Beginner Problem.... Container IPs are not reachable outside the Docker Host

Hi there,

... sorry for this question... But i am looking for an answer for 2 days now...

• Docker-Host ubuntu 18.04 LTS
• newest Docker
• Traefik v2 / v1.7 (tested both)

I am running a Docker-Host with a lot of web-based services and traefik sounds to good to be real! In the past I used exposed Ports (80,81,82,...) etc. to connect to every service. Now i want to change this to different urls.
I deployed a traefik container with sample config and added labels to one of my services (nextcloud). I dropped the exposed port out of the nextcloud config and added the traefik network to it.

Traefik detects the service just fine and creates a frontend based on my config.

But i am not able to connect whether to the url nor to the docker ip of the container.

I tried lots of things:

• Docker Host ping to the container ip - successful
• Ping out of the container to Host/Land/Internet - successful
• Traceroute from network client to container ip - failed
• Setup a fresh docker host with traefik and nextcloud - same behaviour
• tried different things with ip-table to achieve correct routing - failed

For my understanding: Traefik is routing the traefik or just redirecting to the internal ip?
Second version should not work for my understanding. am i right?

I really think i am missing something. But didn't figure it out until now. Maybe one of u guys has an idea!

regards!

Hello,

I recommend to read:

• https://blog.containo.us/traefik-2-0-docker-101-fc2893944b9d
• https://github.com/containous/blog-posts/tree/master/2019_09_10-101_docker

Hey,

thank you for your tipps. But this does not solve my problem at all.

The Labels and the frontend and services seem to be correct. traefik just does not route to the container...

Did you allow 80/443 or whatever ports you have Traefik accepting connections on at the Docker host firewall?
It's not redirecting, it's reverse proxying, depending on your configuration, the container IPs aren't even visible to things outside the Docker containers' virtual network. You'd have to put your (obfuscated) configuration up for us to be able to tell you for sure.

But typically, Traefik should be accepting http(s) connections (typically on port 80 and 443) and then reverse proxying those connections to the container IPs and ports of the Docker internal network IP addresses, making decisions based on what the request says it's for (using SNI).

But if you didn't unblock the basic ports at the Docker host level, Traefik won't even get the request. You actually don't even have to publish the ports of the containers, just expose them, and they should still be accessible through Traefik, if configured correctly (because it's reverse proxying, not forwarding).