GithubHelp home page GithubHelp logo

I get this error about traefikkobling HOT 14 CLOSED

ahmaddxb avatar ahmaddxb commented on September 4, 2024
I get this error

from traefikkobling.

Comments (14)

ldellisola avatar ldellisola commented on September 4, 2024

I'll look into it. Can you send me a bit more info about your setup? For example, which version of Traefik are you using, example docker compose files for the public facing traefik instance and internal instances?

from traefikkobling.

ahmaddxb avatar ahmaddxb commented on September 4, 2024

Traefik 2.10.7

Does this data look correct in redis?

/data # redis-cli --scan
"traefik/http/routers/oasis-local-svc/rule"
"traefik/http/routers/traefik-docker/rule"
"traefik/http/routers/grafana-svc/service"
"traefik/http/routers/bookstack-svc/service"
"traefik/http/routers/octoprint-svc/entrypoints/0"
"traefik/http/routers/adguard-local-svc/entrypoints/0"
"traefik/http/routers/homepage-local-svc/rule"
"traefik/http/routers/dozzle-local-svc/service"
"traefik/http/routers/doublecommander-svc/entrypoints/0"
"traefik/http/routers/fenrus-local-svc/rule"
"traefik/http/routers/portainer-local-svc/rule"
"traefik/http/routers/qbittorrent-local-svc/rule"
"traefik/http/routers/bookstack-local-svc/entrypoints/0"
"traefik/http/routers/it-tools-svc/rule"
"traefik/http/routers/overseerr-local-svc/service"
"traefik/http/routers/adguard-local-svc/rule"
"traefik/http/routers/authelia-local-svc/entrypoints/0"
"traefik/http/routers/homepage-svc/entrypoints/0"
"traefik/http/routers/bitwarden-local-websocket-svc/service"
"traefik/http/routers/jackett-local-svc/rule"
"traefik/http/routers/ha-svc/entrypoints/0"
"traefik/http/routers/flame-local-svc/rule"
"traefik/http/routers/code-server-svc/rule"
"traefik/http/routers/influxdb-svc/entrypoints/0"
"traefik/http/routers/kitana-local-svc/entrypoints/0"
"traefik/http/routers/portainer-local-svc/service"
"traefik/http/routers/headscale-webui-local-svc/entrypoints/0"
"traefik/http/routers/homepage-local-svc/service"
"traefik/http/routers/phpmyadmin-local-svc/rule"
"traefik/http/routers/link-svc/service"
"traefik/http/routers/jackett-svc/service"
"traefik/http/routers/airsonic-local-svc/service"
"traefik/http/routers/jellyseerr-local-svc/service"
"traefik/http/routers/flame-svc/entrypoints/0"
"traefik/http/routers/omv-brix-svc/entrypoints/0"
"traefik/http/routers/it-tools-local-svc/service"
"traefik/http/routers/adguardhome-sync-local-svc/rule"
"traefik/http/routers/duplicati-local-svc/rule"
"traefik/http/routers/apk-svc/rule"
"traefik/http/routers/homepage-svc/service"
"traefik/http/routers/nzbget-svc/rule"
"traefik/http/routers/homarr-svc/service"
"traefik/http/routers/jellyseerr-local-svc/rule"
"traefik/http/routers/mc-svc/rule"
"traefik/http/routers/dockge-local-svc/entrypoints/0"
"traefik/http/routers/airsonic-svc/service"
"traefik/http/routers/bitwarden-local-svc/service"
"traefik/http/routers/adguard-svc/entrypoints/0"
"traefik/http/routers/changedetection-svc/entrypoints/0"
"traefik/tcp/services/OMV-NUC/loadbalancer/servers/0/url"
"traefik/http/routers/bookstack-svc/rule"
"traefik/http/routers/qbittorrent-svc/service"
"traefik/http/routers/gotify-svc/rule"
"traefik/http/routers/doublecommander-svc/service"
"traefik/http/routers/overseerr-svc/rule"
"traefik/http/routers/apprise-local-svc/rule"
"traefik/http/routers/phpmyadmin-svc/rule"
"traefik/http/routers/airsonic-local-svc/rule"
"traefik/http/routers/homarr-svc/rule"
"traefik/http/routers/bitwarden-websocket-svc/service"
"traefik/http/routers/phpmyadmin-local-svc/service"
"traefik/http/routers/apprise-local-svc/entrypoints/0"
"traefik/http/routers/airsonic-local-svc/entrypoints/0"
"traefik/http/routers/nzbget-svc/service"
"traefik/http/routers/influxdb-local-svc/entrypoints/0"
"traefik/http/routers/filebrowser-local-svc/rule"
"traefik/http/routers/headscale-webui-svc/service"
"traefik/http/routers/dozzle-local-svc/rule"
"traefik/http/routers/portainer-svc/entrypoints/0"
"traefik/http/routers/ifconfig-svc/rule"
"traefik/http/routers/bitwarden-svc/service"
"traefik/http/routers/notifiarr-svc/rule"
"traefik/http/routers/overseerr-local-svc/rule"
"traefik/http/routers/filebrowser-local-svc/entrypoints/0"
"traefik/http/routers/ha-svc/service"
"traefik/http/routers/dockge-local-svc/service"
"traefik/http/routers/grafana-svc/rule"
"traefik/http/routers/2fauth-svc/rule"
"traefik/http/routers/bitwarden-websocket-svc/rule"
"traefik/http/routers/headscale-webui-local-svc/service"
