I am building my network with 5 orderers, 1 org and 2 peers. Also 1 cli and 1 ca.
I scaled from 1 orderer to 5 implementing Raft. This is why I want to extend my network and do deeper tests on what happens with multiple peers.
The docker are running but I get some errors regarding TLS inside my orderer containers:
TLS handshake failed with error tls: first record does not look like a TLS handshake server=Orderer remoteaddress=192.168.144.4:43496
I don't understand where is the problem, because I setted up everything to implement Raft, from the crypto material to the docker compose file.
Here is the crypto-config template:
OrdererOrgs:
- Name: Orderer
Domain: APPLICATION_NAME.com
EnableNodeOUs: true
Specs:
- Hostname: orderer
- Hostname: orderer2
- Hostname: orderer3
- Hostname: orderer4
- Hostname: orderer5
PeerOrgs:
- Name: ORG_NAME
Domain: ORG_NAME.APPLICATION_NAME.com
EnableNodeOUs: true
Template: # Number of peers
Count: 2
Users:
Count: 1
Here is the configtx template:
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/APPLICATION_NAME.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &ORG_NAME
Name: MSP_NAME
ID: MSP_NAME
MSPDir: crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('MSP_NAME.admin', 'MSP_NAME.peer', 'MSP_NAME.client')"
Writers:
Type: Signature
Rule: "OR('MSP_NAME.admin', 'MSP_NAME.client')"
Admins:
Type: Signature
Rule: "OR('MSP_NAME.admin')"
AnchorPeers:
- Host: peer0.ORG_NAME.APPLICATION_NAME
Port: 7051
- Host: peer1.ORG_NAME.APPLICATION_NAME
Port: 8051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
- *ORG_NAME
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.APPLICATION_NAME.com:7050
BatchTimeout: 500ms
BatchSize:
MaxMessageCount: 15
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 kb
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OneOrgOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ORG_NAME
OneOrgChannel:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ORG_NAME
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.APPLICATION_NAME.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer.APPLICATION_NAME.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer.APPLICATION_NAME.com/tls/server.crt
- Host: orderer2.APPLICATION_NAME.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer2.APPLICATION_NAME.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer2.APPLICATION_NAME.com/tls/server.crt
- Host: orderer3.APPLICATION_NAME.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer3.APPLICATION_NAME.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer3.APPLICATION_NAME.com/tls/server.crt
- Host: orderer4.APPLICATION_NAME.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer4.APPLICATION_NAME.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer4.APPLICATION_NAME.com/tls/server.crt
- Host: orderer5.APPLICATION_NAME.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer5.APPLICATION_NAME.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer5.APPLICATION_NAME.com/tls/server.crt
Addresses:
- orderer.APPLICATION_NAME.com:7050
- orderer2.APPLICATION_NAME.com:7050
- orderer3.APPLICATION_NAME.com:7050
- orderer4.APPLICATION_NAME.com:7050
- orderer5.APPLICATION_NAME.com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ORG_NAME
And here is the docker compose:
#
# Copyright IBM Corp All Rights Reserved
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
networks:
basic:
services:
ca.ORG_NAME.com:
image: hyperledger/fabric-ca:IMAGETAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.ORG_NAME.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.ORG_NAME.APPLICATION_NAME.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/CERT_AUTH_PRIVATE_KEY
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw'
restart: always
volumes:
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.ORG_NAME.com
networks:
- basic
cli:
container_name: cli
image: hyperledger/fabric-tools:IMAGETAG
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=info
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.ORG_NAME.APPLICATION_NAME.com:7051
- CORE_PEER_LOCALMSPID=MSP_NAME
