Reputation: 39
Add TLS to Traefik 2 router end with unavailable service
I have installed Traefik 2.8 on my server with Docker and I try to make the whoami docker image available through https with letsencrypt and acme challenge.
I can access whoami service without https configuration but when I add tls to the router labels, it doesn't work anymore.
Here is my config:
docker-compose.yml
version: '3.3'
services:
reverseproxy:
restart: always
image: traefik:v2.8
ports:
- "80:80"
- "8080:8080"
volumes:
- /srv/traefik.toml:/etc/traefik/traefik.toml
- /srv/acme.json:/acme.json
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.http.routers.reverseproxy.rule=Host(`reverseproxy.domain.dev`)"
- "traefik.http.routers.reverseproxy.service=api@internal"
- "traefik.http.services.api.loadbalancer.server.port=8080"
- "traefik.http.routers.reverseproxy.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_USER}:${TRAEFIK_PASSWORD}"
- "traefik.http.middlewares.auth.basicauth.headerField=X-WebAuth-User"
whoami:
# A container that exposes an API to show its IP address
image: traefik/whoami
labels:
- "traefik.http.routers.whoami.rule=Host(`whoami.domain.dev`)"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certResolver=le"
traefik.toml
[providers.docker]
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[api]
dashboard = true
[certificatesResolvers.le.acme]
email = "[email protected]"
storage = "acme.json"
caServer = "https://acme-v02.api.letsencrypt.org/directory"
keyType = "EC384"
[certificatesResolvers.le.acme.httpChallenge]
entryPoint = "web"
When I comment the 2 tls lines on whoami service labels, I can access http://whoami.domain.dev
but if I uncomment those 2 lines, I have those results:
https://whoami.domain.dev/ give me ERR_CONNECTION_REFUSED
and
http://whoami.domain.dev/ give me the 404 error from traefik.
When I look inside the acme.json file, I can see that the certificate have been created for whoami.domain.dev
I am pretty sure it's not a big matter but I can't figure it out =)
Thank you for your help!
Upvotes: 0
Views: 388
Answers (1)
Reputation: 39
I forgot to expose the 443 port on the docker-compose.yml of traefik :
ports:
- "80:80"
- "8080:8080"
- "443:443" <---
And now I can access https://whoami.domain.dev/ and http://whoami.domain.dev
Upvotes: 0
Related Questions
- Allow both http and https with Traefik on Docker
- How to connect to Traefik TCP Services with TLS configuration enabled?
- Getting 502 Bad Gateway when trying to configure HTTPS on Traefik
- Docker Traefik can't resolve DNS (Fails reaching server and obtaining certificates)
- Traefik 2 how to refer tls certificates inside static config for routing inside docker-compose files
- traefik v2.2 help using only docker-compose router service entrypoint
- Traefik SSL Issue in version 2.1.4
- Traefik is ignoring docker with traefik.enable=true set
- Traefik SSL configuration
- Traefik - local https not working. Unable to reach server