Using container with Traefik result in "404 page not found" error

[DBiernat]

Describe the issue I'm getting a "page not found" error message by calling the web client (https://{host}.{fqdn}/{containerName}). Calling the web client on the host (https://{containerName}/{containerName}) is working. Traefik Dashbord (host.ipAddress:8080/dashboard/) is reachable.

I dont't have a clue, where the problem is.

Scripts used to create container and cause the issue

New-BcContainer -accept_eula `
    -containerName $containerName `
    -artifactUrl $artifactURL `
    -vsixFile (Get-LatestAlLanguageExtensionUrl) `
    -auth UserPassword `
    -Credential $credential `
    -shortcuts None `
    -isolation hyperv `
    -licenseFile $licenseFile `
    -additionalParameters $additionalParameters `
    -myScripts $myscripts `
    -useSSL `
    -useTraefik `
    -PublicDnsName $containerPublicDns

Full output of scripts

BcContainerHelper is version 4.0.4
BcContainerHelper is running as administrator
Hyper-V is Enabled
UsePsSession is True
Host is Microsoft Windows Server 2022 Standard - ltsc2022
Docker Client Version is 20.10.9
Docker Server Version is 20.10.9
Removing Desktop shortcuts
Fetching all docker images
Fetching all docker volumes
Enabling SSL as otherwise all clients will see mixed HTTP / HTTPS request, which will cause problems e.g. on the mobile and modern windows clients
Using image mcr.microsoft.com/businesscentral:10.0.20348.887
PublicDnsName is {host}.{fqdn}
Creating Container TEST
Style: onprem
Multitenant: No
Version: 19.6.38118.0
Platform: 19.0.38062.0
Generic Tag: 1.0.2.13
Container OS Version: 10.0.20348.887 (ltsc2022)
Host OS Version: 10.0.20348.946 (ltsc2022)
Using hyperv isolation
Using locale de-DE
Adding special CheckHealth.ps1 to enable Traefik support
Disabling the standard eventlog dump to container log every 2 seconds (use -dumpEventLog to enable)
Downloading C:\ProgramData\BcContainerHelper\Extensions\TEST\Microsoft.VisualStudio.Services.VSIXPackage.vsix
Using license file C:\bccontainers\TEST\Lic.flf
Additional Parameters:
--volume "C:\bccontainers\TEST:C:\Run\my\bccontainer"
-e webserverinstance=TEST
-e publicdnsname={host}.{fqdn}
-l "traefik.protocol=https"
-l "traefik.web.frontend.rule=PathPrefix:/TEST"
-l "traefik.web.port=443"
-l "traefik.soap.frontend.rule=PathPrefix:/TESTsoap;ReplacePathRegex: ^/TESTsoap(.*) /BC$1"
-l "traefik.soap.port=7047"
-l "traefik.rest.frontend.rule=PathPrefix:/TESTrest;ReplacePathRegex: ^/TESTrest(.*) /BC$1"
-l "traefik.rest.port=7048"
-l "traefik.dev.frontend.rule=PathPrefix:/TESTdev;ReplacePathRegex: ^/TESTdev(.*) /BC$1"
-l "traefik.dev.port=7049"
-l "traefik.snap.frontend.rule=PathPrefix:/TESTsnap;ReplacePathRegex: ^/TESTsnap(.*) /BC$1"
-l "traefik.snap.port=7083"
-l "traefik.dl.frontend.rule=PathPrefixStrip:/TESTdl"
-l "traefik.dl.port=8080"
-l "traefik.dl.protocol=http"
-l "traefik.enable=true"
-l "traefik.frontend.entryPoints=https"
--env customNavSettings=PublicODataBaseUrl=https://{host}.{fqdn}/TESTrest/odata,PublicSOAPBaseUrl=https://{host}.{fqdn}/TESTsoap/ws,PublicWebBaseUrl=https://{host}.{fqdn}/TEST
Files in C:\ProgramData\BcContainerHelper\Extensions\TEST\my:
- AdditionalOutput.ps1
- Cert.pfx
- CheckHealth.ps1
- license.flf
- MainLoop.ps1
- SetupCertificate.ps1
- SetupVariables.ps1
- updatecontainerhosts.ps1
Creating container TEST from image mcr.microsoft.com/businesscentral:10.0.20348.887
6778712ee1de325ec6d4d96d1505443430d5ba298743176fae754433bcffbb4f