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/users/Admin#ORG_NAME.APPLICATION_NAME.com/msp/
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
restart: always
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./config:/etc/hyperledger/configtx/
networks:
- basic
orderer.APPLICATION_NAME.com:
container_name: orderer.APPLICATION_NAME.com
image: hyperledger/fabric-orderer:IMAGETAG
environment:
- FABRIC_LOGGING_SPEC=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/orderer
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
restart: always
ports:
- 7050:7050
volumes:
- ./config/:/etc/hyperledger/configtx
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer.APPLICATION_NAME.com/:/etc/hyperledger/msp/orderer
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer.APPLICATION_NAME.com/tls/:/var/hyperledger/orderer/tls
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer0ORG_NAME
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer1.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer1ORG_NAME
# - ./ledgers/orderer.APPLICATION_NAME.com/:/var/hyperledger/production/orderer/
networks:
- basic
orderer2.APPLICATION_NAME.com:
container_name: orderer2.APPLICATION_NAME.com
image: hyperledger/fabric-orderer:IMAGETAG
environment:
- FABRIC_LOGGING_SPEC=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/orderer
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
restart: always
ports:
- 8050:7050
volumes:
- ./config/:/etc/hyperledger/configtx
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer2.APPLICATION_NAME.com/:/etc/hyperledger/msp/orderer
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer2.APPLICATION_NAME.com/tls/:/var/hyperledger/orderer/tls
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer0ORG_NAME
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer1.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer1ORG_NAME
# - ./ledgers/orderer.APPLICATION_NAME.com/:/var/hyperledger/production/orderer/
networks:
- basic
orderer3.APPLICATION_NAME.com:
container_name: orderer3.APPLICATION_NAME.com
image: hyperledger/fabric-orderer:IMAGETAG
environment:
- FABRIC_LOGGING_SPEC=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/orderer
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
restart: always
ports:
- 9050:7050
volumes:
- ./config/:/etc/hyperledger/configtx
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer3.APPLICATION_NAME.com/:/etc/hyperledger/msp/orderer
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer3.APPLICATION_NAME.com/tls/:/var/hyperledger/orderer/tls
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer0ORG_NAME
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer1.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer1ORG_NAME
# - ./ledgers/orderer.APPLICATION_NAME.com/:/var/hyperledger/production/orderer/
networks:
- basic
orderer4.APPLICATION_NAME.com:
container_name: orderer4.APPLICATION_NAME.com
image: hyperledger/fabric-orderer:IMAGETAG
environment:
- FABRIC_LOGGING_SPEC=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/orderer
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
restart: always
ports:
- 10050:7050
volumes:
- ./config/:/etc/hyperledger/configtx
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer4.APPLICATION_NAME.com/:/etc/hyperledger/msp/orderer
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer4.APPLICATION_NAME.com/tls/:/var/hyperledger/orderer/tls
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer0ORG_NAME
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer1.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer1ORG_NAME
# - ./ledgers/orderer.APPLICATION_NAME.com/:/var/hyperledger/production/orderer/
networks:
- basic
orderer5.APPLICATION_NAME.com:
container_name: orderer5.APPLICATION_NAME.com
image: hyperledger/fabric-orderer:IMAGETAG
environment:
- FABRIC_LOGGING_SPEC=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/orderer
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
restart: always
ports:
- 11050:7050
volumes:
- ./config/:/etc/hyperledger/configtx
