Closed ElVit closed 3 years ago
Well spotted. I'm going to look into this issue later.
@leakypixel Does this option (still) work for you?
@alex3305 still working for me, I'm currently using the following config in production with no issues on 3.0.3:
I also have no issues if I change delayBeforeCheck
to 10. I will try upgrading to 4.0.1 and see if I can replicate the issue.
Appereantly this option broke with release 3.2.0 where I made a typo within the Traefik template causing the template engine outputting invalid YAML.
I've just released version 4.0.2 (0633655161bc1ad1a2c2d452f169907818ef43e3) fixing this issue. If you @ElVit and @leakypixel could test this release and provide feedback that would be great. For now I will close this issue
Thanks again for using this add-on and providing feedback!
@alex3305 thanks for the fast fix. Now it's working😃
But I have an other issue and I don't know if it relates to this. Apparently my certificates can not be generated. I get the following error:
time="2020-11-15T23:27:33+02:00" level=error msg="Unable to obtain ACME certificate for domains \"hassio.mydomain.tk\": unable to generate a certificate for the domains [hassio.mydomain.tk]: error: one or more domains had a problem:\n[hassio.mydomain.tk] [hassio.mydomain.tk] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 401: \n" providerName=le.acme routerName=homeAssistantRouter@file rule="Host(`hassio.mydomain.tk`)"
Maybe you can also help me with that?
@ElVit are you providing the correct API key and has this key sufficient priviliges within your Cloudflare account? This is my redacted configuration:
log_level: info
access_logs: false
forwarded_headers_insecure: true
dynamic_configuration_path: /config/traefik_config/
letsencrypt:
enabled: true
email: 'letsencrypt@example.com'
challenge_type: dnsChallenge
provider: cloudflare
resolvers: []
env_vars:
- 'CF_DNS_API_TOKEN=MY_API_TOKEN'
Also after a quick Google search I found that .tk domains can be troublesome with DDNS.
Appereantly this option broke with release 3.2.0 where I made a typo within the Traefik template causing the template engine outputting invalid YAML.
I've just released version 4.0.2 (0633655) fixing this issue. If you @ElVit and @leakypixel could test this release and provide feedback that would be great. For now I will close this issue
Thanks again for using this add-on and providing feedback!
After upgrading to 4.0.2, I get the following error with the config I mentioned above:
command /usr/local/bin/traefik error: yaml: line 30: block sequence entries are not allowed in this context
If I remove one of the resolvers in the configuration, addon works as intended.
@alex3305 here are my token permissions
But you are right probably it's the .tk domain. Thanks for your help 😃.
@leakypixel Well spotted. It was the same formatting issue as the delayBeforeCheck
. It should be resolved now. Sorry about any inconvenience.
@ElVit I'm sorry. I don't think I can help you out with this issue. Your permissions should be sufficient though. Perhaps you can ask any help on the Traefik forums?
@alex3305 no problem! Thanks for your hard work on this and being so responsive :)
@alex3305 also from me a big thanks for your fast responses and fixes.
Since the last update I get the following error in my logs:
time="2020-11-18T13:43:56+02:00" level=error msg="the router homeAssistantRouter@file uses a non-existent resolver: le"
Is it because of my .tk domain?
@ElVit Can you share your complete (and redacted) Home Assistant and Traefik config? The le
resolver should be available by default when letsencrypt.enabled
is set to true
.
@alex3305 here is my traefik config
log_level: info
access_logs: false
forwarded_headers_insecure: false
dynamic_configuration_path: /config/traefik/
letsencrypt:
enabled: true
email: my@email.com
challenge_type: dnsChallenge
provider: cloudflare
delayBeforeCheck: 10
resolvers:
- '1.1.1.1:53'
- '1.0.0.1:53'
env_vars:
- CF_DNS_API_TOKEN=my-token
and here my home assistant config:
default_config:
tts:
- platform: google_translate
group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1
- ::1
ip_ban_enabled: True
login_attempts_threshold: 5
device_tracker:
- platform: fritz
new_device_defaults:
track_new_devices: false
sensor:
- ...
Sorry, I meant your Home Assistant add-on config, which you have provided. And your Traefik dynamic config of course 😉.
Oh ok. The home assistant addon config I have already shared.
Here the Traefik dynamics.yaml:
http:
routers:
redirectToHttpsRouter:
entryPoints: ["web"]
middlewares: ["httpsRedirect"]
rule: "HostRegexp(`{host:.+}`)"
service: noopService
homeAssistantRouter:
rule: "Host(`hassio.mydomain.tk`)"
entryPoints: ["web-secure"]
tls:
certResolver: le
service: homeAssistantService
nextCloudRouter:
rule: "Host(`nextcloud.mydomain.tk`)"
entryPoints: ["web-secure"]
tls:
certResolver: le
service: nextCloudService
bitWardenRouter:
rule: "Host(`bitwarden.mydomain.tk`)"
entryPoints: ["web-secure"]
tls:
certResolver: le
service: bitWardenService
middlewares:
httpsRedirect:
redirectScheme:
scheme: https
services:
noopService:
loadBalancer:
servers:
- url: "http://192.168.178.123"
homeAssistantService:
loadBalancer:
servers:
- url: "http://192.168.178.123:8123"
nextCloudService:
loadBalancer:
servers:
- url: "http://192.168.178.123:8080"
bitWardenService:
loadBalancer:
servers:
- url: "http://192.168.178.123:7277"
All seems fine with your configuration. Perhaps your acme.json
file is at fault here. Traefik appearently outputs a generic message when something goes wrong with reading this file. You can try stopping the add-on, deleting the /ssl/traefik/
directory on your system and restarting. I have a manual Docker install and this directory is located at /usr/share/hassio/ssl/traefik/
for me. Perhaps somewhere else for you.
Other than that it can also still be an issue with your tk domain and Cloudflare. But I'm not really sure and I have no way to test that scenario. I still think you can get a bite more help at the Traefik forums. They seem generally very helpful. If they ask about your static configuration, you can view that with docker exec -it addon_32de6d38_traefik cat /etc/traefik/traefik.yaml
.
I'm sorry that I'm unable to help you with this issue. Hopefully you can find a fully working solution.
@alex3305 Thanks again for your help. Yes it was the acme.json
file. I just deleted it and restarted the addon. Now this error is gone and I have me old errors again 😄
But for the other error unable to generate a certificate for the domains
I will ask the traefik forum. Thank you for this advice. Hopefully they will find a solution.
Hello, First of all thanks for this great addon. I have searched for it for months.
I use Home Assistant supervised in my Intel Nuc. When I try to start this addon with the default configuration as described in the docs (with cloudflare) it won’t start.
Here is the error message from the log:
command /usr/local/bin/traefik error: yaml: line 26: mapping values are not allowed in this context
After some tries I found out that if I remove the line
delayBeforeCheck: 10
the addon starts as expected.Regards ElVit