Waiting for container TEST to be ready
Using artifactUrl https://bcartifacts.azureedge.net/onprem/19.6.38118.0/de
Using installer from C:\Run\150-new
Installing Business Central
Installing from artifacts
Starting Local SQL Server
Starting Internet Information Server
Copying Service Tier Files
c:\dl\onprem\19.6.38118.0\platform\ServiceTier\Program Files
c:\dl\onprem\19.6.38118.0\platform\ServiceTier\System64Folder
Copying PowerShell Scripts
c:\dl\onprem\19.6.38118.0\platform\WindowsPowerShellScripts\Cloud\NAVAdministration
c:\dl\onprem\19.6.38118.0\platform\WindowsPowerShellScripts\WebSearch
Copying Web Client Files
c:\dl\onprem\19.6.38118.0\platform\WebClient\Microsoft Dynamics NAV
Copying Client Files
c:\dl\onprem\19.6.38118.0\platform\LegacyDlls\program files\Microsoft Dynamics NAV
c:\dl\onprem\19.6.38118.0\platform\LegacyDlls\program files\Microsoft Dynamics NAV
c:\dl\onprem\19.6.38118.0\platform\LegacyDlls\systemFolder
Copying ModernDev Files
c:\dl\onprem\19.6.38118.0\platform
c:\dl\onprem\19.6.38118.0\platform\ModernDev\program files\Microsoft Dynamics NAV
Copying additional files
Copying ConfigurationPackages
C:\dl\onprem\19.6.38118.0\de\ConfigurationPackages
Copying Test Assemblies
C:\dl\onprem\19.6.38118.0\platform\Test Assemblies
Copying Applications
C:\dl\onprem\19.6.38118.0\de\Applications
Copying dependencies
Copying ReportBuilder
Importing PowerShell Modules
Restoring CRONUS Demo Database
Setting CompatibilityLevel for CRONUS on localhost\SQLEXPRESS
Modifying Business Central Service Tier Config File for Docker
Creating Business Central Service Tier
Installing SIP crypto provider: 'C:\Windows\System32\NavSip.dll'
Starting Business Central Service Tier
Importing license file
Stopping Business Central Service Tier
Installation took 171 seconds
Installation complete
Initializing...
Setting host.containerhelper.internal to 172.23.80.1 in container hosts file
Starting Container
Hostname is TEST
PublicDnsName is {host}.{fqdn}
Using NavUserPassword Authentication
Certificate File Thumbprint BDBB1C3013BC862F0327D05D28455E57DF901A2E
Import Certificate to LocalMachine\My
Import Certificate to LocalMachine\Root
Modifying Service Tier Config File with Instance Specific Settings
Modifying Service Tier Config File with settings from environment variable
Setting PublicODataBaseUrl to https://{host}.{fqdn}/TESTrest/odata
Setting PublicSOAPBaseUrl to https://{host}.{fqdn}/TESTsoap/ws
Setting PublicWebBaseUrl to https://{host}.{fqdn}/TEST
Starting Service Tier
CertificateThumprint BDBB1C3013BC862F0327D05D28455E57DF901A2E
Registering event sources
Creating DotNetCore Web Server Instance
Using application pool name: TEST
Using default container name: NavWebApplicationContainer
Copy files to WWW root C:\inetpub\wwwroot\TEST
Create the application pool TEST
Create website: NavWebApplicationContainer with SSL
Update configuration: navsettings.json
Done Configuring Web Client
Using license file 'c:\run\my\license.flf'
Import License
Creating http download site
Setting SA Password and enabling SA
Creating BC_Container as SQL User and add to sysadmin
WARNING: Caution: Your program license expires in 10 days.
Creating SUPER user
WARNING: Caution: Your program license expires in 10 days.
WARNING: Caution: Your program license expires in 10 days.
Container IP Address: 172.23.83.253
Container Hostname  : TEST
Container Dns Name  : {host}.{fqdn}
Web Client          : https://{host}.{fqdn}/TEST/
Dev. Server         : https://{host}.{fqdn}
Dev. ServerInstance : BC

