I am stuck and after a lot of google, documentation reading, testing, and even resorting to ChatGPT I am turning to the community for help.
Context:
I am rebuilding my little home server, improving configurations in general and moving from Cloudflared Tunnels to Traefik as I wanted to learn how to use it and serve video without potential issues from Cloudflare.
Right now I'm struggling with Portainer... I would like to be able to access the Portainer web UI through Traefik (eventually with something like Teleport for better authentication).
Below I have outlined my docker compose files for Traefik & Portainer as well as my Traefik configuration file.
Other info
- My system is running Ubuntu 22.04.3
- UFW is configured to allow ports 80 & 443
- Router is forwarding ports 80 and 443 to the correct machine
- Portainer is configured with "Force HTTPS" enabled
The Problem:
I am able to connect to Portainer by accessing the machine directly at 192.168.1.X:9443, however whenever I try to connect to is through portainer.mydomain.com it returns 500 "Internal Server Error".
I've looked at the reqeuest/response values in dev tools, however they don't reveal anything useful (at least to me)
I'm hoping that it's a simple error and the gap in my knowledge can be filled.
Please let me know if you need any more information about configurations or if there is another answer on here I didn't find.
Configurations:
Portainer (compose file)
version: '3.8'
services:
portainer:
container_name: portainer
image: portainer/portainer-ce:latest
restart: always
volumes:
- portainer_data:/data
- /var/run/docker.sock:/var/run/docker.sock
networks:
- private
ports:
- 9443:9443
labels:
# Frontend
- 'traefik.enable=true'
- 'traefik.http.routers.portainer.entrypoints=web, websecure'
- 'traefik.http.routers.portainer.rule=Host(`portainer.mydomain.com`)' # Removed sensate information
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=production'
- 'traefik.http.services.portainer.loadbalancer.server.port=9443'
- 'traefik.http.services.portainer.loadbalancer.server.scheme=https'
volumes:
portainer_data:
external: true
networks:
private:
external: true
Traefik (compose file)
version: '3.8'
services:
traefik:
image: 'traefik'
container_name: 'traefik'
restart: unless-stopped
ports:
- '80:80'
- '443:443'
- '8080:8080'
volumes:
- '/etc/traefik:/etc/traefik'
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- 'traefik-ssl-certs:/ssl-certs'
networks:
- gateway
- public
- private
volumes:
traefik-ssl-certs:
external: true
networks:
gateway:
external: true
public:
external: true
private:
external: true
Traefik (configuration file)
global:
checkNewVersion: true
sendAnonymousUsage: false
# -- (Optional) Change Log Level and Format here...
# - loglevels [DEBUG, INFO, WARNING, ERROR, CRITICAL]
# - format [common, json, logfmt]
log:
level: DEBUG
format: common
filePath: /var/log/traefik/traefik.log
# -- (Optional) Enable Accesslog and change Format here...
# - format [common, json, logfmt]
# accesslog:
# format: common
# filePath: /var/log/traefik/access.log
# -- (Optional) Enable API and Dashboard here, don't do in production
api:
dashboard: true
insecure: true
# -- Change EntryPoints here...
entryPoints:
web:
address: :80
# -- (Optional) Redirect all HTTP to HTTPS
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
# -- (Optional) Add custom Entrypoint
# custom:
# address: :8080
# -- Configure your CertificateResolver here...
certificatesResolvers:
staging:
acme:
email: [email protected] # Removed sensate information
storage: /ssl-certs/acme.json
caServer: 'https://acme-staging-v02.api.letsencrypt.org/directory'
httpChallenge:
entryPoint: web
production:
acme:
email: [email protected] # Removed sensate information
storage: /ssl-certs/acme.json
caServer: 'https://acme-v02.api.letsencrypt.org/directory'
httpChallenge:
entryPoint: web
# -- (Optional) Disable TLS Cert verification check
# serversTransport:
# insecureSkipVerify: true
# -- (Optional) Overwrite Default Certificates
# tls:
# stores:
# default:
# defaultCertificate:
# certFile: /etc/traefik/certs/cert.pem
# keyFile: /etc/traefik/certs/cert-key.pem
# -- (Optional) Disable TLS version 1.0 and 1.1
# options:
# default:
# minVersion: VersionTLS12
providers:
docker:
exposedByDefault: false
file:
directory: /etc/traefik
watch: true
I think you are experiencing this problem because both traefik and portainer are trying to handle the HTTPS connection. Try changing the port to
9000(let traefik handle https):