I am using traefik:v2.8.2 and containers running apache on port 80 and 443. Apache redirect the port 80 request to port 443.
Below is my traefik.yml file -
# configure logs
log:
level: DEBUG # Set to 'DEBUG' for troubleshooting
# configure entry points
entryPoints:
web:
address: ":80"
http:
redirections: # http to https redirection
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
postgres:
address: ":5432"
# configure providers
providers:
docker:
endpoint: "unix:///var/run/docker.sock" # connection to the docker daemon
exposedByDefault: false # ignore containers without label 'traefik.enable=true'
file:
directory: "/etc/traefik/conf" # directory for dynamic traefik configuration files
watch: true # changes are processed immediately
# configure api service
api:
dashboard: true # enable the traefik dashboard
and below is my tls configuration
tls:
certificates:
- certFile: "/etc/traefik/certs/knandan-cert.pem"
keyFile: "/etc/traefik/certs/knandan-key.pem"
And below is my docker-compose.yml file
version: "3.8"
services:
traefik:
networks:
- d_local
image: traefik:v2.8.2
container_name: "d_traefik"
restart: unless-stopped
security_opt:
- no-new-privileges:true
command:
- --serverstransport.insecureskipverify=true
ports:
- "80:80"
- "443:443"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./certs/:/etc/traefik/certs/:ro
- ./static_conf.yml:/traefik.yml:ro
- ./conf/:/etc/traefik/conf/:ro
labels:
- traefik.enable=true
- traefik.docker.network=d_local
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.rule=Host(`knandan.app`)
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.service=api@internal
- traefik.http.services.traefik.loadbalancer.server.port=8080
d_apiapp:
build:
context: apiapp
dockerfile: .docker/Dockerfile
container_name: apiapp
restart: unless-stopped
image: apiapp
domainname: api.knandan.app
ports:
- "8080:80"
networks:
- d_local
volumes:
- "./apiapp:/srv/app"
- "./certs:/etc/ssl/crt"
labels:
- traefik.enable=true
- traefik.http.routers.apiapp.entrypoints=websecure
- traefik.http.routers.apiapp.rule=Host(`api.knandan.app`)
- traefik.http.routers.apiapp.tls=true
- traefik.http.services.apiapp.loadbalancer.server.port=443
- traefik.http.services.apiapp.loadbalancer.server.scheme=https
networks:
d_local:
external: true
When I run the docker-compose up I can see the traefik dashboard. But when I open the api.knandan.app I get Internal Server Error
After checking the logs I came to know that some ssl verification is failing, below is the error -
time="2022-08-18T07:04:09Z" level=debug msg="'500 Internal Server Error' caused by: x509: certificate is valid for 127.0.0.1, ::1, not 172.18.0.2"
I noticed that traefik is running my container on the container ip not on hostname
level=debug msg="Creating server 0 https://172.18.0.2:443" routerName=apiapp@docker serverName=0 serviceName=apiapp entryPointName=websecure
Can someone please help me resolve this issue? Thanks is advance.
Below is my apache configuration - which is running behind the traefik to run the Laravel application
CodePudding user response:
Probably Traefik is using a default auto-signed certificate, I guess that with custom certificate it is not supported wildcard certificate.
So try to add default certificate in your configuration file:
tls:
stores:
default:
defaultCertificate:
certFile: /etc/traefik/certs/knandan-cert.pem
keyFile: /etc/traefik/certs/knandan-cert.key
Here is a useful link
Also you should check if the directory indicated in the apiapp volumes is correct, if apiapp is an ubuntu based image it should be /etc/ssl/certs
and not /etc/ssl/crt
.
CodePudding user response:
Don't use underscore in container name. The container name will be used then as a host name which is not valid.