"traefik/http/routers/octoprint-svc/rule"
"traefik/http/routers/epic-svc/rule"
"traefik/http/routers/dockge-svc/rule"
"traefik/http/routers/ifconfig-svc/service"
"traefik/http/routers/bookstack-local-svc/rule"
"traefik/http/routers/portainer-svc/service"
"traefik/http/routers/octoprint-svc/service"
"traefik/http/routers/filebrowser-svc/rule"
"traefik/http/routers/homarr-local-svc/service"
"traefik/http/routers/authelia-svc/service"
"traefik/http/routers/jellyseerr-local-svc/entrypoints/0"
"traefik/http/routers/gotify-svc/entrypoints/0"
"traefik/http/routers/portainer-svc/rule"
"traefik/http/routers/fenrus-svc/entrypoints/0"
"traefik/http/routers/changedetection-local-svc/entrypoints/0"
"traefik/http/routers/filebrowser-svc/entrypoints/0"
"traefik/http/routers/prowlarr-local-svc/rule"
"traefik/http/routers/gotify-local-svc/entrypoints/0"
"traefik/http/routers/phpmyadmin-svc/entrypoints/0"
"traefik/http/routers/dockge-local-svc/rule"
"traefik/http/routers/nzbget-local-svc/entrypoints/0"
"traefik/http/routers/ha-svc/rule"
"traefik/http/routers/flame-local-svc/service"
"traefik/http/routers/portainer-local-svc/entrypoints/0"
"traefik/http/routers/oasis-svc/entrypoints/0"
"traefik/http/routers/oauth-svc/service"
"traefik/http/routers/mc-svc/service"
"traefik/http/routers/oauth-svc/rule"
"traefik/http/routers/prowlarr-svc/rule"
"traefik/http/routers/code-server-svc/service"
"traefik/http/routers/jellyseerr-svc/rule"
"traefik/http/routers/code-server-local-svc/service"
"traefik/http/routers/it-tools-svc/service"
"traefik/http/routers/adguardhome-sync-svc/entrypoints/0"
"traefik/http/routers/bitwarden-local-svc/rule"
"traefik/http/routers/traefik-docker/entrypoints/0"
"traefik/http/routers/it-tools-svc/entrypoints/0"
"traefik/http/routers/notifiarr-svc/service"
"traefik/http/routers/proxmox-svc/rule"
"traefik/http/routers/jackett-svc/entrypoints/0"
"traefik/http/routers/authelia-svc/entrypoints/0"
"traefik/http/routers/headscale-svc/service"
"traefik/http/routers/homarr-svc/entrypoints/0"
"traefik/http/routers/duplicati-svc/rule"
"traefik/http/routers/adguard-svc/service"
"traefik/http/routers/headscale-webui-svc/entrypoints/0"
"traefik/http/routers/oauth-svc/entrypoints/0"
"traefik/http/routers/adguardhome-sync-local-svc/service"
"traefik/http/routers/mc-svc/entrypoints/0"
"traefik/http/routers/2fauth-local-svc/rule"
"traefik/http/routers/headscale-svc/entrypoints/0"
"traefik/http/routers/influxdb-local-svc/rule"
"traefik/http/routers/phpmyadmin-local-svc/entrypoints/0"
"traefik/http/routers/doublecommander-local-svc/rule"
"traefik/http/routers/code-server-svc/entrypoints/0"
"traefik/http/routers/overseerr-local-svc/entrypoints/0"
"traefik/http/routers/qbittorrent-svc/entrypoints/0"
"traefik/http/routers/prowlarr-svc/service"
"traefik/http/routers/changedetection-svc/service"
"traefik/http/routers/proxmox-brix-svc/rule"
"traefik/http/routers/qbittorrent-local-svc/service"
"traefik/http/routers/nzbget-svc/entrypoints/0"
"traefik/http/routers/adguardhome-sync-svc/rule"
"traefik/http/routers/adguardhome-sync-local-svc/entrypoints/0"
"traefik/http/routers/epic-local-svc/service"
"traefik/http/routers/dockge-svc/service"
"traefik/http/routers/bookstack-svc/entrypoints/0"
"traefik/http/routers/airsonic-svc/entrypoints/0"
"traefik/http/routers/proxmox-svc/service"
"traefik/http/routers/homarr-local-svc/entrypoints/0"
"traefik/http/routers/duplicati-svc/service"
"traefik/http/routers/notifiarr-svc/entrypoints/0"
"traefik/http/routers/proxmox-brix-svc/service"
"traefik/http/routers/flame-svc/rule"
"traefik/http/routers/epic-local-svc/entrypoints/0"
"traefik/http/services/OMV-NUC/loadbalancer/servers/0/url"
"traefik/http/routers/kitana-local-svc/service"
"traefik/http/routers/gotify-local-svc/rule"
"traefik/http/routers/2fauth-local-svc/entrypoints/0"
"traefik/http/routers/kitana-svc/rule"
"traefik/http/routers/doublecommander-local-svc/service"
"traefik/http/routers/apk-svc/entrypoints/0"
"traefik/http/routers/omv-svc/entrypoints/0"
"traefik/http/routers/link-svc/rule"
"traefik/http/routers/gotify-svc/service"
"traefik/http/routers/bitwarden-websocket-svc/entrypoints/0"
"traefik/http/routers/apk-svc/service"
"traefik/http/routers/flame-local-svc/entrypoints/0"
"traefik/http/routers/fenrus-local-svc/service"
"traefik/http/routers/apprise-svc/service"
"traefik/http/routers/omv-brix-svc/rule"
"traefik/http/routers/adguardhome-sync-svc/service"
"traefik/http/routers/omv-svc/service"
"traefik/http/routers/dozzle-svc/rule"
"traefik/http/routers/filebrowser-local-svc/service"
