Closed benisai closed 1 year ago
Rolling back to a version from 5 months ago doesnt work because the scheme isnt recognized ([fatal] unknown configuration schema version 20), so I cant prove when it broken.
I'm having the same issue.
I've been running AdGuard Home with Traefik for years, and this never happened before.
I've only noticed this today, and I'm pretty sure everything was working fine for me a couple of weeks ago. Don't know exactly which version I was running, but I have auto-updates on my containers with watchtower so I'm tempted to say that this was a recent change, but @benisai opened this issue back in April. Not sure what to make of this.
@ainar-g Can we please get some feedback on this one?
@benisai, @rfgamaral, have you tried the recent versions, including the required steps as described in the release notes for v0.107.34? (See the “Removed” section.)
If so, verbose logs of AdGuard Home should shed some light on what's happening.
@ainar-g Awesome. Pulled the latest version, recreated the container, all is working for me with v0.107.36. Thank you!
Good to hear. Assuming that OP has the same issue, I'll close this one. Feel free to reopen if it's not the same, preferably with the verbose log data.
Not fixed for me. AGH is not responding from what treafik logs show. F12 shows the same 502 bad gateway.
Traefik Logs:
time="2023-08-16T01:53:34Z" level=debug msg="'502 Bad Gateway' caused by: read tcp 172.18.0.19:42206->10.10.10.5:84: read: connection reset by peer" time="2023-08-16T01:55:37Z" level=debug msg="'502 Bad Gateway' caused by: read tcp 172.18.0.19:54528->10.10.10.5:84: read: connection reset by peer"
my Toml file looks like this, I do have Authelia inbetween, I set Adguard to bypass any auth from Authelia, but still doesnt work:
` [http] [http.middlewares] [http.middlewares.adhome-redirect.redirectScheme] scheme = "https"
[http.routers.adhome-redirect]
entrypoints = ["http"]
rule = "Host(adguard.example.com
)"
middlewares = ["adhome-redirect"]
service = "adhome"
[http.routers.adhome]
entrypoints = ["https"]
rule = "Host(adguard.example.com
)"
service = "adhome"
middlewares = ["authelia@docker"]
[http.routers.adhome.tls]
certResolver = "letsencrypt"
[http.services] [http.services.adhome.loadbalancer] [[http.services.adhome.loadbalancer.servers]] url = "http://10.10.10.5:84" `
when I browse http://10.10.10.5:84/ from my home netowrk, I can browse the AGH webpage. When Treafik tries, it doesnt get a response from AGH. Telnets work from my Server where Treafik is to 10.10.10.5 over 84. So I have a good connection. But AGH is not returning a response for some reason. Did you guys lock down the requests to match the src? or something along those lines?
My Traefik container is able to ping/traceroute the subnet and telnet 10.10.10.5:84
/ # busybox-extras telnet 10.10.10.5 84 Connected to 10.10.10.5
I can curl from within the Traefik container (VPS Server) to the AdguardHome Container on my local network:
/ # curl http://10.10.10.5:84 <a href="/login.html">Found</a>
so it has to be AGH not returning the response
@benisai, please provide the verbose logs. It's hard to diagnose anything without them. If you have issues getting them, please describe the steps you're taking.
I am having the same result when using Traefik and AdGuardHome
I can curl the login page fine, but the CSS and JS fail:
user@ubuntu:~$ curl --verbose https://dns1.redacted.com/login.html
* Trying 172.16.2.243:443...
