Hello,
I recently moved my production app from Dokku to traefik-based setup ( Kamal to be more precise) and one thing stopped working for me. I can't be 100% sure but i checked all the other parts of the stack and it seems traefik is the only one left that can be making problems.
Basically, after the migration, my frontend is not able to connect to /cable endpoint of my app hosted with docker/traefik anymore. The message in browser log says: WebSocket connection to 'wss://domain.com/cable' failed: without giving me any more information about why it failed after the colon. Also, the app container log is empty for /cable route. The only suspicious thing i can see in traefik logs is this line:
2024-03-22T18:56:17.441214126Z time="2024-03-22T18:56:17Z" level=debug msg="'499 Client Closed Request' caused by: context canceled"
But i'm not sure if that's related as this app is on production already with decent traffic so i'm not able to tell if that relates to the failing wss connection or not. However, the amount of these logs doesn't match the amount of failed wss connection retries so i would say that's not it. Same for timing.
My traefik (via Kamal YAML syntax) config looks as follows. I know it's not a traefik syntax directly but i hope it's gonna be clear enough for you to understand what i have configured and what i don't.
web:
hosts:
- x.x.x.x
labels:
traefik.http.routers.domain.middlewares: domain-www-redirect@docker
traefik.http.routers.domain.entrypoints: websecure
traefik.http.routers.domain.rule: Host(`domain.com`) || Host(`www.domain.com`)
traefik.http.routers.domain.tls.certresolver: letsencrypt
traefik.http.routers.domain-ws.rule: Host(`domain.com`) && PathPrefix(`/cable`)
traefik.http.routers.domain-ws.entrypoints: wss
traefik.http.middlewares.domain-www-redirect.redirectregex.regex: ^https://www.(.*)
traefik.http.middlewares.domain-www-redirect.redirectregex.replacement: https://$1
traefik:
options:
network: "private"
publish:
- "443:443"
volume:
- "/letsencrypt/acme.json:/letsencrypt/acme.json"
args:
log.level: INFO
entryPoints.web.address: ":80"
entryPoints.websecure.address: ":443"
entryPoints.websecure.http.tls.domains[0].main: "domain.com"
entryPoints.websecure.http.tls.domains[0].sans: "www.domain.com"
entryPoints.web.http.redirections.entryPoint.to: websecure # We want to force https
entryPoints.web.http.redirections.entryPoint.scheme: https
entryPoints.web.http.redirections.entrypoint.permanent: true
certificatesResolvers.letsencrypt.acme.email: "email@example.com"
certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" # Must match the path in `volume`
certificatesResolvers.letsencrypt.acme.httpchallenge: true
certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web
Also, my website's SSL is properly configured and everything HTTP/HTTPS related is working fine on production, this issue is strictly about WSS connectins.
If there is anything i can do to help you help me - please just let me know 
Thank you in advance for any clues!