"traefik/http/routers/airsonic-svc/rule"
"traefik/http/routers/adguard-svc/rule"
"traefik/http/routers/doublecommander-local-svc/entrypoints/0"
"traefik/http/routers/it-tools-local-svc/entrypoints/0"
"traefik/http/routers/ifconfig-svc/entrypoints/0"
"traefik/http/routers/dozzle-svc/service"
"traefik/http/routers/apprise-local-svc/service"
"traefik/http/routers/fenrus-svc/rule"
"traefik/http/routers/nzbget-local-svc/rule"
"traefik/http/routers/qbittorrent-svc/rule"
"traefik/http/routers/dozzle-svc/entrypoints/0"
"traefik/http/routers/doublecommander-svc/rule"
"traefik/http/routers/2fauth-svc/service"
"traefik/http/routers/it-tools-local-svc/rule"
"traefik/http/routers/link-svc/entrypoints/0"
"traefik/http/routers/code-server-local-svc/entrypoints/0"
"traefik/http/routers/oh-svc/rule"
"traefik/http/routers/influxdb-svc/rule"
"traefik/http/routers/filebrowser-svc/service"
"traefik/http/routers/changedetection-svc/rule"
"traefik/http/routers/nextcloud-svc/entrypoints/0"
"traefik/http/routers/prowlarr-local-svc/service"
"traefik/http/routers/flame-svc/service"
"traefik/http/routers/prowlarr-local-svc/entrypoints/0"
"traefik/http/routers/kitana-svc/service"
"traefik/http/routers/overseerr-svc/service"
"traefik/http/routers/headscale-svc/rule"
"traefik/http/routers/dozzle-local-svc/entrypoints/0"
"traefik/http/routers/adguard-local-svc/service"
"traefik/http/routers/jackett-local-svc/entrypoints/0"
"traefik/http/routers/bitwarden-local-svc/entrypoints/0"
"traefik/http/routers/oasis-local-svc/entrypoints/0"
"traefik/http/routers/homepage-local-svc/entrypoints/0"
"traefik/http/routers/jellyseerr-svc/service"
"traefik/http/routers/oasis-local-svc/service"
"traefik/http/routers/prowlarr-svc/entrypoints/0"
"traefik/http/routers/kitana-local-svc/rule"
"traefik/http/routers/traefik-docker/service"
"traefik/http/routers/authelia-local-svc/rule"
"traefik/http/routers/grafana-local-svc/rule"
"traefik/http/routers/overseerr-svc/entrypoints/0"
"traefik/http/routers/headscale-webui-local-svc/rule"
"traefik/http/routers/proxmox-brix-svc/entrypoints/0"
"traefik/http/routers/oasis-svc/service"
"traefik/http/routers/code-server-local-svc/rule"
"traefik/http/routers/omv-svc/rule"
"traefik/http/routers/apprise-svc/entrypoints/0"
"traefik/http/routers/changedetection-local-svc/service"
"traefik/http/routers/kitana-svc/entrypoints/0"
"traefik/http/routers/authelia-svc/rule"
"traefik/http/routers/oasis-svc/rule"
"traefik/http/routers/bitwarden-local-websocket-svc/entrypoints/0"
"traefik/http/routers/oh-svc/entrypoints/0"
"traefik/http/routers/dockge-svc/entrypoints/0"
"traefik/http/routers/duplicati-local-svc/entrypoints/0"
"traefik/http/routers/jackett-svc/rule"
"traefik/http/routers/grafana-local-svc/service"
"traefik/http/routers/2fauth-local-svc/service"
"traefik/http/routers/qbittorrent-local-svc/entrypoints/0"
"traefik/http/routers/edge/rule"
"traefik/http/routers/bitwarden-local-websocket-svc/rule"
"traefik/http/routers/epic-svc/entrypoints/0"
"traefik/http/routers/proxmox-svc/entrypoints/0"
"traefik/http/routers/nzbget-local-svc/service"
"traefik/http/routers/jackett-local-svc/service"
"traefik/http/routers/authelia-local-svc/service"
"traefik/http/routers/2fauth-svc/entrypoints/0"
"traefik/http/routers/bitwarden-svc/entrypoints/0"
"traefik/http/routers/nextcloud-svc/service"
"traefik/http/routers/edge/service"
"traefik/http/routers/jellyseerr-svc/entrypoints/0"
"traefik/http/routers/changedetection-local-svc/rule"
"traefik/http/routers/duplicati-svc/entrypoints/0"
"traefik/http/routers/fenrus-svc/service"
"traefik/http/routers/nextcloud-svc/rule"
"traefik/http/routers/epic-local-svc/rule"
"traefik/http/routers/fenrus-local-svc/entrypoints/0"
"traefik/http/routers/oh-svc/service"
"traefik/http/routers/influxdb-svc/service"
"traefik/http/routers/headscale-webui-svc/rule"
"traefik/http/routers/epic-svc/service"
"traefik/http/routers/homarr-local-svc/rule"
"traefik/http/routers/duplicati-local-svc/service"
"traefik/http/routers/bookstack-local-svc/service"
"traefik/http/routers/grafana-svc/entrypoints/0"
"traefik/http/routers/apprise-svc/rule"
"traefik/http/routers/bitwarden-svc/rule"
"traefik/http/routers/edge/entrypoints/0"
"traefik/http/routers/gotify-local-svc/service"
"traefik/http/routers/influxdb-local-svc/service"
"traefik/http/routers/homepage-svc/rule"
"traefik/http/routers/grafana-local-svc/entrypoints/0"
"traefik/http/routers/phpmyadmin-svc/service"
"traefik/http/routers/omv-brix-svc/service"
/data #