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer5.APPLICATION_NAME.com/:/etc/hyperledger/msp/orderer
- ./crypto-config/ordererOrganizations/APPLICATION_NAME.com/orderers/orderer5.APPLICATION_NAME.com/tls/:/var/hyperledger/orderer/tls
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer0ORG_NAME
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer1.ORG_NAME.APPLICATION_NAME.com/:/etc/hyperledger/msp/peer1ORG_NAME
# - ./ledgers/orderer.APPLICATION_NAME.com/:/var/hyperledger/production/orderer/
networks:
- basic
peer0.ORG_NAME.APPLICATION_NAME.com:
container_name: peer0.ORG_NAME.APPLICATION_NAME.com
image: hyperledger/fabric-peer:IMAGETAG
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer0.ORG_NAME.APPLICATION_NAME.com
- CORE_PEER_ADDRESS=peer0.ORG_NAME.APPLICATION_NAME.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- FABRIC_LOGGING_SPEC=info
- CORE_CHAINCODE_LOGGING_LEVEL=info
- CORE_PEER_LOCALMSPID=MSP_NAME
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=COMPOSE_PROJECT_NAME_basic
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.ORG_NAME.APPLICATION_NAME.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.ORG_NAME.APPLICATION_NAME.com:7051
- CORE_CHAINCODE_EXECUTETIMEOUT="600s"
- CORE_PEER_GRPCOPTIONS_REQUEST_TIMEOUT="600s"
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
restart: always
# command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/msp:/etc/hyperledger/msp/peer
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/users:/etc/hyperledger/msp/users
- ./config:/etc/hyperledger/configtx
# - ./ledgers/peer0.ORG_NAME.APPLICATION_NAME.com/:/var/hyperledger/production/
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer0.ORG_NAME.APPLICATION_NAME.com/tls:/etc/hyperledger/fabric/tls
depends_on:
- orderer.APPLICATION_NAME.com
networks:
- basic
peer1.ORG_NAME.APPLICATION_NAME.com:
container_name: peer1.ORG_NAME.APPLICATION_NAME.com
image: hyperledger/fabric-peer:IMAGETAG
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
restart: always
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer1.ORG_NAME.APPLICATION_NAME.com
- CORE_PEER_ADDRESS=peer1.ORG_NAME.APPLICATION_NAME.com:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- FABRIC_LOGGING_SPEC=info
- CORE_CHAINCODE_LOGGING_LEVEL=info
- CORE_PEER_LOCALMSPID=MSP_NAME
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_basic
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.ORG_NAME.APPLICATION_NAME.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.ORG_NAME.APPLICATION_NAME.com:8051
- CORE_CHAINCODE_EXECUTETIMEOUT="600s"
- CORE_PEER_GRPCOPTIONS_REQUEST_TIMEOUT="600s"
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer1.ORG_NAME.APPLICATION_NAME.com/msp:/etc/hyperledger/msp/peer
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/users:/etc/hyperledger/msp/users
- ./config:/etc/hyperledger/configtx
# - ./ledgers/peer1.ORG_NAME.APPLICATION_NAME.com/:/var/hyperledger/production/
- ./crypto-config/peerOrganizations/ORG_NAME.APPLICATION_NAME.com/peers/peer1.ORG_NAME.APPLICATION_NAME.com/tls:/etc/hyperledger/fabric/tls
depends_on:
- orderer.APPLICATION_NAME.com
ports:
- 8051:8051
networks:
- basic
I know the docker compose is not written very well, I replacated same commands and things but at this point I would like to just let the network work and be running, next refactor and reformat code.
To run the network, I first run the generation script where the key parts are:
cryptogen generate --config=./crypto-config.yaml
configtxgen -profile SampleMultiNodeEtcdRaft -channelID $CHANNEL_NAME -outputBlock
./config/genesis.block
configtxgen -profile OneOrgChannel -outputCreateChannelTx ./config/channel.tx -channelID $CHANNEL_NAME
configtxgen -profile OneOrgChannel -outputAnchorPeersUpdate ./config/${MSP_NAME}anchors.tx -channelID $CHANNEL_NAME -asOrg $MSP_NAME
Next I run my network with docker compose. I get no error, everything goes up, but if I see the logs for the orderer I get the error I said. Of course if I also instantiate the cli and try to create the channel I get an error, for this reason I would like to fix this before going further.
Thanks in advance.
