CODEWITHSUNDEEP
fedoratraefikpodmanpodman-networkingquadlet
Francesco Scheffczyk
Francesco Scheffczyk

Reputation: 1

Traefik in Podman container can not proxy to server running on host via host.container.internal:8000

I am currently having a problem with accessing the host system from a Podman Container running Traefik.

I am running this on a Fedora Server Fedora release 40 (Forty) with Podman 5.3.1.

I am spawning the container from a Quadlet file. It looks like this:

[Unit]
Description=Traefik – Reverse Proxy and Load Balancer
Wants=network.target
After=network.target

[Container]
ContainerName=traefik
Image=docker.io/traefik:v3.0
PublishPort=80:80
PublishPort=443:443
PublishPort=8080:8080
Network=proxy

Volume=${TRAEFIK_SERVICE_PATH}/data/config/traefik.yml:/etc/traefik/traefik.yml:Z
Volume=${TRAEFIK_SERVICE_PATH}/data/config/sys-net-visible.yml:/etc/traefik/sys-net-visible.yml:Z
Volume=${TRAEFIK_SERVICE_PATH}/data/letsencrypt/acme.json:/letsencrypt/acme.json:Z
Volume=${TRAEFIK_SERVICE_PATH}/data/users/:/users/:Z
Volume=/run/user/%U/podman/podman.sock:/var/run/docker.sock:z

# Security option
SecurityLabelType=container_runtime_t

# Labels for Traefik
Label=traefik.enable=true
Label=traefik.http.routers.traefik.rule=Host(`${HOST}`)
Label=traefik.http.routers.traefik.service=api@internal
Label=traefik.http.routers.traefik.tls=true
Label=traefik.http.routers.traefik.tls.certresolver=production
Label="traefik.http.routers.traefik.entrypoints=web, websecure"
Label=traefik.http.routers.traefik.middlewares=authtraefik
Label=traefik.http.middlewares.authtraefik.basicauth.usersfile=/users/users.txt

[Service]
Restart=always

Environment=TRAEFIK_SERVICE_PATH=%h/services/infrastructure/traefik
EnvironmentFile=%h/services/infrastructure/traefik/.env

[Install]
WantedBy=multi-user.target default.target

Now I want to use Traefik to proxy also a web server that is running on the host in addition to some containers. For that I want to use a static configuration that sets a provider and service to host.containers.internal:8000 to make the service accessible to Traefik.

The Traefik config looks like this:

global:
  checkNewVersion: false
  sendAnonymousUsage: false

log:
  level: DEBUG
  format: common
  filePath: /var/log/traefik/traefik.log

api:
  dashboard: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"

certificatesResolvers:
  staging:
    acme:
      email: YOUR_EMAIL
      storage: /letsencrypt/acme.json
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web
     
  production:
    acme:
      email: YOUR_EMAIL
      storage: /letsencrypt/acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web

providers:
  docker:
    exposedByDefault: false
    endpoint: "unix:///var/run/docker.sock"
    network: "proxy"
  file:
    filename: /etc/traefik/web-server.yml

And this is the static server configuration for Traefik:

http:
  routers:
    web-server:
      rule: "Host(`web-server.example.org`)"
      service: "web-server"
      entryPoints:
        - "websecure"
      tls:
        certResolver: production

  services:
    web-server:
      loadBalancer:
        servers:
          - url: "http://host.containers.internal:8000"

Eventhough I can ping the host.containers.internal from inside the Traefik container it does not work as a proxy.

Also using curl to get the website on the port is not working from inside the Traefik container.

$ podman exec traefik ping host.containers.internal

PING host.containers.internal (178.254.24.177): 56 data bytes
64 bytes from 178.254.24.177: seq=0 ttl=42 time=0.175 ms
64 bytes from 178.254.24.177: seq=1 ttl=42 time=0.093 ms
64 bytes from 178.254.24.177: seq=2 ttl=42 time=0.106 ms

$ podman exec traefik curl host.containers.internal:8000

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to host.containers.internal port 8000 after 0 ms: Could not connect to server

Now I reached the point where I truly do not know how to solve this problem. Does anyone has any tips or tricks to make this setup work?

Thanks and have a good day! ☀️

Upvotes: 0

Views: 30

Answers (1)

bluepuma77
bluepuma77

Reputation: 506

Ensure that the service on host is listening on 0.0.0.0, so on all available IPs, including the bridge network.

You should be able to verify with something like netstat -tulpn.

Upvotes: 0

Related Questions