Files:
http://{host}.{fqdn}:8080/Microsoft.VisualStudio.Services.VSIXPackage.vsix

Container Total Physical Memory is 8.5Gb
Container Free Physical Memory is 6.3Gb

Initialization took 48 seconds
Ready for connections!
Reading CustomSettings.config from TEST
Container TEST successfully created
Because of Traefik, the following URLs need to be used when accessing the container from outside your Docker host:
Web Client:        https://{host}.{fqdn}/TEST
SOAP WebServices:  https://{host}.{fqdn}/TESTsoap
OData WebServices: https://{host}.{fqdn}/TESTrest
Dev Service:       https://{host}.{fqdn}/TESTdev
Snapshot Service:  https://{host}.{fqdn}/TESTsnap
File downloads:    https://{host}.{fqdn}/TESTdl
Health check returns False, restarting container
Removing Session TEST
TEST
Waiting for container TEST to be ready

Initializing...
Setting host.containerhelper.internal to 172.23.80.1 in container hosts file
Restarting Container
PublicDnsName unchanged
Hostname is TEST
PublicDnsName is {host}.{fqdn}
Using NavUserPassword Authentication
Starting Local SQL Server
Starting Internet Information Server
Starting Service Tier
Container IP Address: 172.23.90.19
Container Hostname  : TEST
Container Dns Name  : {host}.{fqdn}
Web Client          : https://{host}.{fqdn}/TEST
Dev. Server         : https://{host}.{fqdn}
Dev. ServerInstance : BC

Files:
http://{host}.{fqdn}:8080/Microsoft.VisualStudio.Services.VSIXPackage.vsix

Container Total Physical Memory is 8.5Gb
Container Free Physical Memory is 7.0Gb

Initialization took 54 seconds
Ready for connections!

Additional context

• Traefik setup script

  Setup-TraefikContainerForBcContainers -PublicDnsName {host}.{fqdn} -IP {host.ipAddress} -traefikToml "C:\bccontainers\traefik.toml.txt" -CrtFile "C:\bccontainers\bccontainers.{host}.{fqdn}.crt" -CrtKeyFile "C:\bccontainers\bccontainers.{host}.{fqdn}.key" -isolation hyperv -forceHttpWithTraefik:$false

• Full output of Traefik script

  
  Creating folder structure at c:\programdata\bccontainerhelper\traefikforbc
  
  Directory: C:\programdata\bccontainerhelper

Mode LastWriteTime Length Name

---

d----- 29.09.2022 12:17 traefikforbc

Directory: C:\programdata\bccontainerhelper\traefikforbc

Mode LastWriteTime Length Name

---

-a---- 29.09.2022 12:17 0 traefik.txt d----- 29.09.2022 12:17 my d----- 29.09.2022 12:17 config

Directory: C:\programdata\bccontainerhelper\traefikforbc\config

Mode LastWriteTime Length Name

---

-a---- 29.09.2022 12:17 0 acme.json Create traefik config file Traefik image already up to date Running traefik 6d582663cd24c7e4d05d884720b753995a476122668c69fcbb9bdfae0dd10af1 True

- Traefik toml

debug = false defaultEntryPoints = ["https","http"] insecureSkipVerify = true

[api]

Check https://docs.traefik.io/v1.7/configuration/api/#security

to enable authentication on the dashboard for extra security

[docker] domain = "{host}.{fqdn}" watch = true endpoint = "npipe:////./pipe/docker_engine"

[entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] minVersion = "VersionTLS12" [[entryPoints.https.tls.certificates]] certFile = "c:/etc/traefik/certificate.crt" keyFile = "c:/etc/traefik/certificate.key"

[acme] email = "Development@{fqdn}" storage = "c:/etc/traefik/acme.json" entryPoint = "https" [acme.httpChallenge] entryPoint = "http" [[acme.domains]] main = "{host}.{fqdn}"

- did it use to work?
  No

[freddydk]

@tfenster do you know what's going on here?

[tfenster]

@DBiernat is the container healthy according to docker ps? And do you see the services, routers and middlewares for that container in the Traefik dashboard?

[DBiernat]

@tfenster according to the output I would say, the container is healthy.

