Dashboard address gives 404 - traefik

I am using Traefik in an ASF project, and the dashboard returns a 404 - http://localhost:8080. The routing rules still work perfectly I just have no visualization.
Can anyone suggest a reason / how to troubleshoot this?
Could No Extension found for Traefik/Traefik be the culprit?
Traefik.toml
################################################################
# Global configuration
################################################################
debug = true
logLevel = "INFO"
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.traefik]
address = ":8080"
################################################################
# API definition
################################################################
[api]
entryPoint = "traefik"
dashboard = true
debug = true
################################################################
# Service Fabric provider
################################################################
[servicefabric]
clustermanagementurl = "http://localhost:19080"
apiversion = "3.0"
Log Entries:
time="2018-03-26T16:52:19+11:00" level=debug msg="Extension label found for acme.Hierarchy/acme.Hierarchy.Service with key traefik.frontend.rule and value PathPrefixStrip: /hierarchy"
time="2018-03-26T16:52:19+11:00" level=debug msg="Extension label found for acme.Hierarchy/acme.Hierarchy.Service with key traefik.expose and value true"
time="2018-03-26T16:52:19+11:00" level=debug msg="Extension label found for acme.Hierarchy/acme.Hierarchy.Service with key traefik.frontend.passHostHeader and value true"
time="2018-03-26T16:52:19+11:00" level=debug msg="**No Extension found for Traefik/Traefik"**
time="2018-03-26T16:52:19+11:00" level=debug msg="Configuration received from provider servicefabric: {"backends":{"fabric:/acme.Hierarchy/acme.Hierarchy.Service":{"servers":{"131665139249762233":{"url":"http://localhost:3001","weight":1}},"loadBalancer":{"method":"drr"}},"fabric:/Traefik/Traefik":{"servers":{"131665162941723979":{"url":"http://localhost:8080/","weight":1}},"loadBalancer":{"method":"drr"}}},"frontends":{"fabric:/acme.Hierarchy/ acme.Hierarchy.Service":{"entryPoints":["http"],"backend":"fabric:/acme.Hierarchy/acme.Hierarchy.Service","routes":{"frontend.rule":{"rule":"PathPrefixStrip: /hierarchy"}},"passHostHeader":true,"priority":0,"basicAuth":null,"headers":{}}}}"
time="2018-03-26T16:52:19+11:00" level=info msg="Skipping same configuration for provider servicefabric"
time="2018-03-26T16:52:29+11:00" level=info msg="Checking service fabric config"
time="2018-03-26T16:52:29+11:00" level=debug msg="Extension label found for acme.Hierarchy/acme.Hierarchy.Service with key traefik.frontend.rule and value PathPrefixStrip: /hierarchy"
time="2018-03-26T16:52:29+11:00" level=debug msg="Extension label found for acme.Hierarchy/acme.Hierarchy.Service with key traefik.expose and value true"
time="2018-03-26T16:52:29+11:00" level=debug msg="Extension label found for acme.Hierarchy/acme.Hierarchy.Service with key traefik.frontend.passHostHeader and value true"
time="2018-03-26T16:52:29+11:00" level=debug msg="No Extension found for Traefik/Traefik"
time="2018-03-26T16:52:29+11:00" level=debug msg="Configuration received from provider servicefabric: {"backends":{"fabric:/acme.Hierarchy/acme.Hierarchy.Service":{"servers":{"131665139249762233":{"url":"http://localhost:3001","weight":1}},"loadBalancer":{"method":"drr"}},"fabric:/Traefik/Traefik":{"servers":{"131665162941723979":{"url":"http://localhost:8080/","weight":1}},"loadBalancer":{"method":"drr"}}},"frontends":{"fabric:/acme.Hierarchy/ acme.Hierarchy.Service":{"entryPoints":["http"],"backend":"fabric:/acme.Hierarchy/acme.Hierarchy.Service","routes":{"frontend.rule":{"rule":"PathPrefixStrip: /hierarchy"}},"passHostHeader":true,"priority":0,"basicAuth":null,"headers":{}}}}"
time="2018-03-26T16:52:29+11:00" level=info msg="Skipping same configuration for provider servicefabric"

Related

Traefik Catch all route for ssl and redirects to 443?

