Unable to reverse proxy to non-docker target

mikeo85 · May 25, 2022, 10:15am

Could someone please help troubleshoot my config? I'm trying to reverse proxy through Traefik (as a docker container) to a non-docker standalone VM on my LAN. I have multiple cases like this, but for one example, I'm trying to proxy an OpenMediaVault VM (internal IP 192.168.1.103) using dynamic file config.

It looks ok in the Traefik dashboard -- the HTTP router is green & shows the 'shield' indicating TLS. But when I attempt to access the site (omv.mydomain.tld), I get a connection failure error in the browser. Not explicitly a 40x... just "We can't connect to the server at omb.mydomain.tld."

I am trying to connect from a computer on the same LAN as both traefik and OMV. I can reach the OMV server by IP address from my browser. Dockerized services proxied through Traefik work just fine.

Dynamic config file:

http:
  routers:
    omv:
      service: omv
      rule: "Host(`omv.mydomain.tld`)"
      entryPoints:
        - https
      tls:
        certResolver: dns-cloudflare
  services:
    omv:
      loadBalancer:
        passHostHeader: false
        servers:
          - url: "http://192.168.1.103"

Traefik Logs:

2022-05-25T09:47:36.620240048Z time="2022-05-25T09:47:36Z" level=debug msg="Looking for provided certificate(s) to validate [\"omv.mydomain.tld\"]..." rule="Host(`omv.mydomain.tld`)" providerName=dns-cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=omv@file
2022-05-25T09:47:39.774802833Z time="2022-05-25T09:47:39Z" level=debug msg="Configuration received from provider file: {\"http\":{\"routers\":{\"omv\":{\"entryPoints\":[\"https\"],\"service\":\"omv\",\"rule\":\"Host(`omv.mydomain.tld`)\",\"tls\":{\"certResolver\":\"dns-cloudflare\"}}},\"services\":{\"omv\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.1.103\"}],\"passHostHeader\":false}}},\"middlewares\":{\"chain-core-security\":{\"chain\":{\"middlewares\":[\"middlewares-rate-limit\",\"middlewares-secure-headers\"]}},\"middlewares-basic-auth\":{\"basicAuth\":{\"usersFile\":\"/shared/.htpasswd\",\"realm\":\"Traefik2 Basic Auth\"}},\"middlewares-rate-limit\":{\"rateLimit\":{\"average\":100,\"period\":\"1s\",\"burst\":50}},\"middlewares-secure-headers\":{\"headers\":{\"customResponseHeaders\":{\"X-Robots-Tag\":\"none,noarchive,nosnippet,notranslate,noimageindex,\",\"server\":\"\"},\"accessControlAllowMethods\":[\"GET\",\"OPTIONS\",\"PUT\"],\"accessControlMaxAge\":100,\"hostsProxyHeaders\":[\"X-Forwarded-Host\"],\"sslRedirect\":true,\"stsSeconds\":63072000,\"stsIncludeSubdomains\":true,\"stsPreload\":true,\"forceSTSHeader\":true,\"customFrameOptionsValue\":\"allow-from https:$BASEDOMAIN\",\"contentTypeNosniff\":true,\"browserXssFilter\":true,\"referrerPolicy\":\"same-origin\",\"featurePolicy\":\"camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';\"}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
2022-05-25T10:08:48.740596169Z time="2022-05-25T10:08:48Z" level=debug msg="Configuration received from provider file: {\"http\":{\"routers\":{\"omv\":{\"entryPoints\":[\"https\"],\"service\":\"omv\",\"rule\":\"Host(`omv.mydomain.tld`)\",\"tls\":{\"certResolver\":\"dns-cloudflare\"}}},\"services\":{\"omv\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.1.103\"}],\"passHostHeader\":false}}},\"middlewares\":{\"chain-core-security\":{\"chain\":{\"middlewares\":[\"middlewares-rate-limit\",\"middlewares-secure-headers\"]}},\"middlewares-basic-auth\":{\"basicAuth\":{\"usersFile\":\"/shared/.htpasswd\",\"realm\":\"Traefik2 Basic Auth\"}},\"middlewares-rate-limit\":{\"rateLimit\":{\"average\":100,\"period\":\"1s\",\"burst\":50}},\"middlewares-secure-headers\":{\"headers\":{\"customResponseHeaders\":{\"X-Robots-Tag\":\"none,noarchive,nosnippet,notranslate,noimageindex,\",\"server\":\"\"},\"accessControlAllowMethods\":[\"GET\",\"OPTIONS\",\"PUT\"],\"accessControlMaxAge\":100,\"hostsProxyHeaders\":[\"X-Forwarded-Host\"],\"sslRedirect\":true,\"stsSeconds\":63072000,\"stsIncludeSubdomains\":true,\"stsPreload\":true,\"forceSTSHeader\":true,\"customFrameOptionsValue\":\"allow-from https:$BASEDOMAIN\",\"contentTypeNosniff\":true,\"browserXssFilter\":true,\"referrerPolicy\":\"same-origin\",\"featurePolicy\":\"camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';\"}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
2022-05-25T10:08:47.131192205Z time="2022-05-25T10:08:47Z" level=debug msg="No ACME certificate generation required for domains [\"omv.mydomain.tld\"]." routerName=omv@file rule="Host(`omv.mydomain.tld`)" providerName=dns-cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
2022-05-25T10:08:47.131172064Z time="2022-05-25T10:08:47Z" level=debug msg="Looking for provided certificate(s) to validate [\"omv.mydomain.tld\"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=omv@file rule="Host(`omv.mydomain.tld`)" providerName=dns-cloudflare.acme
2022-05-25T10:08:47.130963200Z time="2022-05-25T10:08:47Z" level=debug msg="Try to challenge certificate for domain [omv.mydomain.tld] found in HostSNI rule" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=omv@file rule="Host(`omv.mydomain.tld`)" providerName=dns-cloudflare.acme
2022-05-25T10:08:47.130768433Z time="2022-05-25T10:08:47Z" level=debug msg="Adding route for omv.mydomain.tld with TLS options default" entryPointName=https
2022-05-25T10:08:47.129265628Z time="2022-05-25T10:08:47Z" level=debug msg="Added outgoing tracing middleware omv" middlewareName=tracing middlewareType=TracingForwarder entryPointName=https routerName=omv@file
2022-05-25T10:08:47.129220278Z time="2022-05-25T10:08:47Z" level=debug msg="Creating server 0 http://192.168.1.103" serviceName=omv serverName=0 entryPointName=https routerName=omv@file
2022-05-25T10:08:47.129062555Z time="2022-05-25T10:08:47Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=omv@file serviceName=omv
2022-05-25T10:08:47.129051885Z time="2022-05-25T10:08:47Z" level=debug msg="Creating middleware" routerName=omv@file serviceName=omv middlewareType=Pipelining middlewareName=pipelining entryPointName=https
2022-05-25T10:08:47.127571475Z time="2022-05-25T10:08:47Z" level=debug msg="Adding certificate for domain(s) omv.mydomain.tld"
2022-05-25T10:08:45.849605340Z time="2022-05-25T10:08:45Z" level=debug msg="Adding certificate for domain(s) omv.mydomain.tld"
2022-05-25T10:08:44.745610656Z time="2022-05-25T10:08:44Z" level=debug msg="Configuration received from provider file: {\"http\":{\"routers\":{\"omv\":{\"entryPoints\":[\"https\"],\"service\":\"omv\",\"rule\":\"Host(`omv.mydomain.tld`)\",\"tls\":{\"certResolver\":\"dns-cloudflare\"}}},\"services\":{\"omv\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.1.103\"}],\"passHostHeader\":false}}},\"middlewares\":{\"chain-core-security\":{\"chain\":{\"middlewares\":[\"middlewares-rate-limit\",\"middlewares-secure-headers\"]}},\"middlewares-basic-auth\":{\"basicAuth\":{\"usersFile\":\"/shared/.htpasswd\",\"realm\":\"Traefik2 Basic Auth\"}},\"middlewares-rate-limit\":{\"rateLimit\":{\"average\":100,\"period\":\"1s\",\"burst\":50}},\"middlewares-secure-headers\":{\"headers\":{\"customResponseHeaders\":{\"X-Robots-Tag\":\"none,noarchive,nosnippet,notranslate,noimageindex,\",\"server\":\"\"},\"accessControlAllowMethods\":[\"GET\",\"OPTIONS\",\"PUT\"],\"accessControlMaxAge\":100,\"hostsProxyHeaders\":[\"X-Forwarded-Host\"],\"sslRedirect\":true,\"stsSeconds\":63072000,\"stsIncludeSubdomains\":true,\"stsPreload\":true,\"forceSTSHeader\":true,\"customFrameOptionsValue\":\"allow-from https:$BASEDOMAIN\",\"contentTypeNosniff\":true,\"browserXssFilter\":true,\"referrerPolicy\":\"same-origin\",\"featurePolicy\":\"camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';\"}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file

