Error connecting from Traefik to a service running on a diferent swarm node

Question

This is my stack file:

services:

  traefik:
    image: traefik:v2.9.6
    ports:
      - 80:80
      - 443:443
    deploy:
      placement:
        constraints:
          - 'node.hostname == arasaac2'
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
        - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
        - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
        - traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
        - traefik.http.routers.traefik-public-http.entrypoints=http
        - traefik.http.routers.traefik-public-http.middlewares=https-redirect
        - traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable not set}`)
        - traefik.http.routers.traefik-public-https.entrypoints=https
        - traefik.http.routers.traefik-public-https.tls=true
        - traefik.http.routers.traefik-public-https.service=api@internal
        - traefik.http.routers.traefik-public-https.tls.certresolver=le
        - traefik.http.routers.traefik-public-https.middlewares=admin-auth
        - traefik.http.services.traefik-public.loadbalancer.server.port=8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-public-certificates:/certificates
    command:
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=traefik-public
      - --providers.docker.swarmmode
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      - --certificatesresolvers.le.acme.tlschallenge=true
      - --accesslog
      - --log=DEBUG
      - --api
    networks:
      - traefik-public

  web1:
    image: 'nginx'
    networks:
      - traefik-public
    deploy:
      restart_policy:
        condition: on-failure
      placement:
        constraints:
          - 'node.hostname == swarmtest'
      replicas: 1
      labels:
        - traefik.enable=true
        - traefik.http.routers.web1.entrypoints=http
        - traefik.docker.network=traefik-public
        - traefik.http.services.web1.loadbalancer.server.port=80
        - traefik.http.services.web1.loadbalancer.server.scheme=http
        - traefik.http.routers.web1.tls=false
        # - traefik.http.routers.web1.tls.certresolver=production
        - traefik.http.routers.web1.rule=Host(`web1.arasaac.org`)

volumes:
  traefik-public-certificates:

networks:
  traefik-public:
    external: true

When traefik and web1 are running on the manager node (hostname: arasaac2) everything works ok. If I move web1 service to a worker node I get a 504 error. These are the logs from traefik:

proxy_traefik.1.6sld8nuc0wo6@arasaac2    | 10.0.0.2 - - [26/Apr/2023:11:05:12 +0000] "GET / HTTP/1.1" 499 21 "-" "-" 27 "web1@docker" "http://10.0.5.30:80" 3925ms
proxy_traefik.1.6sld8nuc0wo6@arasaac2    | 10.0.0.2 - - proxy_traefik.1.6sld8nuc0wo6@arasaac2    | 10.0.0.2 - - [26/Apr/2023:11:05:16 +0000] "GET / HTTP/1.1" 504 15 "-" "-" 28 "web1@docker" "http://10.0.5.30:80" 30000ms

I ping from traefik container to web1 succesfully.

Answer 1

Just solved! One machine was a vmware instance. I had to change a port to make it work: docker swarm init --data-path-port=7789