502 Bad Gateway for some services via Traefik

Question

Docker and Traefik newbie here. I'm trying to configure Traefik to reach couple of services. For some I succeeded, for some I did not and I'm getting 502 Bad Gateway errors.

I used similar rules for routing for Nginx and Pihole. When I access https://myhost/nginx the service answers correctly, serves a test page. When I access https://myhost/pihole I expect to get pihole page, but instead page loads for 5 mins and I get 502 Bad Gateway.

For the record, I'm still having some issues with certs, still getting some default ones instead of production ones, but that's probably not related.

As checked in Portainer- Traefik, Pihole and Nginx are in the same network: "all_default".

What might be the reason?

Here's my docker-compose.yml.

version: '3'

services:
  portainer:
    image: portainer/portainer:latest
    ports:
      - "9000:9000"
    command:
      - --admin-password=<somePwd>
    networks:
      - local
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer-data:/data

  traefik:
    image: "traefik:v2.5"
    container_name: "traefik"
    ports:
      - "80:80"
      - "443:443"
      # (Optional) Expose Dashboard
      - "8080:8080"  # Don't do this in production!
    volumes:
      - ./etc-traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-ssl-certs:/ssl-certs
    command:
      - --log.level=DEBUG
  
  nginx:
    image: nginx:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nginx.middlewares=nginx"
      - "traefik.http.middlewares.nginx.stripprefix.prefixes=/nginx"
      - "traefik.http.routers.nginx.entrypoints=web,websecure"
      - "traefik.http.routers.nginx.rule=Path(`/nginx`)"
      - "traefik.http.routers.nginx.tls=true"
      - "traefik.http.routers.nginx.tls.certresolver=production"

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    environment:
      TZ: 'Europe/Warsaw'
      DNS1: 127.0.0.1
      DNS2: 9.9.9.9
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
      - '/etc/resolv.conf:/etc/resolv.conf'
    restart: unless-stopped
    command:
      - --log.level=DEBUG
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pihole.middlewares=pihole"
      - "traefik.http.middlewares.pihole.stripprefix.prefixes=/pihole"
      - "traefik.http.routers.pihole.entrypoints=web,websecure"
      - "traefik.http.routers.pihole.rule=Path(`/pihole`)"
      - "traefik.http.routers.pihole.tls=true"
      - "traefik.http.routers.pihole.tls.certresolver=production"
      - "traefik.port=80"
    
networks:
  local:
    driver: bridge

volumes:
  portainer-data:
  traefik-ssl-certs:
    driver: local

and my configuration file for Traefik:

global:
  checkNewVersion: true
  sendAnonymousUsage: false  # true by default

# (Optional) Enable API and Dashboard
# ---
api:
 dashboard: true  # true by default
 insecure: true  # Don't do this in production!

# Entry Points configuration
# ---
entryPoints:
  web:
    address: :80
    # (Optional) Redirect to HTTPS
    # ---
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443

# Configure your CertificateResolver here...
# ---
certificatesResolvers:
  staging:
    acme:
      email: email@email
      storage: /etc/traefik/certs/acme.json
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web

  production:
    acme:
      email: email@email
      storage: /etc/traefik/certs/acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web

providers:
  docker:
    exposedByDefault: false  # Default is true
  file:
    # watch for dynamic configuration changes
    directory: /etc/traefik
    watch: true

Network in Portainer

Answer 1

Solved. What did the trick for me was using a following label in pihole section:

traefik.http.services.pihole.loadbalancer.server.port=80