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6d582663cd24 traefik:v1.7-windowsservercore-1809 "/traefik --docker.e…" 5 days ago Up 5 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp magical_sammet

Dashboard:

[tfenster]

@DBiernat actually not, which at least explains the behavior. A healthy container should have a status of Up (healthy), e.g. like this:

PS [worker000001]:C:\Users\vm-administrator> docker ps
CONTAINER ID   IMAGE                                                                  COMMAND                  CREATED        STATUS                 PORTS     NAMES
5d369e114ae5   bcartifacts/cosmo-bc:onprem-19.1.31886.32186-nl                        "powershell -Command…"   6 hours ago    Up 6 hours (healthy)             ef5c753dd577.1.pokupveb224zyjlq2z6bp14u1

Now that I know what to look for, I can see this in your log, where it explicitly states that the health check returns False:

...
Initialization took 48 seconds
Ready for connections!
Reading CustomSettings.config from TEST
Container TEST successfully created
Because of Traefik, the following URLs need to be used when accessing the container from outside your Docker host:
Web Client:        https://{host}.{fqdn}/TEST
SOAP WebServices:  https://{host}.{fqdn}/TESTsoap
OData WebServices: https://{host}.{fqdn}/TESTrest
Dev Service:       https://{host}.{fqdn}/TESTdev
Snapshot Service:  https://{host}.{fqdn}/TESTsnap
File downloads:    https://{host}.{fqdn}/TESTdl
Health check returns False, restarting container
Removing Session TEST
TEST
Waiting for container TEST to be ready

Initializing...
Setting host.containerhelper.internal to 172.23.80.1 in container hosts file
Restarting Container
...

@freddydk: Have you seen something like this before? And is the health check ignored on the second try?

[DBiernat]

@tfenster nevermind, you're absolutly rigth! The container isn't healthy. I really didn't notice that.

A quick look into the container log shows the following error (again and again):

2022/09/29 12:18:39 Using high precision timer
time="2022-09-29T12:18:40+02:00" level=error msg="Failed to retrieve information of the docker client and server host: error during connect: Get \"http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version\": open //./pipe/docker_engine: message readmode pipes not supported In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running."
time="2022-09-29T12:18:40+02:00" level=error msg="Provider connection error error during connect: Get \"http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version\": open //./pipe/docker_engine: message readmode pipes not supported In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running., retrying in 466.264916ms"

The host is a Windows Server 2022 Standard (Hyper-V host with Hyper-V) and Docker is running under "Local System".

[tfenster]

@DBiernat Interesting, have never seen that before. But that is only Traefik indicating a problem, which might or might not be a real issue. It doesn't explain why the BC container isn't healthy. Do you see anything in the logs of the BC container or with Get-BCContainerEventLog?

[DBiernat]

@tfenster just to be sure talking about the same thing: The Traefik Container is Up and running without status and the BC Container is Up and Healthy, at least at the end.

CONTAINER ID   IMAGE                                              COMMAND                  CREATED       STATUS                  PORTS                                                              NAMES
6d582663cd24   traefik:v1.7-windowsservercore-1809                "/traefik --docker.e…"   5 days ago    Up 5 days               0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp   magical_sammet
6778712ee1de   mcr.microsoft.com/businesscentral:10.0.20348.887   "powershell -Command…"   5 days ago    Up 5 days (healthy)     80/tcp, 443/tcp, 1433/tcp, 7045-7049/tcp, 7083/tcp, 8080/tcp       TEST

The event log I will check tomorrow.

[tfenster]

Ah sorry, I didn't realize that. That actually looks good. The BC container is healthy and the traefik container doesn't have a health check, so that is fine as well. Can you share the output of docker inspect magical_sammet?

[DBiernat]

Ah sorry, I didn't realize that. That actually looks good. The BC container is healthy and the traefik container doesn't have a health check, so that is fine as well. Can you share the output of docker inspect magical_sammet?