Just a very short log from orderer:
2019-11-27 08:47:24.985 UTC [orderer.consensus.etcdraft] poll -> INFO 240 1 received MsgPreVoteResp from 1 at term 1 channel=beerchannel node=1
2019-11-27 08:47:24.985 UTC [orderer.consensus.etcdraft] campaign -> INFO 241 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=beerchannel node=1
2019-11-27 08:47:24.985 UTC [orderer.consensus.etcdraft] campaign -> INFO 242 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=beerchannel node=1
2019-11-27 08:47:24.985 UTC [orderer.consensus.etcdraft] campaign -> INFO 243 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=beerchannel node=1
2019-11-27 08:47:24.985 UTC [orderer.consensus.etcdraft] campaign -> INFO 244 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=beerchannel node=1
2019-11-27 08:47:25.095 UTC [core.comm] ServerHandshake -> ERRO 245 TLS handshake failed with error tls: first record does not look like a TLS handshake server=Orderer remoteaddress=192.168.144.6:42974
2019-11-27 08:47:28.898 UTC [core.comm] ServerHandshake -> ERRO 246 TLS handshake failed with error tls: first record does not look like a TLS handshake server=Orderer remoteaddress=192.168.144.7:58672
2019-11-27 08:47:30.484 UTC [orderer.consensus.etcdraft] Step -> INFO 247 1 is starting a new election at term 1 channel=beerchannel node=1
2019-11-27 08:47:30.485 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 248 1 became pre-candidate at term 1 channel=beerchannel node=1
2019-11-27 08:47:30.485 UTC [orderer.consensus.etcdraft] poll -> INFO 249 1 received MsgPreVoteResp from 1 at term 1 channel=beerchannel node=1
This repeats multiple times then the docker stops
You are missing CORE_PEER_TLS_ENABLED=true for both of your peers.
I met this issue before, and fixed it successfully, i just tell you my solution, first you need to check everywhere protocol you wang to call the peer or the orderer which has opened the tls, the rigth protocol should be grpcs not the grpc, then you need to check the tlscert you was using to call the peer or the orderer if it is right, normally they are under the msp/tlscerts folder.
Related
I am trying to redirect from the specific port of the service to the domain name in traefik.
This is my config in yml file (swarm mode). Here I am trying to automatically redirect from https://portainer.com:8443 to https://portainer.com
I opened the port 8443 for traefik as well.
But when I am trying to do the redirection using: https://portainer.com/example to https://portainer.com it is working fine. How to make that work with ports?
version: '3.8'
services:
reverse-proxy:
image: traefik:latest
ports:
- 80:80
- 443:443
- 8443:8443
env_file:
- ./.env
deploy:
placement:
constraints: [node.role == manager]
update_config:
failure_action: rollback
labels:
# Enable traefik for the specific service
- "traefik.enable=true"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.middlewares=https-redirect"
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
# Make the Traefik use this domain in HTTPS
- "traefik.http.routers.traefik-https.rule=Host(`traefik.com`)"
# Allow the connections to the traefik api for the dashboard support
- "traefik.http.routers.traefik-https.service=api#internal"
- "traefik.http.services.traefik-svc.loadbalancer.server.port=9999"
# Use the Let's encrypt resolver
- "traefik.http.routers.traefik-https.tls=true"
- "traefik.http.routers.traefik-https.tls.certresolver=le"
# Use the traefik_net network that is declared below
- "traefik.docker.network=traefik_net"
# Use the auth for traefik dashboard
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_AUTH_USER_PASSWORD}"
- "traefik.http.routers.traefik-https.middlewares=traefik-auth"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-public-certificates:/certificates
command:
- --providers.docker
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=port#port.com
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.httpchallenge=true
- --certificatesresolvers.le.acme.httpchallenge.entrypoint=http
- --accesslog
- --log
- --api
networks:
- traefik_net
agent:
image: portainer/agent:latest
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
env_file:
- ./.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [ node.platform.os == linux ]
portainer:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- portainer_data:/data
networks:
- traefik_net
- agent_network
env_file:
- ./.env
deploy:
mode: replicated
replicas: 1
placement:
constraints: [ node.role == manager ]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.service=portainer"
- "traefik.http.routers.portainer.rule=Host(`portainer.com`)"
- "traefik.http.routers.portainer.entrypoints=https"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.tls.certresolver=le"
- "traefik.docker.network=traefik_net"
- "traefik.http.middlewares.portainer-redirect.redirectregex.regex=^https?://portainer.com:8443"
