Open bblaha opened 1 year ago
acouvreur
commented
1 year ago Hi @bblaha !
Can you please share your whole configuration ?
Where I could see the Traefik configuration, the sablier container and the services you try to route.
You have to understand that you should not use names and group together.
These are two different method to tell sablier which set of containers to start and stop.
bblaha
commented
1 year ago Sure, here is my traefik.yaml (static config file)
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true
entryPoints:
# Not used in apps, but redirect everything from HTTP to HTTPS
http:
address: :80
forwardedHeaders:
trustedIPs: &trustedIps
# Start of Clouflare public IP list for HTTP requests, remove this if you don't use it
- 173.245.48.0/20
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 141.101.64.0/18
- 108.162.192.0/18
- 190.93.240.0/20
- 188.114.96.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 162.158.0.0/15
- 104.16.0.0/13
- 104.24.0.0/14
- 172.64.0.0/13
- 131.0.72.0/22
- 2400:cb00::/32
- 2606:4700::/32
- 2803:f800::/32
- 2405:b500::/32
- 2405:8100::/32
- 2a06:98c0::/29
- 2c0f:f248::/32
# End of Cloudlare public IP list
http:
redirections:
entryPoint:
to: https
scheme: https
# HTTPS endpoint, with domain wildcard
https:
address: :443
forwardedHeaders:
# Reuse list of Cloudflare Trusted IP's above for HTTPS requests
trustedIPs: *trustedIps
http:
tls:
# Generate a wildcard domain certificate
certResolver: letsencrypt
domains:
- main: example.com
sans:
- '*.example.com'
middlewares:
- securityHeaders@file
- my-sablier@file
providers:
providersThrottleDuration: 2s
# File provider for connecting things that are outside of docker / defining middleware
file:
filename: /etc/traefik/fileConfig.yml
watch: true
# Docker provider for connecting all apps that are inside of the docker network
docker:
watch: true
network: dockernet # Add Your Docker Network Name Here
# Default host rule to containername.domain.example
defaultRule: "Host(`{{ lower (trimPrefix `/` .Name )}}.example.com`)" # Replace with your domain
swarmModeRefreshSeconds: 60s
exposedByDefault: false
endpoint: "tcp://dockersocket:2375" # Uncomment if you are using docker socket proxy
# Enable traefik ui
api:
dashboard: true
insecure: true
# Log level INFO|DEBUG|ERROR
log:
level: INFO
# Use letsencrypt to generate ssl serficiates
certificatesResolvers:
letsencrypt:
acme:
email: certs@example.com
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
# Used to make sure the dns challenge is propagated to the rights dns servers
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
experimental:
plugins:
sablier:
moduleName: "github.com/acouvreur/sablier"
version: "v1.4.0-beta.3"And the dynamic fileConfig.xml
http:
## MIDDLEWARES ##
middlewares:
# Only Allow Local networks
local-ipwhitelist:
ipWhiteList:
sourceRange:
- 127.0.0.1/32 # localhost
- 192.168.1.1/24 # LAN Subnet# Only use secure ciphers - https://ssl-config.mozilla.org/#server=traefik&version=2.6.0&config=intermediate&guideline=5.6
# Security headers
securityHeaders:
headers:
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
X-Forwarded-Proto: "https"
server: ""
customRequestHeaders:
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: "https"
referrerPolicy: "same-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true
my-sablier:
plugin:
sablier:
dynamic:
displayName: My Title
refreshFrequency: 5s
showDetails: "true"
theme: ghost
group: default
names: whoami,compliance
sablierUrl: http://sablier:10000
sessionDuration: 1m
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305And here is my docker run command (on Unraid, which has some specifics, but generally is the same)
docker run -d --name='sablier' --net='dockernet' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e HOST_HOSTNAME="Tower" -e HOST_CONTAINERNAME="sablier" -l net.unraid.docker.managed=dockerman -l 'traefik.enable'='true' -v '/mnt/user/appdata/sablier/sablier.yaml':'/etc/sablier/sablier.yaml':'rw' -v '/var/run/docker.sock':'/var/run/docker.sock':'rw' 'acouvreur/sablier:beta'
I think that should be everything
bblaha
commented
1 year ago I have tried setting everything up again from scratch, but I am still ending up with the same problem, so I would assume I have a fundamental misunderstanding of some setting or it is a bug
github-actions[bot]
commented
10 months ago This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
I feel like this is a config issue, but I have now spent hours trying to find it and I can't.
Bug description I have Sablier configured and I can get it to run only, when I enter a docker into the config that is not existing. i.e. the following works
and I can call sablier.example.com or whoami.example.com. Here is the thing, however: I do not have a container called nginx. And it throws that error. When I remove nginx (or any other non-existent container for that matter, such as follows...
I cannot reach the UI anymore, neither via sablier.example.com nor via whoami.example.com. Instead I get a 404 page not found.
Also, when I DO add the non-existent container, ALL containers that Sablier is assigned to as middleware only show the Sablier UI, they never forward and even reloading does not get me to the actual service.
I am running 1.4.0-beta3 on both the container and the traefik plugin.