from traefikkobling.

ldellisola avatar ldellisola commented on September 4, 2024

It seems like one of your services does not have a valid url. Each of your routers look something like this:

oasis-local-svc:
        routers/oasis-local-svc/entrypoints/0
        routers/oasis-local-svc/rule
        routers/oasis-local-svc/service

And you only have one service:

OMV-NUC:
        services/OMV-NUC/loadbalancer/servers/0/url

Can you check on redis that each router has a service attatched? For example:

redis-cli get traefik/http/routers/oasis-local-svc/service

should return OMV-NUC.

Also check that:

redis-cli get raefik/http/services/OMV-NUC/loadbalancer/servers/0/url

returns the url of that server and not null

If any router returns any other service, it means kobling is not picking it up. In that case, I will need more information about your setup to diagnose it:

  • Kobling.yml
  • Traefik's static configuration (Remove all sensitive info)

Another question, did you just set up kobling and it didn't work? or was it working for some time and it suddenly stopped working?

from traefikkobling.

ahmaddxb avatar ahmaddxb commented on September 4, 2024 
/data # redis-cli get traefik/http/routers/oasis-local-svc/service
"OMV-NUC"
/data # redis-cli get traefik/http/services/OMV-NUC/loadbalancer/servers/0/url
"http://192.168.1.104/"

yer seems good.