- "traefik.http.middlewares.portainer-redirect.redirectregex.replacement=https://portainer.com"
- "traefik.http.middlewares.portainer-redirect.redirectregex.permanent=true"
- "traefik.http.routers.portainer.middlewares=portainer-redirect"
Just need to add one more entrypoint and it will work:
version: '3.8'
services:
reverse-proxy:
image: traefik:latest
ports:
- 80:80
- 443:443
- 8443:8443
env_file:
- ./.env
deploy:
placement:
constraints: [node.role == manager]
update_config:
failure_action: rollback
labels:
# Enable traefik for the specific service
- "traefik.enable=true"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.middlewares=https-redirect"
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
# Make the Traefik use this domain in HTTPS
- "traefik.http.routers.traefik-https.rule=Host(`traefik.com`)"
# Allow the connections to the traefik api for the dashboard support
- "traefik.http.routers.traefik-https.service=api#internal"
- "traefik.http.services.traefik-svc.loadbalancer.server.port=9999"
# Use the Let's encrypt resolver
- "traefik.http.routers.traefik-https.tls=true"
- "traefik.http.routers.traefik-https.tls.certresolver=le"
# Use the traefik_net network that is declared below
- "traefik.docker.network=traefik_net"
# Use the auth for traefik dashboard
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_AUTH_USER_PASSWORD}"
- "traefik.http.routers.traefik-https.middlewares=traefik-auth"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-public-certificates:/certificates
command:
- --providers.docker
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --entrypoints.https-new.address=:8443
- --certificatesresolvers.le.acme.email=port#port.com
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.httpchallenge=true
- --certificatesresolvers.le.acme.httpchallenge.entrypoint=http
- --accesslog
- --log
- --api
networks:
- traefik_net
agent:
image: portainer/agent:latest
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
env_file:
- ./.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [ node.platform.os == linux ]
portainer:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- portainer_data:/data
networks:
- traefik_net
- agent_network
env_file:
- ./.env
deploy:
mode: replicated
replicas: 1
placement:
constraints: [ node.role == manager ]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.service=portainer"
- "traefik.http.routers.portainer.rule=Host(`portainer.com`)"
- "traefik.http.routers.portainer.entrypoints=https,https-new"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.tls.certresolver=le"
- "traefik.docker.network=traefik_net"
- "traefik.http.middlewares.portainer-redirect.redirectregex.regex=^https?://portainer.com:8443"
- "traefik.http.middlewares.portainer-redirect.redirectregex.replacement=https://portainer.com"
- "traefik.http.middlewares.portainer-redirect.redirectregex.permanent=true"
- "traefik.http.routers.portainer.middlewares=portainer-redirect"
I am using https://github.com/chop-dbhi/prometheus-sql for prometheus to execute sql queries. The containers are all up and running.
The value of query_result_example is always -1 (query-value-on-error = -1 as configured in prometheus-sql.yml)provided the actual value is 3.
I have executed the same query on Azure Data studio with same connection and credentials which returns 3.
I am unable to figure out where i am going wrong. Any help is appreciated.
docker-compose file:
prometheus:
image: prom/prometheus:v2.19.2
container_name: prometheus
volumes:
- ./prometheus:/etc/prometheus
- prometheus_data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=200h'
- '--web.enable-lifecycle'
restart: unless-stopped
ports:
- "9090:9090"
expose:
- 9090
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
sql-server-db:
container_name: sql-server-db
image: microsoft/mssql-server-linux:2017-latest
ports:
- "1433:1433"
expose:
- 1433
environment:
SA_PASSWORD: "Password"
ACCEPT_EULA: "Y"
sqlagent:
image: dbhi/sql-agent
container_name: sqlagent
ports:
- "5000:5000"
expose:
- 5000
prometheussql:
image: dbhi/prometheus-sql
container_name: prometheussql
volumes:
- ${PWD}/prometheus-sql.yml:/prometheus-sql.yml
- ${PWD}/test/queries.yml:/queries.yml
links:
- sqlagent:sqlagent
command: >
-service http://sqlagent:5000
-config /prometheus-sql.yml
ports:
- "8080:8080"
expose:
- 8080
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
queries.yml: (the below query has to return 3)
- example:
sql: >
select count(*) from MSreplication_options
interval: 5m
prometheus-sql.yml
defaults:
data-source: my-ds
query-interval: 10s
query-timeout: 5s
query-value-on-error: -1
# Defined data sources
data-sources:
my-ds:
driver: mssql
properties:
host: localhost
port: 1433
user: sa
password: Password
database: master
I try to used traefik 2 with 2 endpoints
toto.xxx/tata
toto.xxx/titi
But any endpoints work.
