Website "Unable to connect" after certificate certificate obtained

SheepYY039 · April 19, 2023, 8:37am

I am trying to move all my docker containers from my synology nas to a nuc ubuntu server. But when I up the containers, I can access them through local ip addresses with ports, but the addresses traefik.mydomain.com and whoami.mydomain.com doesn't work. Any help or ideas will be appreciated. Thanks in advance.

Traefik logs

Attaching to traefik, yyymx_whoami_1
traefik              | time="2023-04-19T08:29:23Z" level=info msg="Configuration loaded from flags."
traefik              | time="2023-04-19T08:29:23Z" level=info msg="Traefik version 2.7.3 built on 2022-06-29T13:48:15Z"
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ index .Labels \\\"com.docker.compose.service\\\" }}.mydomain.com`)\",\"swarmModeRefreshSeconds\":\"15s\"}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"pilot\":{\"dashboard\":true}}"
traefik              | time="2023-04-19T08:29:23Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
traefik              | time="2023-04-19T08:29:23Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Starting TCP Server" entryPointName=traefik
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Starting TCP Server" entryPointName=websecure
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Starting TCP Server" entryPointName=web
traefik              | time="2023-04-19T08:29:23Z" level=info msg="Starting provider *docker.Provider"
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ index .Labels \\\"com.docker.compose.service\\\" }}.mydomain.com`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
traefik              | time="2023-04-19T08:29:23Z" level=info msg="Starting provider *traefik.Provider"
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="*traefik.Provider provider configuration: {}"
traefik              | time="2023-04-19T08:29:23Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Provider connection established with docker 23.0.4 (API 1.42)" providerName=docker
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"traefik\":{\"service\":\"api@internal\",\"rule\":\"HOST(`traefik.mydomain.com`)\"},\"whoami\":{\"entryPoints\":[\"web\"],\"service\":\"whoami-yyymx\",\"rule\":\"Host(`whoami.mydomain.com`)\"}},\"services\":{\"traefik-yyymx\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.3:80\"}],\"passHostHeader\":true}},\"whoami-yyymx\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:80\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal middlewareType=StripPrefix
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web websecure]" routerName=traefik
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareType=TracingForwarder middlewareName=tracing
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal middlewareType=StripPrefix
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik middlewareName=dashboard_stripprefix@internal routerName=dashboard@internal
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal entryPointName=traefik middlewareName=dashboard_redirect@internal
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal middlewareName=tracing
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating middleware" entryPointName=web routerName=whoami@docker serviceName=whoami-yyymx middlewareName=pipelining middlewareType=Pipelining
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating load-balancer" routerName=whoami@docker serviceName=whoami-yyymx entryPointName=web
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating server 0 http://172.18.0.2:80" serverName=0 routerName=whoami@docker serviceName=whoami-yyymx entryPointName=web
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="child http://172.18.0.2:80 now UP"
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Propagating new UP status"
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Added outgoing tracing middleware whoami-yyymx" routerName=whoami@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=traefik@docker
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik              | time="2023-04-19T08:29:23Z" level=debug msg="Creating middleware" entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
whoami_1             | 2023/04/19 08:29:23 Starting up on port 80

Traefik configuration

 whoami: 
    image: "traefik/whoami" 
    labels: 
      - "traefik.enable=true" 
      - "traefik.http.routers.whoami.rule=Host(`whoami.$DOMAIN`)" 
      - "traefik.http.routers.whoami.entrypoints=web" 
  traefik: 
    image: "traefik:latest" 
    container_name: "traefik" 
    restart: unless-stopped 
    security_opt: 
      - no-new-privileges:true 
        #env_file: .env 
    ports: 
      - "80:80" 
      - "443:443" 
      - "29090:8080" 
    environment: 
      - CF_API_EMAIL=${CLOUDFLARE_EMAIL} 
      - CF_API_KEY=${CLOUDFLARE_API_KEY} 
        #    networks:
        #- web_proxy
    command:
      # Global settings
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=false

      # Entrypoints
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443

      # Dashboard
      #- --api=true
      - --api.dashboard=true
      - --api.insecure=true
        #- --api.debug=false

      # Log
      - --log=true
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC

      # Certificate
      #- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server
      - --certificatesResolvers.dns-cloudflare.acme.email=${CLOUDFLARE_EMAIL}
      - --certificatesResolvers.dns-cloudflare.acme.storage=/etc/traefik/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      #      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=["1.1.1.1:53","8.8.8.8:53"]

      # Docker provider
      - --providers.docker=true
      - --providers.docker.watch=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.exposedByDefault=false
      - --providers.docker.useBindPortIP=false
        #- --providers.docker.network=web_proxy
      - --providers.docker.swarmMode=false
      - --providers.docker.defaultRule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAIN`)
   volumes:
      #      - "./config/traefik/rules.yaml:/etc/traefik/rules.yaml:ro"
      #      - "./config/traefik/rules:/etc/traefik/rules:ro"
      - "./config/traefik/acme.json:/etc/traefik/acme.json"
      - /var/log:/var/log:rw
        #- "./config/traefik/traefik.yaml:/etc/traefik/traefik.yaml:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - traefik.enable=true
      - "traefik.http.routers.traefik.rule=HOST(`traefik.$DOMAIN`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=dns-cloudflare"
      - "traefik.http.routers.traefik.entrypoints=web,websecure"

      # Basic auth
      - "traefik.http.routers.traefik.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=$TRAEFIK_USER_PASSWORD"

bluepuma77 · May 17, 2023, 11:53am

It’s best practice to use an explicit Docker network to connect Traefik with the services, see simple Traefik example.

Did you create the sub-domains with an A record at your DNS provider?

Topic		Replies	Views
Trouble setting up Traefik on a Synology NAS in Docker Traefik v2 (latest) docker	2	55	April 18, 2024
Beginner try to configure traefik Traefik v2 (latest) docker	7	1323	July 6, 2020
Need Help with Traefik and Docker Compose Setup - Can't Access Containers Externally Traefik v2 (latest) docker	2	1311	December 8, 2023
Traefik v2 Forward to External Host via Docker-Compose Traefik v2 (latest) docker	1	1437	August 27, 2020
Traefik v2 configuration does not work Traefik v2 (latest) docker	1	378	May 16, 2020

Website "Unable to connect" after certificate certificate obtained

Related Topics