First time trying kobling.

kobling.yml

servers:
  - name: "OMV-NUC"
    apiAddress: http://192.168.1.104:8080
    destinationAddress: http://192.168.1.104
    entryPoints:
      http: http
      https: https

from traefikkobling.

ldellisola avatar ldellisola commented on September 4, 2024

Can you check for the rest of the routers?

The message you are getting is that it cannot find the url of a service and given that the OMV-NUC service has a valid url, maybe some router is pointing to an invalid service.

The 'kobling.yml' looks fine, but you have set up 2 entry point mappings. I would expect to see two entry points per router, but there's only one in the redis logs you sent me.

Ideally I would need a small reproducible example to fully understand what's going on. Just one docker compose file with the public facing traefik instance and kobling and the configuration files + a second docker compose file with a service and the internal traefik.

from traefikkobling.

ahmaddxb avatar ahmaddxb commented on September 4, 2024

I will simplify my setup as close to your github instruction and only deal with one service. If it doesn't work I'll send you what I have for the config. Thanks for you help.

from traefikkobling.

ldellisola avatar ldellisola commented on September 4, 2024

Sounds good, let me know how it goes!

from traefikkobling.

ahmaddxb avatar ahmaddxb commented on September 4, 2024

traefik exposed to internet

compose.yml

version: "3.9"

networks:
  t2_proxy:
    name: t2_proxy
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.90.0/24
  socket_proxy:
    name: socket_proxy
    internal: true
    # driver: bridge
    ipam:
      config:
        - subnet: 192.168.91.0/24
  default:
    driver: bridge

secrets:
  htpasswd:
    file: $SECRETSDIR/htpasswd
  cf_email:
    file: $SECRETSDIR/cf_email
  cf_api_key:
    file: $SECRETSDIR/cf_api_key

services:


  traefik:
    container_name: traefik
    image: traefik:latest
    hostname: traefik
    security_opt: 
      - no-new-privileges:true
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: 300m
    networks:
      t2_proxy:
        ipv4_address: 192.168.90.254 # You can specify a static IP
      socket_proxy:

    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
    volumes:
      - $APPDATADIR/traefik2/rules:/rules # file provider directory
      # - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security
      - $APPDATADIR/traefik2/acme/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600
      # - $APPDATADIR/traefik2/acme/acme.json:/etc/traefik/certs/acme.json # cert location - you must touch this file and change permissions to 600
      - $APPDATADIR/traefik2/traefik.log:/var/log/traefik/traefik.log # for fail2ban - make sure to touch file before starting container
      - $APPDATADIR/traefik2/access.log:/var/log/traefik/access.log
      - $APPDATADIR/traefik2/config/traefik.yml:/traefik.yml
      #- $APPDATADIR/traefik2/traefik-ssl.toml:/root/.config/ssl.toml #Ahmad local
      - $APPDATADIR/certs/:/certs/ #Ahmad local
    environment:
      - TZ=$TZ
      - CF_API_EMAIL_FILE=/run/secrets/cf_email
      - CF_API_KEY_FILE=/run/secrets/cf_api_key
      - HTPASSWD_FILE=/run/secrets/htpasswd # HTPASSWD_FILE can be whatever as it is not used/called anywhere.
      - DOMAINNAME0 # Passing the domain name to the traefik container to be able to use the variable in rules.
      - LOCALDOMAINNAME0 # Passing the domain name to the traefik container to be able to use the variable in rules.
      - CLOUDFLARE_IPS # Passing the domain name to the traefik container to be able to use the variable in rules.
      - LOCAL_IPS # Passing the domain name to the traefik container to be able to use the variable in rules.
    secrets:
      - cf_email
      - cf_api_key
      - htpasswd
    labels:
      - "traefik.enable=true"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik-main.$DOMAINNAME0`)"
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"


  traefik-kobling:
    image: ghcr.io/ldellisola/traefik-kobling:latest
    container_name: traefik-kobling
    depends_on:
      - redis
    networks:
      - t2_proxy
    volumes:
      - $APPDATADIR/traefik-kobling/config/config.yml:/config.yml
    environment:
      REDIS_URL: "redis:6379"
      RUN_EVERY: 20

  redis:
    image: redis:alpine
    container_name: redis
    networks:
      - t2_proxy