    {
        "Id": "6d582663cd24c7e4d05d884720b753995a476122668c69fcbb9bdfae0dd10af1",
        "Created": "2022-09-29T10:17:52.6523891Z",
        "Path": "/traefik",
        "Args": [
            "--docker.endpoint=npipe:////./pipe/docker_engine"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 1280,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2022-09-29T10:22:13.4153635Z",
            "FinishedAt": "2022-09-29T12:21:46.4784299+02:00"
        },
        "Image": "sha256:0fe8cd7f2792b2846bba0ec097dd8b13686688eaacc32a4e789952137e619ede",
        "ResolvConfPath": "",
        "HostnamePath": "",
        "HostsPath": "",
        "LogPath": "C:\\ProgramData\\docker\\containers\\6d582663cd24c7e4d05d884720b753995a476122668c69fcbb9bdfae0dd10af1\\6d582663cd24c7e4d05d884720b753995a476122668c69fcbb9bdfae0dd10af1-json.log",
        "Name": "/magical_sammet",
        "RestartCount": 0,
        "Driver": "windowsfilter",
        "Platform": "windows",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "c:\\programdata\\bccontainerhelper\\traefikforbc\\config:c:/etc/traefik",
                "\\\\.\\pipe\\docker_engine:\\\\.\\pipe\\docker_engine"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {
                "443/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "443"
                    }
                ],
                "80/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "80"
                    }
                ],
                "8080/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "8080"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "always",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 0,
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "hyperv",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": null,
            "ReadonlyPaths": null
        },
        "GraphDriver": {
            "Data": {
                "dir": "C:\\ProgramData\\docker\\windowsfilter\\6d582663cd24c7e4d05d884720b753995a476122668c69fcbb9bdfae0dd10af1"
            },
            "Name": "windowsfilter"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "c:\\programdata\\bccontainerhelper\\traefikforbc\\config",
                "Destination": "c:\\etc\\traefik",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            },
            {
                "Type": "npipe",
                "Source": "\\\\.\\pipe\\docker_engine",
                "Destination": "\\\\.\\pipe\\docker_engine",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            }
        ],
        "Config": {
            "Hostname": "6d582663cd24",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "443/tcp": {},
                "80/tcp": {},
                "8080/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": null,
            "Cmd": [
                "--docker.endpoint=npipe:////./pipe/docker_engine"
            ],
            "Image": "traefik:v1.7-windowsservercore-1809",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/traefik"
            ],
            "OnBuild": null,
            "Labels": {
                "org.opencontainers.image.description": "A modern reverse-proxy",
                "org.opencontainers.image.documentation": "https://docs.traefik.io",
                "org.opencontainers.image.title": "Traefik",
                "org.opencontainers.image.url": "https://traefik.io",
                "org.opencontainers.image.vendor": "Traefik Labs",
                "org.opencontainers.image.version": "v1.7.34"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "6d582663cd24c7e4d05d884720b753995a476122668c69fcbb9bdfae0dd10af1",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "443/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "443"
                    }
                ],
                "80/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "80"
                    }
                ],
                "8080/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "8080"
                    }
                ]
            },
            "SandboxKey": "6d582663cd24c7e4d05d884720b753995a476122668c69fcbb9bdfae0dd10af1",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "nat": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "c5decb2a4f0a5d20e04cf539cfbacff157ad661fed6d6f81e70cfe3f89757f66",
                    "EndpointID": "d4342d82a3bb4b161764398ef0c824707038c3abf6acde67e6ba5b3c57fd6bb7",
                    "Gateway": "172.23.80.1",
                    "IPAddress": "172.23.91.216",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "00:15:5d:9c:15:56",
                    "DriverOpts": null
                }
            }
        }
    }

[DBiernat]

@tfenster Do we still need the BcContainer event logs? If that is the case, then I would recreate the container again.

[tfenster]

@tfenster Do we still need the BcContainer event logs? If that is the case, then I would recreate the container again.

No, I don't think so. I need to figure out what changed, but it looks like the Docker engine is not accessible from within the traefik container, maybe because of the hyperv setup

[tfenster]

@DBiernat Could you try to run your Setup-TraefikContainerForBcContainers command again, but with the additional parameters -traefikImage "traefik:v1.7.33-windowsservercore-1809" -recreate? I have to be honest, I am guessing a bit here...

[DBiernat]

@tfenster That doesn't make a difference. Same error(s) inside the Traefik container. Is there anything else I can do?

[tfenster]

@DBiernat No, I'll try to repro on my side. Did you create this VM through aka.ms/getbc?

