V2: https domain and subdomain, error 404

Hello everyone,

I have a small problem on one of my servers.

I would like to link to traefik under swarm two containers in https

• www . domain . com
• subdomain . domain . com

The two containers work very well if I activate them alone.
Unfortunately, if I activate them together ...
One of the containers goes into error 404 ... why?
This error is valid when https and using the same certificate created at gandi
the roads are well recognized in the API

do you know why ?
is this the certificate which could be the source of error?

thank you for your help

simplified version:
docker stack traefik:

version: '3.7'

services:
    reverse-proxy:
        image: traefik:latest
        ports:
            - target: 80
              published: 80
              mode: host
            - target: 443
              published: 443
              mode: host
            - target: 8080
              published: 49953
              mode: host
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
            - ./volumes/configuration/:/configuration:ro
            - ./volumes/certificates:/etc/traefik/certificates
            - ./volumes/letsencrypt:/etc/traefik/acme/letsencrypt
        networks:
            - overlay-traefik
        command:
            - "--global.sendAnonymousUsage=false"

            - "--providers.docker=true"
            - "--providers.docker.exposedByDefault=false"
            - "--providers.docker.watch=true"
            - "--providers.docker.swarmMode=true"
            - "--providers.docker.network=overlay-traefik"
            - "--providers.file.directory=/configuration/"
            - "--providers.file.watch=true"

            - "--api=true"
            - "--api.dashboard=true"
            - "--api.insecure"

            - "--entryPoints.http.address=:80"
            - "--entryPoints.https.address=:443"

            - "--certificatesResolvers.letsencrypt.acme.email=xx@xxx.com"
            - "--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme/letsencrypt/acme.json"
            - "--certificatesResolvers.letsencrypt.acme.httpChallenge=true"
            - "--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http"

        deploy:
            placement:
                constraints:
                    - node.role == manager
                    
networks:

    overlay-traefik:
        external: true
        driver: overlay

certificates.yml:

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/traefik/certificates/default.crt
        keyFile: /etc/traefik/certificates/default.key
  certificates:
    - certFile: /etc/traefik/certificates/domain.fr.crt
      keyFile: /etc/traefik/certificates/domain.fr.key

ex : docker-compose stack

version: '3.7'

services:

    test-container:
        image: nginx:latest
        networks:
            - overlay-traefik
        deploy:
            labels:
                - "traefik.enable=true"
                - "traefik.docker.network=overlay-traefik"
                - "traefik.http.services.test.loadbalancer.server.port=80"

                # HTTPS
                - "traefik.http.routers.test-https.rule=Host(`domain.com)"
                - "traefik.http.routers.test-https.priority=50" 
                - "traefik.http.routers.test-https.entrypoints=https"
                - "traefik.http.routers.test-https.tls=true"

networks:

    overlay-traefik:
        driver: overlay
        external: true

Alone :
http:

• www . domain . com => ok
• subdomain . domain . com => ok

https:

• www . domain . com => ok
• subdomain . domain . com => ok

the two containers together :
http:

• www . domain . com => ok
• subdomain . domain . com => ok

https:

• www . domain . com => ok
• subdomain . domain . com => 404

Welcome to the forum @romu

I think there is only half the config. Would need more to troubleshoot.

@cakiwi

actually, I didn't want to put too much on
I will put everything

===

docker stack for traefik
dir :traefik/docker-compose.stack.yml

version: '3.7'

services:
    reverse-proxy:
        image: traefik:latest
        ports:
            - target: 80
              published: 80
              mode: host
            - target: 443
              published: 443
              mode: host

            - target: 8080
              published: 49953
              mode: host
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
            - ./volumes/configuration/:/configuration:ro
            - ./volumes/certificates:/etc/traefik/certificates:ro
            - ./volumes/letsencrypt:/etc/traefik/acme/letsencrypt
        networks:
            - overlay-traefik
        command:
            - "--global.sendAnonymousUsage=false"

            - "--providers.docker=true"
            - "--providers.docker.exposedByDefault=false"
            - "--providers.docker.watch=true"
            - "--providers.docker.swarmMode=true"
            - "--providers.docker.network=overlay-traefik"
            - "--providers.file.directory=/configuration/"
            - "--providers.file.watch=true"

            - "--api=true"
            - "--api.dashboard=true"
            - "--api.insecure"

            - "--entryPoints.http.address=:80"
            - "--entryPoints.https.address=:443"

            - "--certificatesResolvers.letsencrypt.acme.email=xxx@xxx.com"
            - "--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme/letsencrypt/acme.json"
            - "--certificatesResolvers.letsencrypt.acme.httpChallenge=true"
            - "--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http"



        deploy:
            placement:
                constraints:
                    - node.role == manager
                    
networks:

    overlay-traefik:
        external: true
        driver: overlay

traefik/volumes/configuration/certificates.yml

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/traefik/certificates/default.crt
        keyFile: /etc/traefik/certificates/default.key
  certificates:
    - certFile: /etc/traefik/certificates/group.com.crt
      keyFile: /etc/traefik/certificates/group.com.key

group domain is the certificate grouping all my domains

• domain . com
• www . domain . com
• test . domain . com

=====
www . domain . com
dir: domain/docker-compose.stack.yml

version: '3.7'

services:

    domain:
        extra_hosts:
            - "xxxx:xxxxxx"
        networks:
            - overlay-db
            - overlay-traefik
        deploy:
            labels:
                - "traefik.enable=true"
                - "traefik.docker.network=overlay-traefik"
                - "traefik.http.services.website.loadbalancer.server.port=8069"