  whoami:
    container_name: whoami
    image: containous/whoami:latest
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    networks:
      - t2_proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami-rtr.entrypoints=https
      - traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAINNAME0`)
      - traefik.http.routers.whoami-rtr.service=whoami-svc
      - traefik.http.services.whoami-svc.loadbalancer.server.port=80

traefik.yml

# Traefik global configuration
global:
  checkNewVersion: true
  sendAnonymousUsage: false

# Enable traefik ui dashboard
api:
  dashboard: true
  insecure: true

# Log level INFO|DEBUG|ERROR
log:
  level: DEBUG # DEBUG, INFO, WARN, ERROR, FATAL, and PANIC
  # filePath: /traefik.log 

# Configuring Multiple Filters
# accessLog:
#   filePath: "/logs/traefik.log"
#   format: json
#   filters:
#     statusCodes:
#     #  - "200" # log successful http requests
#       - "400-599" # log failed http requests
#     #retryAttempts: true
#     #minDuration: "10ms"
#   # collect logs as in-memory buffer before writing into log file
#   bufferingSize: 0
#   fields:
#     headers:
#       defaultMode: drop # drop all headers per default
#       names:
#           User-Agent: keep # log user agent strings

# The setting below is to allow insecure backend connections.  
serverTransport:
  insecureSkipVerify: true

# Traefik entrypoints (network ports) configuration
entryPoints:
  # Not used in apps, but redirect everything from HTTP to HTTPS
  http:
    address: :80
    forwardedHeaders:
      trustedIPs: &trustedIps
        # Start of Clouflare public IP list for HTTP requests, remove this if you don't use it; https://www.cloudflare.com/de-de/ips/
        - 103.21.244.0/22
        - 103.22.200.0/22
        - 103.31.4.0/22
        - 104.16.0.0/13
        - 104.24.0.0/14
        - 108.162.192.0/18
        - 131.0.72.0/22
        - 141.101.64.0/18
        - 162.158.0.0/15
        - 172.64.0.0/13
        - 173.245.48.0/20
        - 188.114.96.0/20
        - 190.93.240.0/20
        - 197.234.240.0/22
        - 198.41.128.0/17
        - 2400:cb00::/32
        - 2606:4700::/32
        - 2803:f800::/32
        - 2405:b500::/32
        - 2405:8100::/32
        - 2a06:98c0::/29
        - 2c0f:f248::/32
        # End of Cloudlare public IP list
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https

  # HTTPS endpoint, with domain wildcard
  https:
    address: :443
    forwardedHeaders:
      # Reuse list of Cloudflare Trusted IP's above for HTTPS requests
      trustedIPs: *trustedIps
    http:
      tls:
      # Generate a wildcard domain certificate
        certResolver: "cloudflare"
        domains:
          - main: "mydomain.xyz"
            sans:
              - "*.mydomain.xyz"
      # middlewares:
      #   - security-headers@file # reference to a dynamic middleware for setting http security headers per default
      #   - rate-limit@file # reference to a dynamic middleware for enabling rate limiting per default

providers:
  providersThrottleDuration: 2s
# File provider for connecting things that are outside of docker / defining middleware
  file:
    directory: /rules
    watch: true

  # Docker provider for connecting all apps that are inside of the docker network
  docker:
    watch: true
    # endpoint: "unix:///var/run/docker.sock"
    endpoint: "tcp://socket-proxy:2375"
    network: t2_proxy
    # Default host rule to containername.domain.example
    # defaultRule: "Host(`{{ lower (trimPrefix `/` .Name )}}.mydomain.xyz`)"    # Replace with your domain
    defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.mydomain.xyz`)" # change 'example.com' to your proxy domain
    swarmModeRefreshSeconds: 15s
    swarmMode: false
    exposedByDefault: false

  redis:
    endpoints:
      - "redis:6379"

# Use letsencrypt to generate ssl certificates
certificatesResolvers:
  cloudflare:
    acme:
      email: [email protected]
      storage: /acme.json
      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # LetsEncrypt Staging Server - uncomment when testing
      dnsChallenge:
        provider: cloudflare
        # Used to make sure the dns challenge is propagated to the rights dns servers
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
        delayBeforeCheck: 90

kobling config

servers:
  # - name: "Traefik-B"
  #   apiAddress: http://192.168.1.11:8080
  #   destinationAddress: http://192.168.1.11
  #   entryPoints:
  #     http: http
  #     https: http

  - name: "OMV-NUC"
    apiAddress: http://192.168.1.104:8080
    destinationAddress: http://192.168.1.104
    entryPoints:
      http: http
      https: http

from traefikkobling.

