I have a synology nas behind my traefik instance, but im getting error http status 502 using the synology photos app when uploading to nas, if i visit the web app it works fine.
here my config
services:
# Traefik 3 - Reverse Proxy
traefik:
container_name: traefik
image: traefik:3.1
security_opt:
- no-new-privileges:true
restart: unless-stopped
profiles: ["core", "all"]
depends_on:
- socket-proxy
networks:
t3_proxy:
ipv4_address: 192.168.90.254 # You can specify a static IP
socket_proxy:
command: # CLI arguments
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=false
- --entrypoints.web-external.address=:81
- --entrypoints.web-internal.address=:80
- --entrypoints.websecure-external.address=:444
- --entrypoints.websecure-internal.address=:443
# - --entrypoints.traefik.address=:8080
- --entrypoints.web-external.http.redirections.entrypoint.to=websecure-external
- --entrypoints.web-external.http.redirections.entrypoint.scheme=https
- --entrypoints.web-external.http.redirections.entrypoint.permanent=true
- --entrypoints.web-internal.http.redirections.entrypoint.to=websecure-internal
- --entrypoints.web-internal.http.redirections.entrypoint.scheme=https
- --entrypoints.web-internal.http.redirections.entrypoint.permanent=true
- --api=true
- --api.dashboard=true
# - --api.insecure=true
# - --serversTransport.insecureSkipVerify=true
# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
- --entrypoints.websecure-external.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
- --entrypoints.websecure-internal.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
- --log=true
- --log.filePath=/logs/traefik.log
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/logs/access.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=204-299,400-499,500-599
- --providers.docker=true
# - --providers.docker.endpoint=unix:///var/run/docker.sock # Disable for Socket Proxy. Enable otherwise.
- --providers.docker.endpoint=tcp://socket-proxy:2375 # Enable for Socket Proxy. Disable otherwise.
- --providers.docker.exposedByDefault=false
- --providers.docker.network=t3_proxy
# - --providers.docker.swarmMode=false # Traefik v2 Swarm
# - --providers.swarm.endpoint=tcp://127.0.0.1:2377 # Traefik v3 Swarm
- --entrypoints.websecure-external.http.tls=true
- --entrypoints.websecure-external.http.tls.options=tls-opts@file
- --entrypoints.websecure-internal.http.tls=true
- --entrypoints.websecure-internal.http.tls.options=tls-opts@file
# Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services
- --entrypoints.websecure-external.http.tls.certresolver=dns-cloudflare
- --entrypoints.websecure-external.http.tls.domains[0].main=$DOMAINNAME_1
- --entrypoints.websecure-external.http.tls.domains[0].sans=*.$DOMAINNAME_1
- --entrypoints.websecure-internal.http.tls.certresolver=dns-cloudflare
- --entrypoints.websecure-internal.http.tls.domains[0].main=$DOMAINNAME_1
- --entrypoints.websecure-internal.http.tls.domains[0].sans=*.$DOMAINNAME_1
# - DOMAINS-PLACEHOLDER-DO-NOT-DELETE
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
- --providers.file.watch=true # Only works on top level files in the rules folder
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=120 # To delay DNS check and reduce LE hitrate
#- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.disablePropagationCheck=true
# - METRICS-PLACEHOLDER-DO-NOT-DELETE
ports:
- "80:80"
- "81:81"
- "443:443"
- "444:444"
# - "8080:8080"
volumes:
- $DOCKERDIR/appdata/traefik3/rules/$HOSTNAME:/rules
# - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security
- $DOCKERDIR/appdata/traefik3/acme/acme.json:/acme.json
- $DOCKERDIR/logs/$HOSTNAME/traefik:/logs
environment:
- TZ=$TZ
- CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token
- HTPASSWD_FILE=/run/secrets/basic_auth_credentials # HTTP Basic Auth Credentials
- DOMAINNAME_1 # Passing the domain name to traefik container to be able to use the variable in rules.
# - TRAEFIK_AUTH_BYPASS_KEY
secrets:
- cf_dns_api_token
- basic_auth_credentials
labels:
- "traefik.enable=true"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=websecure-internal"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_1`)"
# Services - API
- "traefik.http.routers.traefik-rtr.service=api@internal"
# Middlewares
- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file" # For Basic HTTP Authentication
nas.yml
http:
routers:
nas-rtr:
rule: "Host(`nas.{{env "DOMAINNAME_1"}}`)"
entryPoints:
- websecure-external
- websecure-internal
middlewares:
- chain-no-auth
service: nas-svc
tls:
certResolver: dns-cloudflare
options: tls-opts@file
services:
nas-svc:
loadBalancer:
passHostHeader: true
serversTransport: "nas-st"
servers:
- url: "https://192.168.10.254:6501" # https://IP-ADDRESS:PORT
serversTransports:
nas-st:
insecureSkipVerify: true
any ideias? Thanks