My docker-compose is
version: "3.7"
services:
traefik:
image: traefik:v2.2
restart: unless-stopped
environment:
- DUCKDNS_TOKEN=${DUCKDNS_TOKEN}
ports:
- 80:80
- 444:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${TRAEFIK_ACME}/acme.json:/etc/traefik/acme.json
- ${TRAEFIK_CONFIG}/traefik.yaml:/etc/traefik/traefik.yaml:ro
- ${TRAEFIK_LOG}:/etc/traefik/traefik_log
labels:
# General
- "traefik.enable=true"
# Traefik internal rules
- "traefik.http.routers.traefik.service=api#internal"
# hostname
- "traefik.http.routers.traefik.rule=Host(`ubuntu.local`) && PathPrefix(`/traefik`)"
# Authentication
# - "traefik.http.middlewares.traefik-auth.basicauth.users=USER:PASSWORD"
# - "traefik.http.routers.traefik.middlewares=traefik-auth"
# HTTPS
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
# Internal port
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
# Prefixes
- "traefik.http.middlewares.prefix-traefik.stripprefix.prefixes=/traefik"
- "traefik.http.middlewares.traefik.stripprefix.forceslash=true"
- "traefik.http.routers.traefik.middlewares=prefix-traefik#docker"
Does anyone have any ideas?
Thanks
I don't see from the snippet you share how did you try to configure traeifk with these endpoints. can you add more info?
In case you are trying to proxy traffic to other services behind the proxy, you need to set labels on these services with the needed router rules. Below is an example of doing this
proxy:
image: traefik:v2.2
command:
- '--log.level=DEBUG'
- '--providers.docker=true'
- '--entryPoints.web.address=:80'
- '--providers.providersThrottleDuration=2s'
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
- '--providers.docker.swarmModeRefreshSeconds=15s'
- '--providers.docker.exposedbydefault=false'
- '--providers.docker.defaultRule=Host("lvh.me")'
- '--accessLog.bufferingSize=0'
- '--api=true'
- '--api.dashboard=true'
- '--api.insecure=true'
- '--ping.entryPoint=web'
- '--providers.redis.endpoints=redis:6379'
- '--providers.redis.rootkey=traefik'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
ports:
- '80:80'
- '8080:8080'
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=traefik
networks:
- traefik
mailcatcher:
image: sj26/mailcatcher
deploy:
labels:
- traefik.enable=true
- traefik.tags=public
- traefik.http.services.mailcatcher.loadbalancer.server.port=1080
- traefik.http.routers.mailcatcher.rule=Host(`lvh.me`) && PathPrefix(`/mailcatcher`)
- traefik.http.routers.mailcatcher.service=mailcatcher
- traefik.http.routers.mailcatcher.entrypoints=web
- traefik.docker.network=traefik
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik
I'm starting up Traefik version 2.1.4 with the following configuration:
defaultEntryPoints:
- http
entryPoints:
hole-1:
address: ':663'
frontends:
hole-frontend-1:
backend: hole-backend-1
entrypoints:
- hole-1
backends:
hole-backend-1:
servers:
hole-server-1:
url: 'http://11.23.24.1:3000'
weight: 10
When I hit the http://11.23.24.1:663 I'm hit with the Traefik page 404 pages not found. When I go to http://11.23.24.1:3000 in the browser, it works, it displays the page.