ahmaddxb avatar ahmaddxb commented on September 4, 2024

internal traefik

compose.yml

networks:
  t2_proxy:
    name: t2_proxy
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.90.0/24
  socket_proxy:
    name: socket_proxy
    internal: true
    # driver: bridge
    ipam:
      config:
        - subnet: 192.168.91.0/24
  default:
    driver: bridge
  # t2_proxy:
  #   name: t2_proxy

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    networks:
      - t2_proxy
    environment:
      - TZ=$TZ
      - DOMAINNAME0 # Passing the domain name to the traefik container to be able to use the variable in rules.
      - LOCALDOMAINNAME0 # Passing the domain name to the traefik container to be able to use the variable in rules.
      - CLOUDFLARE_IPS # Passing the domain name to the traefik container to be able to use the variable in rules.
      - CLOUDFLARE_EMAIL # Passing the domain name to the traefik container to be able to use the variable in rules.
      - LOCAL_IPS # Passing the domain name to the traefik container to be able to use the variable in rules.
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKERDIR/traefik2/config/traefikb.yml:/etc/traefik/traefik.yml
      - $DOCKERDIR/traefik2/rules:/rules
    labels:
      traefik.enable: "true"
      traefik.http.routers.traefik.rule: "Host(`traefik-test.$DOMAINNAME0`)"
      traefik.http.routers.traefik.service: "api@internal"
      traefik.http.services.traefik.loadbalancer.server.port: "8080"

  whoami-1:
    container_name: whoami-1
    image: containous/whoami:latest
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    networks:
      - t2_proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami-1-rtr.entrypoints=http
      - traefik.http.routers.whoami-1-rtr.rule=Host(`whoami-1.$DOMAINNAME0`)
      - traefik.http.routers.whoami-1-rtr.service=whoami-1-svc
      - traefik.http.services.whoami-1-svc.loadbalancer.server.port=80
      - flame.type=application # "app" works too
      - flame.name=whoami
      - flame.icon=docker

  whoami-2:
    container_name: whoami-2
    image: containous/whoami:latest
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    networks:
      - t2_proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami-2-rtr.entrypoints=http
      - traefik.http.routers.whoami-2-rtr.rule=Host(`whoami-2.$DOMAINNAME0`)
      - traefik.http.routers.whoami-2-rtr.service=whoami-2-svc
      - traefik.http.services.whoami-2-svc.loadbalancer.server.port=80
      - flame.type=application # "app" works too
      - flame.name=whoami
      - flame.icon=docker

  whoami-3:
    container_name: whoami-3
    image: containous/whoami:latest
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    networks:
      - t2_proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami-3-rtr.entrypoints=http
      - traefik.http.routers.whoami-3-rtr.rule=Host(`whoami-3.$DOMAINNAME0`)
      - traefik.http.routers.whoami-3-rtr.service=whoami-3-svc
      - traefik.http.services.whoami-3-svc.loadbalancer.server.port=80
      - flame.type=application # "app" works too
      - flame.name=whoami
      - flame.icon=docker

traefik.yml

# Traefik global configuration
global:
  checkNewVersion: true
  sendAnonymousUsage: false

# Enable traefik ui dashboard
api:
  insecure: true
  dashboard: true

# Log level INFO|DEBUG|ERROR
log:
  level: DEBUG # DEBUG, INFO, WARN, ERROR, FATAL, and PANIC

# The setting below is to allow insecure backend connections.
serversTransport:
  insecureSkipVerify: true

# Traefik entrypoints (network ports) configuration
entryPoints:
  http:
    address: ":80"

  https:
    address: ":433"
  # https:
  #   address: ":433"
  #   # http:
  #   #     redirections:
  #   #         entrypoint:
  #   #             to: http
  #   #             scheme: http

providers:
  # File provider for connecting things that are outside of docker / defining middleware
  file:
    directory: /rules
    watch: true

  # Docker provider for connecting all apps that are inside of the docker networ
  docker:
    watch: true
    endpoint: "unix:///var/run/docker.sock"
    # endpoint: "tcp://socket-proxy:2375"
    exposedByDefault: false
    network: t2_proxy

from traefikkobling.

ahmaddxb avatar ahmaddxb commented on September 4, 2024

I managed to get it working but there are a few things im struggling with.

