Use Traefik with Lets Encrypt and Docker ?

  • no particular reason I just followed the tutorial because I spent a lot of time before it worked and I ended up following the tutorial to the letter :D (before I tested with version 2.1 of traefik and I could not achieve what I wanted.)


    But by changing in the traefik.toml you can probably reset the HttpChallenge I have not tested.

    AMD Ryzen 5 2400G on Asus TUF B450M-PLUS - 8Gb RAM - 3 * 3To RAID5 on LSI Megaraid SAS 9260-8i and 3 SSD in Fractal Design Node 804 Black
    OS: OMV 4.1.26-1

  • tinh_x7 during the setup/testing stage you should change the letsencrypt caserver to increase the rate limit:

    settings for traefik v1.7 and traefik v2.1 and the letsencrypt info site


    I’m currently using NoIp...

    If you mean noip.com then you are out of luck.. according to there website you cant get a ssl certificate for a no-ip hostname

  • considering the signing of the certificate I think you switched to using the LE test environment which explains your certificate :)

    AMD Ryzen 5 2400G on Asus TUF B450M-PLUS - 8Gb RAM - 3 * 3To RAID5 on LSI Megaraid SAS 9260-8i and 3 SSD in Fractal Design Node 804 Black
    OS: OMV 4.1.26-1

  • I got the LE cert valid for Traefik site, but the dashboard only load if it's in private mode Chrome.

    I have my external services (Plex, Emby) green status in Traefik dashboard, but they can't be access externally.



    Code
    Your connection isn't private
    Attackers might be trying to steal your information from media.abctest.com (for example, passwords, messages, or credit cards).
    NET::ERR_CERT_REVOKED
  • tinh_x7 i have no idea what you are doing... please show your traefik configs static and dynamic.


    Edit: and your traefik log file during startup i would like to see how you got your certificate issued.

  • Traefik.yml





    Config.yml


  • both your servies point to "media.abcxyz.com" how should traefik know which one you want?

    why did you activate the docker provider if your setup is provided from the file provider? ... or did you setup yout traefik via docker labels?

  • hello,


    I guess you right on the 'media.abczyz.com', I probably have to create two separate domains.

    The docker provider exposed by default is set to false.

    Is that wrong ?


    I used this guide: https://medium.com/@containero…ough-traefik-7bf2d56b1057



    Traefik log:


    Code
    172.20.0.1 - - [28/Mar/2020:16:25:16 +0000] "GET /metrics HTTP/1.1" 404 19 "-" "-" 45 "-" "-" 0ms,
    172.20.0.1 - - [28/Mar/2020:16:25:56 +0000] "GET /metrics HTTP/1.1" 404 19 "-" "-" 53 "-" "-" 0ms,
    time="2020-03-28T12:26:05-04:00" level=error msg="Error while writing to InfluxDB: Post \"http://localhost:8089/write?consistency=&db=influxdb&precision=ns&rp=\": dial tcp 127.0.0.1:8089: connect: connection refused" metricsProviderName=influxdb,
    time="2020-03-28T12:22:45-04:00" level=error msg="Error while writing to InfluxDB: Post \"http://localhost:8089/write?consistency=&db=influxdb&precision=ns&rp=\": dial tcp 127.0.0.1:8089: connect: connection refused" metricsProviderName=influxdb,
    172.20.0.1 - - [28/Mar/2020:16:26:06 +0000] "GET /metrics HTTP/1.1" 404 19 "-" "-" 55 "-" "-" 0ms,
    time="2020-03-28T12:24:45-04:00" level=info msg="[during WriteTo err Post \"http://localhost:8089/write?consistency=&db=influxdb&precision=ns&rp=\": dial tcp 127.0.0.1:8089: connect: connection refused]" metricsProviderName=influxdb,
    172.20.0.1 - - [28/Mar/2020:16:26:51 +0000] "GET /metrics HTTP/1.1" 404 19 "-" "-" 64 "-" "-" 0ms
  • no it is not wrong but maybe unnecessary:

    with the following yml block you activated the docker provider:

    Code
    docker:

    an with

    Code
    exposedByDefault: false

    you told traefik to not automatically add all active docker containers.


    if your emby and or plex services are docker containers you could add them via traefik labels like so (assuming you use a compose file):

    (personally i would use labels if possible)

    Code
    labels:
    - "traefik.enable=true"
    # - "traefik.docker.network=proxy_web"
    - "traefik.http.routers.plex.rule=Host(`plex.abczyz.com`)"
    - "traefik.http.routers.plex.tls=true"
    - "traefik.http.routers.plex.tls.certresolver=le"
    - "traefik.http.routers.plex.entrypoints=https"
    # - "traefik.http.routers.plex.middlewares=logins@file"
    - "traefik.http.services.plex.loadbalancer.server.port=32400"

    since you are using traefik v2.2 i would also add the newly added default redirectionfor http => https:

    this goes in your static configuration


    you should also set you log level to DEBUG i may reveal some insight and remove the whole metrics block until your services work.


    EDIT:

    my bad to active the docker provider via static file config you need: docs.traefik.io

    Code
    docker:
    endpoint: "unix:///var/run/docker.sock"

    omv 5.3.9 usul | 64 bit | 5.4.19 bpo kernel | omvextrasorg 5.2.6

    Edited 3 times, last by coffinbearer: added note about log level / typo ().

  • I got the LE cert valid for Traefik site, but the dashboard only load if it's in private mode Chrome.

    I have my external services (Plex, Emby) green status in Traefik dashboard, but they can't be access externally.



    Code
    Your connection isn't private
    Attackers might be trying to steal your information from media.abctest.com (for example, passwords, messages, or credit cards).
    NET::ERR_CERT_REVOKED

    Just in case you have opened ports 80 and 443 to your traefik container ?

    AMD Ryzen 5 2400G on Asus TUF B450M-PLUS - 8Gb RAM - 3 * 3To RAID5 on LSI Megaraid SAS 9260-8i and 3 SSD in Fractal Design Node 804 Black
    OS: OMV 4.1.26-1

  • in traefik version 2.x redirection http to https works easily ?

    you no longer have to go through middleware as indicated here https://github.com/containous/traefik/issues/4863

    AMD Ryzen 5 2400G on Asus TUF B450M-PLUS - 8Gb RAM - 3 * 3To RAID5 on LSI Megaraid SAS 9260-8i and 3 SSD in Fractal Design Node 804 Black
    OS: OMV 4.1.26-1

  • Https redirection is already in my config.yml.

    Both Plex and Emby services are external services, non-Docker containerization.



Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!