Static route to local port

Horus · August 5, 2020, 7:34pm

Hello,

I have two services, both listen on all interfaces on localhost. homeasssistant at port 8123 and pihole at port 81. I want to make them available to the outside using dyndns.example.invalid. homeassistant at the root, pihole at a subdirectory. TLS works fine, however, I only get the 404 page not found message from traefik.

What is wrong with my config?

Thanks!

My dynamic conf is:

http:
  routers:
    homeassistant:
      rule: "Host(`home.xgm.de`)"
      service: homeassistant

    pihole:
      rule: "Host(`dyndns.example.invalid`) && Path(`/pihole`)"
      service: pihole

  services:
    homeassistant:
      loadBalancer:
        servers:
          # tried both localhost and assigned IP
          - url: "http://192.168.0.2:8123"
    pihole:
      loadBalancer:
        servers:
          - url: "http://127.0.0.1:81"

static config:

providers:
  file:
    filename: /etc/traefik/dynamic_conf.yaml

entrypoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https

  https:
    address: ":443"

certificatesResolvers:
  le:
    acme:
      tlschallenge: true
      email: "[...]"
      storage: "/letsencrypt/acme.json"
api:
  dashboard: true

Horus · August 9, 2020, 4:30pm

I have been working further on this, but to no result.

My configuration files now are simplified to:

tls:
  options:
    default:
      minVersion: VersionTLS12
      sniStrict: true

http:
  routers:
    traefik:
      rule: "HostRegexp(`{catchall:.*}`)"
      service: api@internal

and I get:

Starting traefik ... done
Attaching to traefik
traefik    | time="2020-08-09T16:26:11Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yaml"
traefik    | time="2020-08-09T16:26:11Z" level=info msg="Traefik version 2.2.8 built on 2020-07-28T15:46:03Z"
traefik    | time="2020-08-09T16:26:11Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"https\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483647}}}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"file\":{\"watch\":true,\"filename\":\"/etc/traefik/dynamic_conf.yaml\"}},\"api\":{\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"le\":{\"acme\":{\"email\":\"florian.lindner@xgm.de\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"tlsChallenge\":{}}}}}"
traefik    | time="2020-08-09T16:26:11Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
traefik    | time="2020-08-09T16:26:11Z" level=debug msg="Start TCP Server" entryPointName=http
traefik    | time="2020-08-09T16:26:11Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
traefik    | time="2020-08-09T16:26:11Z" level=debug msg="Start TCP Server" entryPointName=https
traefik    | time="2020-08-09T16:26:11Z" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/dynamic_conf.yaml\"}"
traefik    | time="2020-08-09T16:26:11Z" level=info msg="Starting provider *traefik.Provider {}"
traefik    | time="2020-08-09T16:26:11Z" level=info msg="Starting provider *acme.Provider {\"email\":\"florian.lindner@xgm.de\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"tlsChallenge\":{},\"ResolverName\":\"le\",\"store\":{},\"ChallengeStore\":{}}"
traefik    | time="2020-08-09T16:26:11Z" level=info msg="Testing certificate renew..." providerName=le.acme
traefik    | time="2020-08-09T16:26:11Z" level=debug msg="Configuration received from provider file: {\"http\":{\"routers\":{\"traefik\":{\"service\":\"api@internal\",\"rule\":\"HostRegexp(`{catchall:.*}`)\"}}},\"tcp\":{},\"udp\":{},\"tls\":{\"options\":{\"default\":{\"minVersion\":\"VersionTLS12\",\"clientAuth\":{},\"sniStrict\":true}}}}" providerName=file
traefik    | time="2020-08-09T16:26:11Z" level=debug msg="Configuration received from provider le.acme: {\"http\":{},\"tls\":{}}" providerName=le.acme
traefik    | time="2020-08-09T16:26:11Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"http-to-https\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"redirect-http-to-https\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483647}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"redirect-http-to-https\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}}},\"tcp\":{},\"tls\":{}}" providerName=internal
traefik    | time="2020-08-09T16:26:11Z" level=debug msg="Adding certificate for domain(s) home.xgm.de"
traefik    | time="2020-08-09T16:26:11Z" level=debug msg="No default certificate, generating one"
traefik    | time="2020-08-09T16:26:15Z" level=debug msg="Adding certificate for domain(s) home.xgm.de"
traefik    | time="2020-08-09T16:26:15Z" level=debug msg="No default certificate, generating one"
traefik    | time="2020-08-09T16:26:25Z" level=debug msg="Added outgoing tracing middleware noop@internal" routerName=http-to-https@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
traefik    | time="2020-08-09T16:26:25Z" level=debug msg="Creating middleware" middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme entryPointName=http routerName=http-to-https@internal
traefik    | time="2020-08-09T16:26:25Z" level=debug msg="Setting up redirection to https 443" middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme entryPointName=http routerName=http-to-https@internal
traefik    | time="2020-08-09T16:26:25Z" level=debug msg="Adding tracing to middleware" routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal entryPointName=http
traefik    | time="2020-08-09T16:26:25Z" level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik    | time="2020-08-09T16:26:25Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [http https]" routerName=traefik
traefik    | time="2020-08-09T16:26:25Z" level=debug msg="Adding certificate for domain(s) home.xgm.de"
traefik    | time="2020-08-09T16:26:25Z" level=debug msg="No default certificate, generating one"
traefik    | time="2020-08-09T16:26:28Z" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=http routerName=http-to-https@internal middlewareName=tracing middlewareType=TracingForwarder
traefik    | time="2020-08-09T16:26:28Z" level=debug msg="Creating middleware" entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme
traefik    | time="2020-08-09T16:26:28Z" level=debug msg="Setting up redirection to https 443" entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme
traefik    | time="2020-08-09T16:26:28Z" level=debug msg="Adding tracing to middleware" routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal entryPointName=http
traefik    | time="2020-08-09T16:26:28Z" level=debug msg="Added outgoing tracing middleware api@internal" routerName=traefik@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
traefik    | time="2020-08-09T16:26:28Z" level=debug msg="Creating middleware" entryPointName=http middlewareType=Recovery middlewareName=traefik-internal-recovery
traefik    | time="2020-08-09T16:26:28Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=https middlewareName=traefik-internal-recovery