I'm trying to set up the acme client for my traefik server and I'm trying to create a catch all route that redirects port 80 to port 443 and also provisions an ssl certificate. This is my config so far
entryPoints:
web:
address: :80
web-secure:
address: :443
providers:
docker: true
api:
dashboard: true
insecure: true
http:
routers:
catchall:
rule: HostSNI(`gateway.dogma.net`)
tls:
certResolver: private
certificatesResolvers:
private:
acme:
email: "#####" # redacted
storage: "acme.json"
caServer: "https://ca.dogma.net:9000/acme/acme/directory"
httpChallenge:
entryPoint: web
When I set up my containers with a PathPrefix(/nameofthecontainer) routing rule I don't get redirected to port 443 and I don't get an ssl certificate
I've already set up my step-ca certificate authority and my dns points to it via the url ca.dogma.net

Cannot start the provider *file.Provider: field not found, node: entrypoint in Traefik configuration

I want to redirect the request to a non-dockerized webapp running in another host using traefik.
I am starting traefik with docker-compose with the following yml :
version: "3.3"
services:
reverse-proxy:
image: traefik:v2.4
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.file=true"
- "--providers.file.filename=/etc/traefik/rules.toml"
ports:
- "80:80"
- "8050:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "./rules.toml:/etc/traefik/rules.toml"
labels:
- traefik.enable=false
And my rules.toml file is :
[entrypoints]
[entrypoints.http]
address = ":8080"
[providers]
[providers.file]
[http]
[http.routers]
[http.routers.auth-router]
rule = "Path(`/auth`)"
service = "auth"
entrypoint=["http"]
[http.services]
[http.services.auth.loadbalancer]
[[http.services.auth.loadbalancer.servers]]
url = "http://myhost.com:8080/auth"
Whenever user opens http://localhost:8080/auth, traefik should redirect them to http://myhost.com:8080/auth, that is my requirement. but I'm getting the following error during traefik startup
Cannot start the provider *file.Provider: field not found, node: entrypoint"
How can I resolve this issue.

The error makes it seem like it's a file provider issue, but I think it's just a type on your part -- should be entryPoints (uppercase P) in your rules.toml file
[entryPoints]
[entryPoints.http]
address = ":8080"
[providers]
[providers.file]
[http]
[http.routers]
[http.routers.auth-router]
rule = "Path(`/auth`)"
service = "auth"
entryPoints = ["http"]
[http.services]
[http.services.auth.loadbalancer]
[[http.services.auth.loadbalancer.servers]]
url = "http://myhost.com:8080/auth"

"No default certificate, generating one" when a default certificate is provided

This probably a newbie question regarding traefik and the SSL configuration.
I'd like to use my own (self-signed, company, ...) certificates with traefik. I tried to follow the documentation, but I keep on getting the following message:
... level=debug msg="No default certificate, generating one"
My traefik.tomllooks like this:
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[log]
level = "DEBUG"
[api]
insecure = true
dashboard = true
[providers.docker]
exposedByDefault = false
[[tls]]
entryPoints = ["websecure"]
[[tls.certificate]]
certFile = "/certs/cert.crt"
keyFile = "/certs/cert.key"
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "/cert/cert.crt"
keyFile = "/cert/cert.key"
and my docker-compose.yml looks like this:
version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.2
ports:
# The HTTP port
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
- $PWD/shared/traefik/etc/traefik.toml:/etc/traefik/traefik.toml
- $PWD/shared/traefik/ssl:/certs/
whoami:
# A container that exposes an API to show its IP address
image: containous/whoami
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.basic-auth-whoami.basicauth.users=***:***"
- "traefik.http.middlewares.strip-whoami.stripprefix.prefixes=/whoami"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.middlewares=basic-auth-whoami#docker,strip-whoami#docker"
- "traefik.http.routers.whoami.rule=PathPrefix(`/whoami`) && Host(`<mydomain>`)"
- "traefik.http.services.whoami-poc-traefik.loadbalancer.server.port=80"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=web"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
- "traefik.http.routers.whoami.tls=true"
I am quite sure this is something trivial but I can't figure it out (both the toml syntax and traefik concepts being a too much to swallow at once).