Any ideas what I'm missing or doing wrong?

choque · May 25, 2022, 6:51pm

Here's a working configuration from my environment:

http:
  routers:
    proxmox-secure:
      entryPoints:
      - websecure
      rule: Host(`proxmox.local.mydomain.de`)
      service: proxmox

  services:
    proxmox:
      loadBalancer:
        servers:
          - url: "https://192.168.2.100:8006/"

And my entrypoints are defined like this

entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443
    http:
      middlewares:
        - secureHeaders@file
        - crowdsec-bouncer@file
      tls:
        certResolver: cloudflare

So the only real difference that I can see is the URL of your service. Have you tried it with https and/or :80/ at the end?

Topic		Replies	Views
Can't get proxying to external server to work with Docker Traefik v2 (latest) docker	1	677	April 20, 2023
Traefik reverse proxy doesn't work Traefik v2 (latest) docker	3	476	July 1, 2021
Proxy to external service Traefik v2 (latest) docker , file	1	4571	July 13, 2021
I can't use traefik to reverse proxy external services Traefik v2 (latest) docker	5	1427	July 4, 2022
[SOLVED] Hitting a 500 Internal Server Error caused by unsupported protocol scheme \"\" with a file config Traefik v2 (latest) docker , file	7	11647	May 7, 2021

Unable to reverse proxy to non-docker target

Related Topics