search

JamesTurland / JimsGarage

Homelab Goodies
2.18k stars 485 forks source link

After Crowdsec installation containers can't be reached via Traefik reverse proxy #2

Closed Andy-H24 closed 1 year ago

Andy-H24 commented 1 year ago

As the title says, I can no longer connect to my Docker containers via the domain name and only get an error message (404 page not found). I did not install the NGINX container, so I already saw this error when typing in the url of my domain name without a wildcard in front of it.

In my Crowdsec log, I only have one type of error message which I don't think applies to the error that is occurring, but I am sharing the lines all the same:

time="23-08-2023 21:31:48" level=warning msg="failed to run filter : invalid character 'i' in literal true (expecting 'r') (1:1)\n | UnmarshalJSON(evt.Line.Raw, evt.Unmarshaled, \"traefik\") in [\"\", nil]\n | ^" id=cold-dust name=child-crowdsecurity/traefik-logs stage=s01-parse
time="23-08-2023 21:31:48" level=error msg="UnmarshalJSON : invalid character 'i' in literal true (expecting 'r')"

Traefik spits out these lines:

time="2023-08-23T00:55:57+02:00" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-08-23T00:56:34+02:00" level=info msg="Configuration loaded from file: /traefik.yml"
time="2023-08-23T23:02:53+02:00" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-08-23T23:02:53+02:00" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-08-23T23:02:53+02:00" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-08-23T23:02:53+02:00" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=https
Andy-H24 commented 1 year ago

The traefik.log file also mentions some problems with the middleware: level=error msg="middleware \"crowdsec-bouncer@file\" does not exist" entryPointName=http routerName=http-to-https@internal ...

JamesTurland commented 1 year ago

Thanks, Andy. Let me take a look at it.

Andy-H24 commented 1 year ago

Thanks a lot! Some more info. When I start the crowdsec container pihole.domainname.com can't be reached anymore. Gateway Timeout. The Traefik dashboard is still available. That's before I even made changes to the config.yml and the traefik.yml files.

So I removed the bouncer part from the docker-compose file and then the connection to Pi-hole was still available. After adding the bouncer part back and restarting the container, the Pi-hole container couldn't be reached anymore. Definately has something to do with the bouncer part of the docker-compose file imho.

The traefik.log file (my networks are dckr instead of proxy and dckr_pihole instead of pihole_internal - the above mentioned tcp errors for the ports 80 and 443 also remain, but they are also present in the log of the traefik container on portainer):

time="2023-08-24T02:21:21+02:00" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2023-08-24T02:21:21+02:00" level=info msg="Starting provider *file.Provider"
time="2023-08-24T02:21:21+02:00" level=info msg="Starting provider *traefik.Provider"
time="2023-08-24T02:21:21+02:00" level=info msg="Starting provider *docker.Provider"
time="2023-08-24T02:21:21+02:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2023-08-24T02:21:21+02:00" level=info msg="Starting provider *acme.Provider"
time="2023-08-24T02:21:21+02:00" level=info msg="Testing certificate renew..." providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-08-24T02:21:50+02:00" level=warning msg="Defaulting to first available network (&{\"dckr\" \"172.19.0.3\" '\\x00' \"\" \"lotsoflettersandnumbers\"}) for container \"/pihole\"." container=pihole-pihole-lotsoflettersandnumbersserviceName=pihole providerName=docker
time="2023-08-24T02:28:04+02:00" level=warning msg="Defaulting to first available network (&{\"dckr\" \"172.19.0.3\" '\\x00' \"\" \"lotsoflettersandnumbers\"}) for container \"/pihole\"." serviceName=pihole container=pihole-pihole-lotsoflettersandnumbersproviderName=docker
time="2023-08-24T02:31:05+02:00" level=warning msg="Defaulting to first available network (&{\"dckr\" \"172.19.0.3\" '\\x00' \"\" \"lotsoflettersandnumbers\"}) for container \"/pihole\"." container=pihole-pihole-lotsoflettersandnumbersserviceName=pihole providerName=docker
time="2023-08-24T02:31:05+02:00" level=warning msg="Defaulting to first available network (&{\"dckr_pihole\" \"172.20.9.3\" '\\x00' \"\" \"lotsoflettersandnumbers\"}) for container \"/pihole\"." container=pihole-pihole-lotsoflettersandnumbersserviceName=pihole providerName=docker
JamesTurland commented 1 year ago

@Andy-H24 This is now fixed, there was an error in the config.yaml. Please update: https://github.com/JamesTurland/JimsGarage/blob/main/Crowdsec/Traefik/config.yaml

Andy-H24 commented 1 year ago

Thank you for your effort and for resolving this problem! I now can connect to my containers using the domain name and CrowdSec is running as should.