search

JamesTurland / JimsGarage

Homelab Goodies
1.92k stars 440 forks source link

Traefik secure issues #73

Open Grimmrp2 opened 6 months ago

Grimmrp2 commented 6 months ago

hi i followed this your YouTube guide here https://youtu.be/IBlZgrwc1T8?si=QMjnL0tmoqBh6piI and used the traefik-secure docs here https://github.com/JamesTurland/JimsGarage/tree/main/Traefik-Secure

Made all nessasery canges to yml files and get to the log back in to traefik dashboard about 8 mins 16 seconds and no mater what port i use eg.

192.168.0.7:80 192.168.0.7:81 192.168.0.7:443 192.168.0.7:444

i get a 404 page not found error

docker-compose

version: '3'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
       proxy:
    ports:
      - 80:80
      - 81:81 # external http
      - 443:443
      - 444:444 # external https
    environment:
      - CF_API_EMAIL=tester111456442g@gmail.com
      - CF_DNS_API_TOKEN=sn5LXLvygyfyfyfyf
      # - CF_API_KEY=YOU_API_KEY
      # be sure to use the correct one depending on if you are using a token or key
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /home/user/docker/traefik/traefik.yml:/traefik.yml:ro
      - /home/user/docker/traefik/acme.json:/acme.json
      - /home/user/docker/traefik/config.yml:/config.yml:ro
      - /home/user/docker/traefik/logs:/var/log/traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http" # restricts dashboard to internal entrypoint
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.firesand.xyz`)" # if you want a internal domain, get the wildcard cert for it and then choos traefik-dashboard.home.firesand.xyz or what you want
      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$apr1$$xbeynWpH$$nEqvtGTGgS4/"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.fires.xyz`)" # if you want a internal domain, get the wildcard cert for it and then choos traefik-dashboard.home.firesand.xyz or what you want
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      #- "traefik.http.routers.traefik-secure.tls.domains[0].main=home.fires.xyz" # If you want *.home.fires.xyz subdomain or something else, you have to get the certifcates at first
      #- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.home.fires.xyz" # get a wildcard certificat for your .home.fires.xyz
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=fires.xyz" #if you use the .home.firesand.xyz entry you have to change the [0] into [1]
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.fires.xyz" # same here, change 0 to 1
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

traefik.yml

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      middlewares:
        #- crowdsec-bouncer@file
      redirections:
        entrypoint:
          to: https
          scheme: https
  https:
    address: ":443"
    http:
      middlewares:
        #- crowdsec-bouncer@file
  http-external:
    address: ":81"
    http:
      middlewares:
       # - crowdsec-bouncer@file
      redirections:
        entrypoint:
          to: https-external
          scheme: https
  https-external:
    address: ":444"
    http:
      middlewares:
        #- crowdsec-bouncer@file

serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: tester111456442g@gmail.com
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

log:
  level: "INFO"
  filePath: "/var/log/traefik/traefik.log"
accessLog:
  filePath: "/var/log/traefik/access.log"

I have changed the sensitive parts names passwords ect.

any help would be great

Thanka

f616 commented 6 months ago

I think you should go to your pi-hole (or your local DNS server) and point the traefik-dashboard.firesand.xyz to your traefik IP.

image

Then in the browser you should be able to connect to https://traefik-dashboard.firesand.xyz/dashboard

If you haven't deployed a local DNS server, my guess would be editing your hosts file.

Hope it helped

Grimmrp2 commented 5 months ago

I think you should go to your pi-hole (or your local DNS server) and point the traefik-dashboard.firesand.xyz to your traefik IP.

imagetraefik-dashboard.firesand.xyz

Then in the browser you should be able to connect to https://traefik-dashboard.firesand.xyz/dashboard

If you haven't deployed a local DNS server, my guess would be editing your hosts file.

Hope it helped

Thanks i havent set up pihole yet but ive added traefik-dashboard.firesand.xyz to hosts file

image

but get

image

StianNOR commented 5 months ago

Same here went from 404 and now it just blank page. Maybe go deeper into it for the noobs hahaha.

CommittotheIndian commented 5 months ago

I'm having the exact same issue. If I use the http-external label it works fine. As soon as I add https-external label, I get the 404 not found.

f616 commented 5 months ago

Thanks i havent set up pihole yet but ive added traefik-dashboard.firesand.xyz to hosts file

image

but get

image

I'm no expert at all, I've also be struggle with traefik, but check your .rules, don't know if that's an issue, or not, but you have different domains on both.

image

CommittotheIndian commented 5 months ago

The typo might work for OP but I'm still having the issue. Has anyone else resolved it?

sg="accept tcp [::]:444: use of closed network connection" entryPointName=https-external
time="2024-05-02T15:56:14-04:00" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=https
time="2024-05-02T15:56:14-04:00" level=error msg="accept tcp [::]:81: use of closed network connection" entryPointName=http-external
time="2024-05-02T15:56:14-04:00" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2024-05-02T15:56:14-04:00" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=http
time="2024-05-02T15:56:14-04:00" level=error msg="close tcp [::]:81: use of closed network connection" entryPointName=http-external
time="2024-05-02T15:56:14-04:00" level=error msg="Error while starting server: accept tcp [::]:444: use of closed network connection" entryPointName=https-external
time="2024-05-02T15:56:14-04:00" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=https