and when there is a request, the access log is:

traefik    | 46.114.60.35 - - [09/Aug/2020:16:27:06 +0000] "GET / HTTP/2.0" - - "-" "-" 1 "-" "-" 0ms

Any ideas someone? Or a way how I can get more logging output?

Thanks!

zespri · August 10, 2020, 1:38am

Hello,

in order for traefik to match incoming requests and the forward them to appropriate services, traefik needs to know what to match on, where the services are, and which request to forward to which.

Your last configuration does not mention neither pihole not home assistant, so naturally traefik does not know how to forward requests to them.

I order to make this work, you will need to configure traefik properly. First read Configuration Introduction to get a big picture about different moving parts. I think you got the entripoint part, so the next one would be Routers and Services.

For TLS/Let's Encrypt see here and the sub sections.

Once you configure those, you should be up and running, good luck!

Horus · August 10, 2020, 5:41pm

Hey!

Thanks for your reply! The second posting is much stripped down version of my original configuration, that's why pihole and homeassistant are not included. Sorry, I failed to make that clear.

I now have it running for home assistant on the root directory. Next thing I try is to route the traefik/ subdirectory to the api@internal service.

Currently, my relevant configuration is

http:
  routers:
    homeassistant:
      rule: "Host(`home.xgm.de`)"
      service: homeassistant
      priority: 1
      tls:
        certResolver: le

    traefik:
      rule: "PathPrefix(`/traefik`)"
      service: api@internal
      priority: 2
      tls:
        certResolver: le
      # middleware:
      #   - test-stripprefix

  middlewares:
    test-stripprefix:
      stripPrefix:
        prefixes:
          - "/traefik/"


  services:
    homeassistant:
      loadBalancer:
        servers:
          - url: "http://192.168.0.2:8123"

