecure
tls:
certResolver: lets-encr
services:
route-to-local-ip-service:
loadBalancer:
servers:
- url: "http://192.168.0.17:81"
And here is my traefik-docker-compose.yml file:
version: "3.7"
services:
traefik:
image: "traefik:v2.3.4"
container_name: "traefik"
hostname: "traefik"
restart: unless-stopped
ports:
- "80:80" # <== http
- "443:443" # <== https
- "8080:8080" # <== :8080 is where the dashboard runs on
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik.yml:/traefik.yml:ro"
- "./acme.json:/acme.json"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.redirect-https.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirect-https.entrypoints=web"
- "traefik.http.routers.redirect-https.middlewares=redirect-to-https"
networks:
default:
external:
name: $DEFAULT_NETWORK
I run several routers in containers here is one as an example:
version: "2"
services:
mariadb:
image: linuxserver/mariadb
container_name: mariadb
restart: unless-stopped
labels:
- "traefik.enable=false"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./mariadb_data:/config
environment:
- PUID=1000
- PGID=1000
- MYSQL_ROOT_PASSWORD=$DB_PASS
- TZ=Europe/London
adminer:
image: adminer:latest
hostname: adminer
environment:
- ADMINER_DEFAULT_SERVER=mariadb
- ADMINER_DESIGN=galkaev
labels:
- "traefik.enable=true"
- "traefik.http.routers.adminer.entrypoints=websecure"
- "traefik.http.routers.adminer.rule=Host(`adminer.$MY_DOMAIN`)"
- "traefik.http.routers.adminer.tls=true"
- "traefik.http.routers.adminer.tls.certresolver=lets-encr"
networks:
default:
external:
name: $DEFAULT_NETWORK
After I run docker-compose -f traefik-docker-compose.yml up -d
the previously created acme.json with permission 600 is populated with my private_key and status is valid, but there are no certificates. The logs say the following:
time="2021-01-17T18:31:16Z" level=error msg="Unable to obtain ACME certificate for domains \"subdomain.myexampledomain.com\": unable to generate a certificate for the domains [subdomain.myexampledomain.com]: error: one or more domains had a problem:\n[subdomain.myexampledomain.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://subdomain.myexampledomain.com/.well-known/acme-challenge/9lnK-geDKwdIEH4SnnVtDjlcssSCM5kPmsBC2pzkK_0: Timeout during connect (likely firewall problem), url: \n" routerName=adminer@docker providerName=lets-encr.acme rule="Host(`subdomain.myexampledomain.com`)"
letsdebug says ANOTWORKING subdomain.myexampledomain.com has an A (IPv4) record (...*) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
I can reach the http pages of my domain and subdomains and the deployed services are working from local network but I get a timeout if I go to http://subdomain.myexampledomain.com from a network outside of mine.
I am a traefik noob here, so any help is appreciated. I hope that you can help me figure out this problem because I am a bit lost. Thanks!