I finally found out what was not working by following this blog
I had to:
Add file provider for dynamic configuration to my traefik.toml file:
[providers.file]
filename = "/tls-certs.toml"
Add a volume mapping to my docker-compose.yml file:
- $PWD/shared/traefik/etc/tls-certs.toml:/tls-certs.toml
Provide a tls-certs.toml file:
[[tls.certificates]] #first certificate
certFile = "/certs/cert.crt"
keyFile = "/certs/cert.key"

Issues obtaining ssl certificate

BACKGROUND
I am trying to setup the traefik dashboard to be accessible at sub.domain.com, and secure it automatically via a Let's Encrypt SSL certificate. Using the configuration files below, I am successful in setting up the container and making the dashboard accessible via https://sub.domain.com.
I have multiple A records pointing to the same IP, which is a VPS:
sub.domain.com
server1.domain.com
PROBLEM
Upon loading the dashboard page I get an untrusted certificate error.
LOGS & CONFIGS
Examining the Traefik dashboard certificate shows it's a Traefik self-signed cert.
Looking at the container logs, I can see the following
time="2018-01-23T04:47:53Z" level=info msg="Generating ACME Account..."
time="2018-01-23T04:48:11Z" level=debug msg="Building ACME client..."
time="2018-01-23T04:48:11Z" level=info msg=Register...
time="2018-01-23T04:48:12Z" level=debug msg=AgreeToTOS...
time="2018-01-23T04:48:12Z" level=info msg="Preparing server traefik &{Network: Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc4202a2940} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2018-01-23T04:48:12Z" level=info msg="Retrieving ACME certificates..."
time="2018-01-23T04:48:12Z" level=info msg="Retrieved ACME certificates"
time="2018-01-23T04:48:12Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"bendwyer.net","TLS":null,"ExposedByDefault":false,"UseBindPortIP":false,"SwarmMode":false}"
time="2018-01-23T04:48:12Z" level=info msg="Starting server on :443"
time="2018-01-23T04:48:12Z" level=info msg="Starting server on :8080"
time="2018-01-23T04:48:12Z" level=info msg="Testing certificate renew..."
Checking acme.json I can see that the file has been populated with Let's Encrypt information, but the certificate sections are blank.
traefik.toml
defaultEntryPoints = ["http", "https"]
debug = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "name#domain.com"
storage = "acme.json"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
OnHostRule = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "domain.com"
watch = true
exposedbydefault = false
docker-compose.yml
version: '2'
services:
traefik:
image: traefik:1.5-alpine
command: --web
ports:
- "80:80"
- "443:443"
restart: always
labels:
- "traefik.enable=true"
- "traefik.backend=sub"
- "traefik.frontend.rule=Host:sub.domain.com"
- "traefik.port=8080"
- "traefik.frontend.auth.basic=user:htpasswd"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
container_name: traefik
networks:
- default

you must change your configuration like that:
[acme]
email = "name#domain.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true # <-----------
[acme.httpChallenge]
entryPoint = "http"