This results in a log output upon requesting http://home.xgm.de/traefik:

traefik    | 46.114.58.140 - - [10/Aug/2020:17:35:23 +0000] "GET /traefik HTTP/1.1" 301 17 "-" "-" 1 "http-to-https@internal" "-" 0ms
traefik    | 46.114.58.140 - - [10/Aug/2020:17:35:24 +0000] "GET /traefik HTTP/2.0" 404 19 "-" "-" 2 "traefik@file" "-" 0ms
traefik    | time="2020-08-10T17:35:24Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/favicon.ico\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"image/webp,image/apng,image/*,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\"],\"Referer\":[\"https://home.xgm.de/traefik\"],\"Sec-Fetch-Dest\":[\"image\"],\"Sec-Fetch-Mode\":[\"no-cors\"],\"Sec-Fetch-Site\":[\"same-origin\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36\"],\"X-Forwarded-Host\":[\"home.xgm.de\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"marduk\"],\"X-Real-Ip\":[\"46.114.58.140\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"home.xgm.de\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"46.114.58.140:37280\",\"RequestURI\":\"/favicon.ico\",\"TLS\":null}"
traefik    | time="2020-08-10T17:35:24Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" ForwardURL="http://192.168.0.2:8123" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/favicon.ico\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"image/webp,image/apng,image/*,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\"],\"Referer\":[\"https://home.xgm.de/traefik\"],\"Sec-Fetch-Dest\":[\"image\"],\"Sec-Fetch-Mode\":[\"no-cors\"],\"Sec-Fetch-Site\":[\"same-origin\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36\"],\"X-Forwarded-Host\":[\"home.xgm.de\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"marduk\"],\"X-Real-Ip\":[\"46.114.58.140\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"home.xgm.de\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"46.114.58.140:37280\",\"RequestURI\":\"/favicon.ico\",\"TLS\":null}"

when I enable the stripprefix middleware it becomes:

traefik    | 46.114.58.140 - - [10/Aug/2020:17:40:07 +0000] "GET /traefik HTTP/2.0" 404 19 "-" "-" 3 "traefik@file" "-" 0ms
traefik    | time="2020-08-10T17:40:07Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/favicon.ico\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"image/webp,image/apng,image/*,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\"],\"Cache-Control\":[\"no-cache\"],\"Pragma\":[\"no-cache\"],\"Referer\":[\"https://home.xgm.de/traefik\"],\"Sec-Fetch-Dest\":[\"image\"],\"Sec-Fetch-Mode\":[\"no-cors\"],\"Sec-Fetch-Site\":[\"same-origin\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36\"],\"X-Forwarded-Host\":[\"home.xgm.de\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"marduk\"],\"X-Real-Ip\":[\"46.114.58.140\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"home.xgm.de\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"46.114.58.140:37364\",\"RequestURI\":\"/favicon.ico\",\"TLS\":null}"

Do you have any advise for me?

Thanks!

zespri · August 11, 2020, 2:50am

From what you wrote, it looks like you are on track.

Horus · August 11, 2020, 5:32pm

That's good to hear, but still, something is missing.

zespri · August 21, 2020, 7:40am

I'm sorry to hear that. What's wrong?

Horus · August 21, 2020, 4:31pm

Well, I described my problem, you said I am heading in the right direction and I said I am not there yet. So my original problem has not been touched.

Anyway, I gave up on routing a sub-path, instead use sub-domains again.

zespri · August 21, 2020, 9:08pm

I'm glad you found a work around that works for you.

Topic		Replies	Views
[Traefik 2.4.8] Pihole is getting 404 page not found Traefik v2 (latest) docker	2	2239	June 20, 2021
Routers and services invisible in Traefik dashboard Traefik v2 (latest) cli	3	570	July 30, 2022
Static Proxy not resolving Traefik v2 (latest) file	1	414	March 13, 2020
404 error when using local DNS Traefik v2 (latest) docker	2	981	May 30, 2020
Call back: 404 error page not found Traefik v2 (latest) tcp	26	769	October 9, 2023

Static route to local port

Related Topics