My internal traefik used to be my main traefik so i want to change a little as possable to all my services

I can not use https entrypoint on my internal traefik services e.g.

before

  • traefik.http.routers.whoami-1-rtr.entrypoints=https

after (can only get this to work)

  • traefik.http.routers.whoami-1-rtr.entrypoints=http
  whoami-1:
    container_name: whoami-1
    image: containous/whoami:latest
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    networks:
      - t2_proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami-1-rtr.entrypoints=https   
      - traefik.http.routers.whoami-1-rtr.rule=Host(`whoami-1.$DOMAINNAME0`)
      - traefik.http.routers.whoami-1-rtr.service=whoami-1-svc
      - traefik.http.services.whoami-1-svc.loadbalancer.server.port=80
      - flame.type=application # "app" works too
      - flame.name=whoami
      - flame.icon=docker

Even changing the mapping below didnt fix it ("https: http" to "https: https")

servers:
  # - name: "Traefik-B"
  #   apiAddress: http://192.168.1.11:8080
  #   destinationAddress: http://192.168.1.11
  #   entryPoints:
  #     http: http
  #     https: http

  - name: "OMV-NUC"
    apiAddress: http://192.168.1.104:8080
    destinationAddress: http://192.168.1.104
    entryPoints:
      http: http
      https: https

Questions

Can I still use middleware on my internal traefik?

from traefikkobling.

ldellisola avatar ldellisola commented on September 4, 2024

I'll look into it.

Now, about your last question. I think middlewares should work fine in both the internal and public instances. But I only have middlewares on my public instance just because it makes more sense to me.

from traefikkobling.

ldellisola avatar ldellisola commented on September 4, 2024

I think I see the problem.

Kobling was written to expose only one port of traefik (given that most people will do https until the public facing instance and there's no advantage of doing https for communications within your home network), and in your example you are trying to map 2 ports (80 and 443).
You should still be able to accomplish this by adding entries to the list of servers in kobling.yml, one pointing to http://192.168.1.104 and another to https://192.168.1.104:443 and somehow disabled https verification on the internal instance.

In your case, you changed the entry point mapping to:

entryPoints:
    http: http
    https:https

but the destination address is still http://192.168.1.104, meaning that it still being redirected to port 80 so it is still detected by the http entry point of your internal instance, instead of the https entry point.

Anyways, the way I see it, I can recommend 2 options:

1. Reuse the https entry point of the internal instance, but point it to port 80

On your internal instance configuration, delete the http entry point and change the https entry point to hook into port 80:

# Traefik entrypoints (network ports) configuration
entryPoints:
  https:
    address: ":80"

With this change you won't use https for internal connections (although the name will still say https) and everything should work without much change. Your kobling.yml will look like this:

servers:
  - name: "OMV-NUC"
    apiAddress: http://192.168.1.104:8080
    destinationAddress: http://192.168.1.104
    entryPoints:
      http: https
      https: https

2. Reuse port 443 for http only connections

On your internal traefik instance delete the http entry point but leave the https one as it was:

# Traefik entrypoints (network ports) configuration
entryPoints:
  https:
    address: ":443"

On your kobling.yml should look like this:

servers:
  - name: "OMV-NUC"
    apiAddress: http://192.168.1.104:8080
    destinationAddress: http://192.168.1.104:433
    entryPoints:
      http: https
      https: https

And disable the https protocol on your internal traefik.
In this case we are using the port 443 as a normal HTTP port.

I personally would go for option 1. The only drawback is that your services will be mislabeled (https entry point will do http) but everything else will work out of the box.

Also, as far as I'm aware, nothing should stop you from using middlewares on your internal instance. The ones I use (rate limiter, trusted ips, etc) are more useful in the public facing instance, but I think I have used custom rules for vaultwarden when it was necessary for websockets.

from traefikkobling.

ahmaddxb avatar ahmaddxb commented on September 4, 2024

Thanks for your help, your solutions worked but i have so much other things to edit that i might as well just do it your orginal way.

As for the orginal error (first post) it is cause from the config below on the internal traefic. This will break everything until it is removed.

time="2023-12-16T16:13:38+04:00" level=error msg="KV connection error: field not found, node: url, retrying in 1.614904743s" providerName=redis

tcp:
  routers:
    tactical-api-nats:
      entryPoints:
      - "tcp-nats"
      rule: "HostSNI(`*`)"
      service: "tactical-api-nats"

  services:
    tactical-api-nats:
      loadBalancer:
        servers:
        - address: "192.168.1.251:4222"

from traefikkobling.

ldellisola avatar ldellisola commented on September 4, 2024

I'm glad it's working for you now!

And thanks for investigating a bit more your error, it looks like that's a Traefik issue though, I don't know if there's anything I can do about it.

I'm going to close this issue now, if you have any other problems/questions you can start a new one

from traefikkobling.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.