                # HTTP
                # Routers
                - "traefik.http.routers.website-http.rule=Host(`domain . com`) || Host(`www . domain . com`)"
                - "traefik.http.routers.website-http.priority=31"
                - "traefik.http.routers.website-http.entrypoints=http"
                - "traefik.http.routers.website-http.middlewares=website-redirect-http-https@docker"
                # Middlewares: http => https
                - "traefik.http.middlewares.website-redirect-http-https.redirectscheme.scheme=https"
                - "traefik.http.middlewares.website-redirect-http-https.redirectscheme.permanent=true"

                
                # HTTPS
                # Routers
                - "traefik.http.routers.website-https.rule=Host(`domain . com`) || Host(`www . domain . com`)"
                - "traefik.http.routers.website-https.priority=30"
                - "traefik.http.routers.website-https.entrypoints=https"
                - "traefik.http.routers.website-https.tls=true"
                - "traefik.http.routers.website-https.middlewares=website-redirect-https-www@docker, website-redirect-database@docker"
                # Middlewares: without www => www
                - "traefik.http.middlewares.website-redirect-https-www.redirectregex.regex=^https://(www.)?(.*)"
                - "traefik.http.middlewares.website-redirect-https-www.redirectregex.replacement=https://www.$${2}"
                - "traefik.http.middlewares.website-redirect-https-www.redirectregex.permanent=true"
                # Middlewares: database => index
                - "traefik.http.middlewares.website-redirect-database.redirectregex.regex=^(.*)/web/database/(manager|selector)"
                - "traefik.http.middlewares.website-redirect-database.redirectregex.replacement=$${1}"
                - "traefik.http.middlewares.website-redirect-database.redirectregex.permanent=true"


networks:

    overlay-db:
        driver: overlay
        external: true

    overlay-traefik:
        driver: overlay
        external: true

===

test . domain . com
dir: test-domain/docker-compose.stack.com

version: '3.7'

services:

    media:
        image: nginx:latest
        volumes:
            - ./volumes/data/marketing/public/:/usr/share/nginx/html
        networks:
            - overlay-traefik
        deploy:
            labels:
                - "traefik.enable=true"
                - "traefik.docker.network=overlay-traefik"
                - "traefik.http.services.media.loadbalancer.server.port=80"

                # Redirect http => https
                # Routers
                - "traefik.http.routers.media-redirect-http-https.rule=Host(`test . domain . com`)"
                - "traefik.http.routers.media-redirect-http-https.priority=53"
                #- "traefik.http.routers.media-redirect-http-https.entrypoints=http"
                # Middlewares:
                #- "traefik.http.routers.media-redirect-http-https.middlewares=media-redirect-http-https@docker"
                #- "traefik.http.middlewares.media-redirect-http-https.redirectscheme.scheme=https"
                #- "traefik.http.middlewares.media-redirect-http-https.redirectscheme.permanent=true"

                # HTTPS
                - "traefik.http.routers.media-https.rule=Host(`test.domain.com`)"
                - "traefik.http.routers.media-https.priority=52" 
                - "traefik.http.routers.media-https.entrypoints=https"
                - "traefik.http.routers.media-https.tls=true"
                - "traefik.http.routers.media-https.tls.certresolver=letsencrypt"

networks:

    overlay-traefik:
        driver: overlay
        external: true

here, I think there is everything that can interest

thanks again

@romu Looks like some regex errors in there. Escaping the dot after www should look like www\\.

It looks like you are trying to match the www. for a replace, but you put it right back together in the replace.

I don't quite have the time to pick it apart right now.

It seems that there are quite a few issues reported with 404 lately that depend on timing. E.g V2: Intermittent 404 errors across our docker containers and 404 even when route exists

actually I don't know why this is so
I corrected, but the problem does not come from the;)

@zespri A big thank-you !!!!

When I go back to 2.2.1 everything is fine!

Hey, I created a thread here: Consolidated 404 issues thread in versions since 2.2.1 where I'm trying to get us collectively to create a reproducible case that we can take to the developers. Yours configuration seems to be quite complete, and yet, it seems there are things missing. For example domain/docker-compose.stack.yml does not contain image which means it was probably edited by you before posting.

I'm trying to get a reproducible case that we can run, and that means that configurations need to be exact so that they could be run on the other people machines. If you can help, that would be greatly appreciated.

Indeed, but it's just to dissociate the prod from the dev.
That's what's missing..

version: '3.7'

services:

    domain:
        image: odoo:10.0
        env_file: .website.fr.env
        volumes:
            - ./volumes/odoo/var:/var/lib/odoo
            - ./volumes/odoo/etc:/etc/odoo
            - ./volumes/extra-addons:/mnt/extra-addons