I can't seem to figure out how to set up a reverse proxy in Traefik to point http://11.23.24.1:663 to http://11.23.24.1:3000.
I tried this, but I get the error
2020/02/18 11:39:43 command traefik.exe error: no valid configuration found in file: C:\config\traefik.yaml
http:
routers:
hole-router-1:
rule: "Host(`11.23.24.1`) && PathPrefix(`/`)"
service: hole-service
services:
hole-service:
loadBalancer:
servers:
- url: http://11.23.24.1:3000
C:\config\traefik\traefik.yaml:
entryPoints:
hole-1:
address: ":661"
providers:
file:
filename: C:\config\traefik\dynamic.yaml
C:\config\traefik\dynamic.yaml:
http:
routers:
hole-router-1:
rule: "Path(`/`)"
entryPoints:
- hole-1
service: hole-service
services:
hole-service:
loadBalancer:
servers:
- url: http://10.23.24.10:3000
I started Traefik with: traefik.exe --configFile=C:/config/traefik/traefik.yaml
Traefik 2.1 do not support frontend and backends any more.
This repository provides some examples to deploy Traefik 2.1 https://github.com/wshihadeh/traefik_v2
Example to do it with Docker:
version: '3.7'
networks:
traefik:
external: true
volumes:
db_data:
services:
proxy:
image: traefik:v2.1
command:
- '--providers.docker=true'
- '--entryPoints.http.address=:80'
- '--providers.providersThrottleDuration=2s'
- '--providers.docker.watch=true'
- '--providers.docker.exposedbydefault=false'
- '--providers.docker.defaultRule=Host("local.me")'
- '--accessLog.bufferingSize=0'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
ports:
- '663:80'
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik
hole-backend:
image: hole-backend:demo-v1
command: 'web'
deploy:
labels:
- traefik.enable=true
- traefik.http.services.hole.loadbalancer.server.port=8080
- traefik.http.routers.hole.rule=Host(`hole.local.me`)
- traefik.http.routers.hole.service=blog
- traefik.http.routers.hole.entrypoints=web
- traefik.docker.network=traefik
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik
I want to use Traefik as a reverse proxy inside swarm and pass SSL traffic to a specific container (wordpress:latest). The SSL certificate seems to work ok, but I am getting 404 page not found on https://fakepage.com (I'm using placeholder domain to avoid exposing private information).
Traffic through http works normally.
My docker-compose configuration for the docker stack I'm using.
version: "3.6"
services:
traefik:
image: traefik
ports:
- 80:80
- 443:443
- 8080:8080
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints: [node.role == worker]
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik_data:/tmp
command:
- "--docker"
- "--docker.domain=fakepage.com"
- "--logLevel=DEBUG"
- "--api"
- "--api.statistics"
- "--entryPoints=Name:http Address::80"
- "--entryPoints=Name:https Address::443 TLS"
- "--docker.endpoint=unix:///var/run/docker.sock"
- "--acme=true"
- "--acme.entrypoint=https"
- "--acme.httpchallenge"
- "--acme.httpchallenge.entrypoint=http"
- "--acme.domains=fakepage.com"
- "--acme.email=admin#fakepage.com"
- "--acme.storage=/tmp/acme.json"
db:
image: "mysql:5.7"
environment:
MYSQL_ROOT_PASSWORD: example
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
MYSQL_DATABASE: wordpress
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints: [node.role == worker]
volumes:
- db_data:/var/lib/mysql
wordpress:
depends_on:
- db
image: wordpress:latest
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints: [node.role == worker]
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
- wp_data:/var/www/html
labels:
traefik.enable: "true"
traefik.frontend.rule: "Host:fakepage.com"
volumes:
db_data:
wp_data:
traefik_data:
The problem was that I was missing a segment flag under container.
traefik.frontend.entryPoints: "http,https"