traefik returns 404 for unconditional forward to a backend

I want to unconditionally forward all requests to a backend, but when I try to visit it, I keep getting 404. Here are my configs.
docker-compose.yml
version: '3.3'
services:
load-balancer:
image: traefik:1.5-alpine
ports:
- 8080:80
volumes:
- ./traefik:/etc/traefik
server1:
build: server1
ports:
- 8081:80
traefik.toml
defaultEntryPoints = ["http"]
debug = true
logLevel = "DEBUG"
[accessLog]
[entryPoints.http]
address = ":80"
[frontends.dummy]
backend = "dummy"
entrypoints = ["http"]
[frontends.dummy.routes.all]
rule = "PathPrefix:/"
[backends.dummy.servers.server1]
url = "http://server1:80"
I can access server1 with no problem from localhost:8081 and http://server1 from inside the load-balancer container. But localhost:8080 keeps returning 404
The debug log
load-balancer_1 | time="2017-12-15T12:56:09Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
load-balancer_1 | time="2017-12-15T12:56:09Z" level=info msg="Traefik version v1.5.0-rc2 built on 2017-12-06_03:07:42PM"
load-balancer_1 | time="2017-12-15T12:56:09Z" level=info msg="
load-balancer_1 | Stats collection is disabled.
load-balancer_1 | Help us improve Traefik by turning this feature on :)
load-balancer_1 | More details on: https://docs.traefik.io/basic/#collected-data
load-balancer_1 | "
load-balancer_1 | time="2017-12-15T12:56:09Z" level=debug msg="Global configuration loaded {"LifeCycle":{"RequestAcceptGraceTimeout":0,"GraceTimeOut":0},"GraceTimeOut":0,"Debug":true,"CheckNewVersion":true,"SendAnonymousUsage":false,"AccessLogsFile":"","AccessLog":{"format":"common"},"TraefikLogsFile":"","TraefikLog":null,"LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":null,"Auth":null,"WhitelistSourceRange":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":["http"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":0,"InsecureSkipVerify":false,"RootCAs":null,"Retry":null,"HealthCheck":{"Interval":30000000000},"RespondingTimeouts":null,"ForwardingTimeouts":null,"Web":null,"Docker":null,"File":null,"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null,"ServiceFabric":null,"Rest":null,"API":null,"Metrics":null,"Ping":null}"
load-balancer_1 | time="2017-12-15T12:56:09Z" level=info msg="Preparing server http &{Network: Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc42060ea60} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
load-balancer_1 | time="2017-12-15T12:56:09Z" level=info msg="Starting server on :80"
load-balancer_1 | 172.21.0.1 - - [15/Dec/2017:12:56:17 +0000] "GET / HTTP/1.1" - - - "curl/7.54.0" 1 - - 0ms
The last access log is from the command
curl localhost:8080
and it returned
404 page not found
I don't want to use the docker backend, just want to let traefik do the conventional round-robin from the container. I wonder if it's possible?

okay, after joining slack, Machael Matul pointed out you will need
[file] declared somewhere after entry points
[file]
and for backend to work, it has to be before routes declaration on frontend.
example:
[frontends]
[frontends.frontend1]
backend = "buffalo"
[frontends.frontend1.routes.web]
rule = "Host:xyz.com"
entrypoints = ["http","https"]
example of complete:
debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["https","http"]
[accessLog]
[web]
address = ":8080"
[web.auth.basic]
users = ["admin:md5hashedpassword"]
[acme]
email = "info#xyz.com"
storage = "/acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[file]
watch = true
[backends]
[backends.buffalo]
[backends.buffalo.loadbalancer.stickiness]
[backends.buffalo.servers.server1]
url = "http://node1:3000"
[backends.buffalo.servers.server2]
url = "http://node2:3000"
[backends.backendNginx]
[backends.backendNginx.loadbalancer.stickiness]
[backends.backendNginx.servers.server1]
url = "http://nginx1:8080"
[backends.backendNginx.servers.server2]
url = "http://nginx2:8080"
[backends.ai6forum]
[backends.ai6forum.loadbalancer.stickiness]
[backends.ai6forum.servers.server1]
url = "http://10.140.0.9:80"
[frontends]
[frontends.frontend1]
backend = "buffalo"
[frontends.frontend1.routes.web]
rule = "Host:xyz.com"
entrypoints = ["http","https"]
passHostHeader = true
passTLSCert = true
priority = 10
[frontends.nginx]
backend = "backendNginx"
[frontends.nginx.routes.web]