romu
July 10, 2020, 12:42pm
1
Hello everyone,
I have a small problem on one of my servers.
I would like to link to traefik under swarm two containers in https
www . domain . com
subdomain . domain . com
The two containers work very well if I activate them alone.
Unfortunately, if I activate them together ...
One of the containers goes into error 404 ... why?
This error is valid when https and using the same certificate created at gandi
the roads are well recognized in the API
do you know why ?
is this the certificate which could be the source of error?
thank you for your help
simplified version :
docker stack traefik:
version: '3.7'
services:
reverse-proxy:
image: traefik:latest
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 49953
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./volumes/configuration/:/configuration:ro
- ./volumes/certificates:/etc/traefik/certificates
- ./volumes/letsencrypt:/etc/traefik/acme/letsencrypt
networks:
- overlay-traefik
command:
- "--global.sendAnonymousUsage=false"
- "--providers.docker=true"
- "--providers.docker.exposedByDefault=false"
- "--providers.docker.watch=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.network=overlay-traefik"
- "--providers.file.directory=/configuration/"
- "--providers.file.watch=true"
- "--api=true"
- "--api.dashboard=true"
- "--api.insecure"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--certificatesResolvers.letsencrypt.acme.email=xx@xxx.com"
- "--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme/letsencrypt/acme.json"
- "--certificatesResolvers.letsencrypt.acme.httpChallenge=true"
- "--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http"
deploy:
placement:
constraints:
- node.role == manager
networks:
overlay-traefik:
external: true
driver: overlay
certificates.yml:
tls:
stores:
default:
defaultCertificate:
certFile: /etc/traefik/certificates/default.crt
keyFile: /etc/traefik/certificates/default.key
certificates:
- certFile: /etc/traefik/certificates/domain.fr.crt
keyFile: /etc/traefik/certificates/domain.fr.key
ex : docker-compose stack
version: '3.7'
services:
test-container:
image: nginx:latest
networks:
- overlay-traefik
deploy:
labels:
- "traefik.enable=true"
- "traefik.docker.network=overlay-traefik"
- "traefik.http.services.test.loadbalancer.server.port=80"
# HTTPS
- "traefik.http.routers.test-https.rule=Host(`domain.com)"
- "traefik.http.routers.test-https.priority=50"
- "traefik.http.routers.test-https.entrypoints=https"
- "traefik.http.routers.test-https.tls=true"
networks:
overlay-traefik:
driver: overlay
external: true
Alone :
http:
www . domain . com => ok
subdomain . domain . com => ok
https:
www . domain . com => ok
subdomain . domain . com => ok
the two containers together :
http:
www . domain . com => ok
subdomain . domain . com => ok
https:
www . domain . com => ok
subdomain . domain . com => 404
cakiwi
July 10, 2020, 1:20pm
2
Welcome to the forum @romu
I think there is only half the config. Would need more to troubleshoot.
romu
July 10, 2020, 2:31pm
3
@cakiwi
actually, I didn't want to put too much on
I will put everything
===
docker stack for traefik
dir :traefik/docker-compose.stack.yml
version: '3.7'
services:
reverse-proxy:
image: traefik:latest
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 49953
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./volumes/configuration/:/configuration:ro
- ./volumes/certificates:/etc/traefik/certificates:ro
- ./volumes/letsencrypt:/etc/traefik/acme/letsencrypt
networks:
- overlay-traefik
command:
- "--global.sendAnonymousUsage=false"
- "--providers.docker=true"
- "--providers.docker.exposedByDefault=false"
- "--providers.docker.watch=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.network=overlay-traefik"
- "--providers.file.directory=/configuration/"
- "--providers.file.watch=true"
- "--api=true"
- "--api.dashboard=true"
- "--api.insecure"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--certificatesResolvers.letsencrypt.acme.email=xxx@xxx.com"
- "--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme/letsencrypt/acme.json"
- "--certificatesResolvers.letsencrypt.acme.httpChallenge=true"
- "--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http"
deploy:
placement:
constraints:
- node.role == manager
networks:
overlay-traefik:
external: true
driver: overlay
traefik/volumes/configuration/certificates.yml
tls:
stores:
default:
defaultCertificate:
certFile: /etc/traefik/certificates/default.crt
keyFile: /etc/traefik/certificates/default.key
certificates:
- certFile: /etc/traefik/certificates/group.com.crt
keyFile: /etc/traefik/certificates/group.com.key
group domain is the certificate grouping all my domains
domain . com
www . domain . com
test . domain . com
=====
www . domain . com
dir: domain/docker-compose.stack.yml
version: '3.7'
services:
domain:
extra_hosts:
- "xxxx:xxxxxx"
networks:
- overlay-db
- overlay-traefik
deploy:
labels:
- "traefik.enable=true"
- "traefik.docker.network=overlay-traefik"
- "traefik.http.services.website.loadbalancer.server.port=8069"
# HTTP
# Routers
- "traefik.http.routers.website-http.rule=Host(`domain . com`) || Host(`www . domain . com`)"
- "traefik.http.routers.website-http.priority=31"
- "traefik.http.routers.website-http.entrypoints=http"
- "traefik.http.routers.website-http.middlewares=website-redirect-http-https@docker"
# Middlewares: http => https
- "traefik.http.middlewares.website-redirect-http-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.website-redirect-http-https.redirectscheme.permanent=true"
# HTTPS
# Routers
- "traefik.http.routers.website-https.rule=Host(`domain . com`) || Host(`www . domain . com`)"
- "traefik.http.routers.website-https.priority=30"
- "traefik.http.routers.website-https.entrypoints=https"
- "traefik.http.routers.website-https.tls=true"
- "traefik.http.routers.website-https.middlewares=website-redirect-https-www@docker, website-redirect-database@docker"
# Middlewares: without www => www
- "traefik.http.middlewares.website-redirect-https-www.redirectregex.regex=^https://(www.)?(.*)"
- "traefik.http.middlewares.website-redirect-https-www.redirectregex.replacement=https://www.$${2}"
- "traefik.http.middlewares.website-redirect-https-www.redirectregex.permanent=true"
# Middlewares: database => index
- "traefik.http.middlewares.website-redirect-database.redirectregex.regex=^(.*)/web/database/(manager|selector)"
- "traefik.http.middlewares.website-redirect-database.redirectregex.replacement=$${1}"
- "traefik.http.middlewares.website-redirect-database.redirectregex.permanent=true"
networks:
overlay-db:
driver: overlay
external: true
overlay-traefik:
driver: overlay
external: true
===
test . domain . com
dir: test-domain/docker-compose.stack.com
version: '3.7'
services:
media:
image: nginx:latest
volumes:
- ./volumes/data/marketing/public/:/usr/share/nginx/html
networks:
- overlay-traefik
deploy:
labels:
- "traefik.enable=true"
- "traefik.docker.network=overlay-traefik"
- "traefik.http.services.media.loadbalancer.server.port=80"
# Redirect http => https
# Routers
- "traefik.http.routers.media-redirect-http-https.rule=Host(`test . domain . com`)"
- "traefik.http.routers.media-redirect-http-https.priority=53"
#- "traefik.http.routers.media-redirect-http-https.entrypoints=http"
# Middlewares:
#- "traefik.http.routers.media-redirect-http-https.middlewares=media-redirect-http-https@docker"
#- "traefik.http.middlewares.media-redirect-http-https.redirectscheme.scheme=https"
#- "traefik.http.middlewares.media-redirect-http-https.redirectscheme.permanent=true"
# HTTPS
- "traefik.http.routers.media-https.rule=Host(`test.domain.com`)"
- "traefik.http.routers.media-https.priority=52"
- "traefik.http.routers.media-https.entrypoints=https"
- "traefik.http.routers.media-https.tls=true"
- "traefik.http.routers.media-https.tls.certresolver=letsencrypt"
networks:
overlay-traefik:
driver: overlay
external: true
here, I think there is everything that can interest
thanks again
cakiwi
July 10, 2020, 7:56pm
4
@romu Looks like some regex errors in there. Escaping the dot after www should look like www\\.
It looks like you are trying to match the www.
for a replace, but you put it right back together in the replace.
I don't quite have the time to pick it apart right now.
zespri
July 11, 2020, 2:07pm
5
It seems that there are quite a few issues reported with 404 lately that depend on timing. E.g V2: Intermittent 404 errors across our docker containers and 404 even when route exists
1 Like
romu
July 11, 2020, 3:10pm
6
actually I don't know why this is so
I corrected, but the problem does not come from the;)
romu
July 11, 2020, 3:11pm
7
@zespri A big thank-you !!!!
When I go back to 2.2.1 everything is fine!
zespri
July 11, 2020, 11:08pm
8
Hey, I created a thread here: Consolidated 404 issues thread in versions since 2.2.1 where I'm trying to get us collectively to create a reproducible case that we can take to the developers. Yours configuration seems to be quite complete, and yet, it seems there are things missing. For example domain/docker-compose.stack.yml
does not contain image
which means it was probably edited by you before posting.
I'm trying to get a reproducible case that we can run, and that means that configurations need to be exact so that they could be run on the other people machines. If you can help, that would be greatly appreciated.
romu
July 15, 2020, 7:25am
9
Indeed, but it's just to dissociate the prod from the dev.
That's what's missing..
version: '3.7'
services:
domain:
image: odoo:10.0
env_file: .website.fr.env
volumes:
- ./volumes/odoo/var:/var/lib/odoo
- ./volumes/odoo/etc:/etc/odoo
- ./volumes/extra-addons:/mnt/extra-addons
1 Like