My VPS is a ubuntu 22.04 LTS headless
I am doing this at /home/ubuntu
so I have a ubuntu
user that's a sudoer.
Already installed docker and running Docker version 20.10.15, build fd82621
My purpose is to install and run traefik successfully with just plain http first. It's to build towards my ultimate goal of running multiple apps each using a subdomain under somedemowebsite.com
on the same VPS
My Traefik Configuration
These are my steps at /home/ubuntu
mkdir traefik
cd traefik
mkdir data
cd data
touch acme.json
chmod 600 acme.json
touch traefik.yml
This is my /home/ubuntu/traefik/docker-compose.yml
version: '3.9'
services:
traefik:
image: traefik:v2.6
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/ubuntu/traefik/data/traefik.yml:/traefik.yml:ro
- /home/ubuntu/traefik/data/acme.json:/acme.json
- /home/ubuntu/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(traefik.mydomaincom)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD"
- "traefik.http.routers.traefik.service=api@internal"
networks:
proxy:
external: true
This is my /home/ubuntu/traefik/data/traefik.yml
api:
dashboard: true
debug: true
insecure: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
log:
filePath: "/var/log/traefik.log"
format: json
level: DEBUG
DNS settings
I am using CloudFlare for my DNS
My CF configurations for somedemowebsite.com
is
- SSL/TLS encryption mode is Off (not secure)
- SSL/TLS Recommender Yes
- Always Use HTTPS No
Commands
At /home/ubuntu/traefik
I did
docker network create proxy
docker compose up --force-recreate
I get a
[ ] Running 1/0
⠿ Container traefik Created 0.1s
Attaching to traefik
traefik | time="2022-05-13T14:31:12Z" level=info msg="Configuration loaded from file: /traefik.yml"
What I saw
I get a page 404 not found error when I went to http://traefik.somedemowebsite.com
What i expected
to get prompted for basic auth for username and password
Update
I can reach the dashboard when I use port 8080. but not port 80.
how to tell which reason cause this 404
I found this https://doc.traefik.io/traefik/getting-started/faq/#404-not-found
there are 4 reasons. How do I debug in a way I can know which reason caused my 404?
I cite
- A request reaching an EntryPoint that has no Routers
- An HTTP request reaching an EntryPoint that has no HTTP Router
- An HTTPS request reaching an EntryPoint that has no HTTPS Router
- A request reaching an EntryPoint that has HTTP/HTTPS Routers that cannot be matched
I assume it's not 3 since I am explicitly only using http.
How do I tell whether it's 1, 2, or 4?
CodePudding user response:
Never mind I have solved it.
The main culprit is that the domain is not wrapped in ticks. Also for the basic auth to work i need to assign the middleware to the router.
Comments are where the changes made things work. So for docker-compose.yml
version: '3.9'
services:
traefik:
image: traefik:v2.6
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/ubuntu/traefik/data/traefik.yml:/traefik.yml:ro
- /home/ubuntu/traefik/data/acme.json:/acme.json
- /home/ubuntu/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
# notice the ticks
- "traefik.http.routers.traefik.rule=Host(`traefik.mydomain`)"
# added the middleware
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD"
- "traefik.http.routers.traefik.service=api@internal"
networks:
proxy:
external: true