[DBiernat]

@tfenster No, it is an OnPrem Hyper-V Server, where Hyper-V is activated on the virtual machine.

[tfenster]

ok, I'll try to see whether I can repro on an Azure VM (luckily I don't have OnPrem infra anymore ;) ). Let's see if it behaves the same or differently there. Do you have the exact steps to set up the machine? Install docker, install bcch etc? I would try to stay as close as possible to your environment

[DBiernat]

It's been a while, since I installed that machine, but basically the following steps have been done (if I remember correctly):

1. I installed WS2022 Standard (with GUI) from an MS Image downloaded from the PartnerProgram Benefits
2. Assigned that machine to our local domain with fixed IP-Adresses (IPv4 and IPv6).
3. Installed Windows Admin Center (as a gateway and I changed the default admin port to 4433 later on), which installed Docker as well.
4. Installed BcCH through PS.
5. Created Traefik and BC Containers with the mentioned scripts.

[tfenster]

OK, thanks. Just to be sure: With step 3 and installing WAC, you automatically got Docker?

[DBiernat]

This is at least what I remember. The following article describes this as well, may be on manually installing Containers Extension from the WAC.

https://learn.microsoft.com/en-us/virtualization/windowscontainers/quick-start/set-up-environment?tabs=dockerce&WT.mc_id=modinfra-9272-abartolo#windows-admin-center

[tfenster]

OK, understood. I'll try to repro on my side, but it might take a couple of days until I find the time

[tfenster]

Couldn't resist 😂 And indeed, I could repro. The problem seems to be hyperv isolation, maybe a security "feature" that changed in the latest releases. So I created a new traefik image for ltsc2022 (see https://github.com/tfenster/traefik-for-windows/actions/runs/3199935607/jobs/5226307992 for the build and https://github.com/tfenster/traefik-for-windows/blob/1.7/Dockerfile for the Dockerfile), which can also be used with process isolation on Windows Server 2022. With that, it works for me. Could you try to run your Setup-TraefikContainerForBcContainers command once more, but this time with the additional parameters -traefikImage "tobiasfenster/traefik-for-windows:v1.7.34" -recreate? For me, that makes it work

[freddydk]

Reading this, I actually thought about (in the ARM templates) to build the traefik container on the fly instead of using a pre-built image.

[DBiernat]

@tfenster Unfortunately, that did not work either.

PS C:\Users\Administrator.GLI-BS> docker ps
CONTAINER ID   IMAGE                                               COMMAND                  CREATED          STATUS                   PORTS                                                              NAMES
635c63804eae   mcr.microsoft.com/businesscentral:10.0.20348.1006   "powershell -Command…"   7 minutes ago    Up 3 minutes (healthy)   80/tcp, 443/tcp, 1433/tcp, 7045-7049/tcp, 7083/tcp, 8080/tcp       TEST
9da3688de27f   tobiasfenster/traefik-for-windows:v1.7.34           "/traefik --docker.e…"   11 minutes ago   Up 11 minutes            0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp   pensive_jennings
PS C:\Users\Administrator.GLI-BS> docker container logs 9da3688de27f
2022/10/07 12:37:21 Using high precision timer
time="2022-10-07T12:37:22+02:00" level=error msg="Failed to retrieve information of the docker client and server host: error during connect: Get \"http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version\": open //./pipe/docker_engine: message readmode pipes not supported In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running."
time="2022-10-07T12:37:22+02:00" level=error msg="Provider connection error error during connect: Get \"http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version\": open //./pipe/docker_engine: message readmode pipes not supported In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running., retrying in 628.867277ms"

[tfenster]

Sorry, please remove the -isolation hyperv as well

[DBiernat]

@tfenster That's better, it's working now. Just to be clear, normally it should work with isolation Hyper-V as well, right?

[tfenster]

It has worked in the past, but Microsoft might have changed the security policy, so that non-admin users from a container can no longer access the docker engine pipe in hyperv iso. But running traefik in process isolation makes more sense anyway

@freddydk Would you accept a PR to fix this with my image?

[freddydk]

@tfenster - sure - and thanks

[freddydk]

This PR was merged yesterday and is available in the latest prerelease, Thanks @tfenster

[freddydk]

Shipped in 4.0.6