Whoami site no longer accessible externally

Traefik Traefik v3 (latest)
1

I've been using my rosskevin/mediabox setup for many years with traefik, it's worked well. Recently, it became unavailable. I try to keep containers up to date etc, but can't seem to narrow down the failure. My ubiquity edge router was up for 5 months, so that wasn't it (though I have since restarted). This was exclusive to 443, but I also just ensured 80 was open and forwarded properly. This was a working https scenario previously.

I have (today) broken this down to the most fundamental test case to try and identify the issue. I cannot get the simplest whoami to work (from an external perspective). Here is a test config, comments indicate what works/doesn't work:

# https://doc.traefik.io/traefik/getting-started/quick-start/

# works (on the local net)
# curl -H Host:whoami.example.com http://127.0.0.1
# curl -H Host:whoami.example.com http://192.168.1.191

# doesn't work from inside the net, doesn't work from 
#   outside the net e.g. mobile http://whoami.example.com
# curl -H Host:whoami.example.com http://74.123.123.123 (example wan ip)

services:
  traefik-test:
    image: traefik:v3.3
    command: 
      - --api.insecure=true 
      - --providers.docker
      # Set default rule to use container name as subomain e.g. whoami.example.com
      - --providers.docker.defaultRule=Host(`{{ index .Labels "com.docker.compose.service" }}.${DOMAIN}`)
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
  whoami:
    image: traefik/whoami

The traefik service also looks good:

SCR-20250215-nygk
SCR-20250215-nygk1455×940 58.6 KB

I'm guessing this was an update that changed things, but I can't seem to even get the basics to work! I'm missing something fundamental here...how do I figure out what the blocker is? Cloudflare is paused, DNS proxies off.

What are my next steps to verify/debug external access?

2

Enable Traefik debug log (doc).

3

Already did that, no hits. I'm thinking I VPN externally and nmap my public IP next...

4

Did you upgrade Docker to v28? There are currently some issues about broken networking.

5

It appears I'm still on 25

kross@media:~$ docker -v
Docker version 25.0.3, build 4debf41
6

I VPN'd out, and nmap says my ports are open:

~ ❯❯❯ sudo nmap -sS -O -p80,443 74.123.18.136                                                                                                                                                                                                                                  
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-26 18:38 CST
Nmap scan report for 74.123.18.136
Host is up (0.038s latency).

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
7

Something is strange. Your compose only opens ports 80 and 8080.

Compare to simple Traefik example.

8

Thanks @bluepuma77, I should have mentioned that I've been playing with my configs trying both 443 with letsEncrypt, as well as straight http with 80. I'm going to stick to stripped down 80 and try to get it public again, that is the simplest.

On local net, it's good, nmap shows it being exposed (if indeed my VPN external test is good), but I just tried Port Checker - Check Open Ports Online checking 80, and it shows timed out. That's consistent with what I'm seeing. Perhaps my local ISP is blocking me?

9

I figured it out after I called the ISP. They made a change to their network, and something was not right and it was dropping traffic. The external port checker really helped here, and they were very helpful (switched me back to the old network it seems).

10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.