I'm new to Docker and newer to Traefik, but I tried going through the documentation, examples, and questions regarding this - and it still doesn't work.
I have a Raspberry Pi running Linux 4.19.118-v7 on which I've installed Docker. I also have OctoPrint installed as a service which is in a working state. When setup with HAProxy, I have full access to it.
I tried installing Traefik with Docker, disable HAProxy, and let Traefik handle the connection.
Traefik works, as I can see its dashboard, but the way I routed everything gives me a Bad Gateway (502) response.
I can do a curl http://127.0.0.1:5000 on the Pi which returns me the page I want, so there's something there, just not accessible with Traefik.
I have three files responsible:
Docker-compose.yml
version: '3.4'
services:
traefik:
# The official v2 Traefik docker image
image: traefik:v2.2.7
# Enables the web UI and tells Traefik to listen to docker
command: --providers.docker
container_name: "traefik"
ports:
# The HTTP port
- "80:80"
# The Web UI (enabled by --api.insecure=true)
- "8088:8080"
# The HTTPS port
- "443:443"
volumes:
# So that Traefik can listen to the Docker events
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.yml:/traefik.yml:ro"
- "./acme.json:/acme.json"
- "./conf/traefik_dynamic.yml:/conf/traefik_dynamic.yml"
labels:
- "traefik.enable=true"
- "traefik.port=80"
networks:
- traefik-network
networks:
traefik-network:
external:
name: traefik_default
I run this with docker -f ./docker-compose.yml up -d.
It picks up the static configuration file traefik.yml:
## STATIC CONFIGURATION
log:
level: DEBUG
api:
insecure: true
dashboard: true
entryPoints:
web:
address: ":80"
webSecure:
address: ":443"
providers:
file:
directory: /conf
watch: true
certificatesResolvers:
lets-encr:
acme:
#caServer: https://acme-staging-v02.api.letsencrypt.org/directory
storage: acme.json
email: [email protected]
httpChallenge:
entryPoint: web
And the dynamic configurations of conf/trafik_dynamic.yml:
http:
routers:
to-octoprint:
rule: "Host(`3d.myWebsite.io`)"
service: octoprint
entryPoints:
- web
services:
octoprint:
loadBalancer:
servers:
- url: "http://127.0.0.1:5000"
providers:
docker: {}
This all result in the Bad Gateway when I try to hit http://3d.myWebsite.io (not my real site, mind you), so I went to the log in Debug mode.
It spits out 4 lines twice per request:
msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="..."
msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" Request="..." ForwardURL="http://127.0.0.1:5000"
msg="'502 Bad Gateway' caused by: dial tcp 127.0.0.1:5000: connect: connection refused"
msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="..."
The request looks like this:
{
"Method": "GET",
"URL": {
"Scheme": "",
"Opaque": "",
"User": null,
"Host": "",
"Path": "/",
"RawPath": "",
"ForceQuery": false,
"RawQuery": "",
"Fragment": ""
},
"Proto": "HTTP/1.1",
"ProtoMajor": 1,
"ProtoMinor": 1,
"Header": {
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
],
"Accept-Encoding": [
"gzip, deflate"
],
"Accept-Language": [
"en-US,en;q=0.9,da;q=0.8,jv;q=0.7,sv;q=0.6,nb;q=0.5,nl;q=0.4"
],
"Cache-Control": [
"max-age=0"
],
"Connection": [
"keep-alive"
],
"Upgrade-Insecure-Requests": [
"1"
],
"User-Agent": [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
],
"X-Forwarded-Host": [
"3d.myWebsite.io"
],
"X-Forwarded-Port": [
"80"
],
"X-Forwarded-Proto": [
"http"
],
"X-Forwarded-Server": [
"db3b41941e8c"
],
"X-Real-Ip": [
"192.168.1.1"
]
},
"ContentLength": 0,
"TransferEncoding": null,
"Host": "3d.myWebsite.io",
"Form": null,
"PostForm": null,
"MultipartForm": null,
"Trailer": null,
"RemoteAddr": "192.168.1.1:56060",
"RequestURI": "/",
"TLS": null
}
The /etc/haproxy/haproxy.cfg that allowed this to work now looks as so:
global
maxconn 4096
user haproxy
group haproxy
log 127.0.0.1 local1 debug
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
option http-server-close
option forwardfor
maxconn 2000
timeout connect 5s
timeout client 15min
timeout server 15min
#frontend public
# bind :::80 v4v6
# bind :::443 v4v6 ssl crt /etc/ssl/snakeoil.pem
# option forwardfor except 127.0.0.1
# use_backend webcam if { path_beg /webcam/ }
# default_backend octoprint
#backend octoprint
# acl needs_scheme req.hdr_cnt(X-Scheme) eq 0
# reqrep ^([^\ :]*)\ /(.*) \1\ /\2
# reqadd X-Scheme:\ https if needs_scheme { ssl_fc }
# reqadd X-Scheme:\ http if needs_scheme !{ ssl_fc }
# option forwardfor
# server octoprint1 127.0.0.1:5000
# errorfile 503 /etc/haproxy/errors/503-no-octoprint.http
#backend webcam
# reqrep ^([^\ :]*)\ /webcam/(.*) \1\ /\2
# server webcam1 127.0.0.1:8080
# errorfile 503 /etc/haproxy/errors/503-no-webcam.http
What can I do?
You are trying to redirect the request to
127.0.0.1of traefik's docker container, but the service is running in a different container or directly in the host.You can either:
--net=hostin case your service is running in host directly