* Connected to dns1.redacted.com (172.16.2.243) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=redacted.com
* start date: Oct 18 15:19:08 2023 GMT
* expire date: Jan 16 15:19:07 2024 GMT
* subjectAltName: host "dns1.redacted.com" matched cert's "*.redacted.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /login.html]
* h2h3 [:scheme: https]
* h2h3 [:authority: dns1.redacted.com]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0xaaab15c56480)
> GET /login.html HTTP/2
> Host: dns1.redacted.com
> user-agent: curl/7.88.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 200
< accept-ranges: bytes
< alt-svc: h3=":443"; ma=2592000
< content-type: text/html; charset=utf-8
< date: Mon, 23 Oct 2023 17:07:38 GMT
< vary: Accept-Encoding
< content-length: 1137
<
<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="google" content="notranslate"><link rel="apple-touch-icon" sizes="180x180" href="assets/apple-touch-icon-180x180.png"/><meta name="mobile-web-app-capable" content="yes"/><meta name="apple-mobile-web-app-capable" content="yes"/><meta name="apple-mobile-web-app-status-bar-style" content="default"><link rel="mask-icon" href="assets/safari-pinned-tab.svg" color="#67B279"><link rel="icon" type="image/png" href="assets/favicon.png" sizes="48x48"><title>Login</title><link href="login.c57f2e5e7989b37bc698.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>(function() {
var prefersDark = window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches;
var currentTheme = prefersDark ? 'dark' : 'light';
document.body.dataset.theme = currentTheme;
* Connection #0 to host dns1.redacted.com left intact
})();</script><script src="login.c57f2e5e7989b37bc698.js"></script></body></html>
CSS or JS produce a bad gateway:
user@ubuntu:~$ curl --verbose https://dns1.redacted.com/login.c57f2e5e7989b37bc698.css
* Trying 172.16.2.243:443...
* Connected to dns1.redacted.com (172.16.2.243) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=redacted.com
* start date: Oct 18 15:19:08 2023 GMT
* expire date: Jan 16 15:19:07 2024 GMT
* subjectAltName: host "dns1.redacted.com" matched cert's "*.redacted.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /login.c57f2e5e7989b37bc698.css]
* h2h3 [:scheme: https]
* h2h3 [:authority: dns1.redacted.com]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0xaaaae7526480)
> GET /login.c57f2e5e7989b37bc698.css HTTP/2
> Host: dns1.redacted.com
> user-agent: curl/7.88.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 502
< alt-svc: h3=":443"; ma=2592000
< content-type: text/plain; charset=utf-8
< content-length: 11
< date: Mon, 23 Oct 2023 17:11:18 GMT
<
* Connection #0 to host dns1.redacted.com left intact
Bad Gateway
I set AdGuardHome to verbose, could not see anything relevant in it. AdGuardHome is a standard install on an Ubuntu VM, everything is fresh and brand new, installed today. Traefik is running in Docker, if I try to go to my original AdGuardHome instance in Docker using the labels it works perfectly:
Label | Value |
---|---|
traefik.enable | true |
traefik.http.routers.dns.entrypoints | https |
traefik.http.routers.dns.rule | Host(`dns.redacted.com`) |
traefik.http.routers.dns.tls | true |
traefik.http.services.dns.loadbalancer.server.port | 80 |
As the new instance is not in Docker, I used static YAML for Traefik:
http:
routers:
dns1:
rule: "Host(`dns1.vlan.au`)"
service: dns1
tls: true
services:
dns1:
loadBalancer:
servers:
- url: "http://172.16.2.6"
I am using this exact format for many other services and they work flawlessly.
@dontcrash know this is an older post but I've got the same... ish issue. Ubuntu for AdGuard Home using Unbound on a VM. Traefik running Docker too. Below is my static YAML. Did you get it resolved? Any help appreciated.
http:
routers:
adguard-https:
rule: "Host(adguard.dev.test
)"
service: adguard-service
entrypoints:
adguard.dev.test
)"
service: adguard-service
entrypoints:
Prerequisites
[X] I have checked the Wiki and Discussions and found no answer
[X] I have searched other issues and found no duplicates
[X] I want to report a bug and not ask a question
Operating system type
Linux, Other (please mention the version in the description)
CPU architecture
AMD64
Installation
Docker
Setup
On one machine
AdGuard Home version
v0.107.29
Description
VPS with Treaefik as reverse proxy. AGH in Docker at home server (Ubuntu 22.4.2)
I've been using Traefik as my reverse proxy for a while now, but recently, AGH login page does not load. F12 shows these 2 not loading. Something changed in AGH code where it doesnt reply to the proxy. AGH logs dont provide much. Treafik logs shows the connection going outbound, but AGH does not respond, it kicks back this error ""2023/04/28 22:38:40 reverseproxy.go:667: httputil: ReverseProxy read error during body copy: read tcp 172.18.0.10:41890->10.10.10.5:84: read: connection reset by peer."
I can curl my agh webport, so I have connectivity. AGH is killing the request. I need to know why/how to fix it.
/login.c6c85272422dd3c3b02f.css /login.c6c85272422dd3c3b02f.js