Traefik 3 beta 4 : failed to import plugin code

[kraoc]

Doesn't seem to work with last Traefik 3 (beta4):

traefik.yml

experimental:
  plugins:
    fail2ban:
      moduleName: github.com/tomMoulard/fail2ban
      version: v0.7.1

middleware

    fail2ban:
      plugin:
        fail2ban:
          blacklist:
            ip:
              - 51.15.34.47
              - 45.142.182.119
              - 164.68.124.86

Logs

{"level":"error","error":"github.com/tomMoulard/fail2ban: failed to import plugin code \"github.com/tomMoulard/fail2ban\": 1:21: import \"github.com/tomMoulard/fail2ban\" error: plugins-storage/sources/gop-3425862140/src/github.com/tomMoulard/fail2ban/fail2ban.go:18:2: import \"github.com/tomMoulard/fail2ban/log\" error: plugins-storage/sources/gop-3425862140/src/github.com/tomMoulard/fail2ban/log/log_debug.go:17:16: unknown field logger in struct literal","time":"2023-11-01T20:40:03+01:00","message":"Plugins are disabled because an error has occurred."}

Can I add more details needed to review ?

[tomMoulard]

Hello @kraoc,

Thanks for your interest in this Traefik Plugin!

Can you please provide a simple use case where you can get the error your described? (e.g., a docker-compose file).

[kraoc]

Of course :)

docker-compose.yml (light version)

version: "3.0"

networks:
  traefik:
    external: true

services:

  traefik:
    extends:
      file: ../_vm/common.yml
      service: x-common
    user: 0:0
    cap_add:
      - DAC_OVERRIDE
      - CHOWN
    container_name: traefik
    hostname: traefik
    image: traefik:3.0
    restart: always
    depends_on:
      cloudflare-1-ipv4:
        condition: service_healthy
      cloudflare-1-ipv6:
        condition: service_healthy
      cloudflare-2-ipv4:
        condition: service_healthy
      cloudflare-2-ipv6:
        condition: service_healthy
      modsecurity:
        condition: service_healthy
      varnish:
        condition: service_healthy
    ports:
      - "${VM_PORT_TRAEFIK_SSH}:22"
      - "${VM_PORT_TRAEFIK_HTTP}:80"
      - "${VM_PORT_TRAEFIK_HTTPS}:443/tcp"
      - "${VM_PORT_TRAEFIK_HTTPS}:443/udp"
      - "${VM_PORT_TRAEFIK_STREAMING}:1704/udp"
      - "${VM_PORT_TRAEFIK_METRICS}:6082"
    expose:
      - "22"
      - "80"
      - "443"
      - "1704"
      - "6082"
    networks:
      traefik:
    healthcheck:
      test: traefik healthcheck || exit 1
    secrets:
      - cf-api-email
      - cf-api-key
    env_file:
     - ./conf/traefik/env/domain.env
    environment:
      CF_API_EMAIL_FILE: "/run/secrets/cf-api-email"
      CF_API_KEY_FILE: "/run/secrets/cf-api-key"
    labels:
      com.stack.name: "traefik"
      com.stack.service.name: "traefik"
    deploy:
      resources:
        limits:
          cpus: "8.0"
          memory: 4G
    tmpfs:
      - /tmp:rw,noexec,nosuid,size=512M
    volumes:
      - ./conf/traefik/traefik.yml:/traefik.yml:ro
      - ./conf/traefik/traefik.d:/etc/traefik/conf.d/:ro
      - ./datas/traefik/acme.json:/acme.json:rw
      - ./datas/traefik/log/:/var/log/traefik/:rw
    sysctls:
      net.core.somaxconn: 8192
      net.ipv4.tcp_syncookies: 0

traefik.yml (obfuscated)

# 2023-11-01

global:
  checkNewVersion: false
  sendAnonymousUsage: false

api:
  debug: false
  dashboard: true
  insecure: false

ping: {}

entryPoints:
  ssh:
      address: ":22"
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
    http:
     tls:
      certResolver: cloudflare
  metrics:
    address: ":6082"
  streaming:
    address: ":1704/udp"

serversTransport:
  insecureSkipVerify: true

providers:
  docker:
    endpoint: "tcp://..."
    exposedByDefault: false
    network: proxy
    watch: true
  file:
    directory: /etc/traefik/conf.d/
    watch: true

certificatesResolvers:
  cloudflare:
    acme:
      email: ...
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
          - "1.0.0.1:53"
          - "8.8.4.4:53"

metrics:
  prometheus:
    entryPoint: metrics
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0
    addEntryPointsLabels: true
    addServicesLabels: true

log:
  level: "info"
  filePath: "/var/log/traefik/traefik.log"
  format: json

accessLog:
  filePath: "/var/log/traefik/access.log"
  format: json

experimental:
  plugins:
    modsecurity:
      moduleName: github.com/acouvreur/traefik-modsecurity-plugin
      version: v1.3.0
    fail2ban:
      moduleName: github.com/tomMoulard/fail2ban
      version: v0.7.1
    #souin:
    #  moduleName: github.com/darkweak/souin
    #  version: v1.6.43

middleware.yml (light version)

    fail2ban:
      plugin:
        fail2ban:
          blacklist:
            ip:
              - 51.15.34.47
              - 45.142.182.119
              - 164.68.124.86

    # default middleware used in most routers
    default:
      chain:
        middlewares:
          - httpsredirect
          - autodetect
          - defaults
          - security
          - compress
          - fail2ban
          #- cache

[tomMoulard]

I am sorry, but I cannot reproduce your issue. I've tried using your docker-compose, and even extracted "all special docker configuration", but with not luck. Can you reproduce your issue using my configuration ?

My docker-compose reproduction case

Using [this](https://github.com/tomMoulard/fail2ban/blob/4448ebcd23d3d3c81438d81482a549a3fadce19e/docker-compose.yml) as a base, here is my configuration: ```yaml version: '3.9' services: traefik: image: traefik:v3.0.0-beta4 command: - --api.insecure=true - --providers.docker - --log.level=DEBUG # - --experimental.localPlugins.fail2ban-local.moduleName=github.com/tomMoulard/fail2ban - --experimental.plugins.fail2ban-registery.modulename=github.com/tomMoulard/fail2ban - --experimental.plugins.fail2ban-registery.version=v0.7.1 ports: - 80:80 - 8080:8080 volumes: - /var/run/docker.sock:/var/run/docker.sock # - .:/plugins-local/src/github.com/tomMoulard/fail2ban/ tty: true # changes user: 0:0 cap_add: - DAC_OVERRIDE - CHOWN deploy: resources: limits: cpus: "8.0" memory: 4G tmpfs: - /tmp:rw,noexec,nosuid,size=512M sysctls: net.core.somaxconn: 8192 net.ipv4.tcp_syncookies: 0 whoami: image: traefik/whoami # https://github.com/traefik/whoami command: -name whoami labels: # traefik.http.routers.fail2ban-local.rule: Host(`fail2ban-local.localhost`) # traefik.http.routers.fail2ban-local.middlewares: fail2ban-local # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.rules.enabled: true # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.rules.bantime: 3h # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.rules.findtime: 3h # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.rules.maxretry: 4 # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.whitelist.ip: 127.0.0.2 # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.blacklist.ip: 127.0.0.3 # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.rules.urlregexps[0].regexp: /no # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.rules.urlregexps[0].mode: block # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.rules.urlregexps[1].regexp: /yes # traefik.http.middlewares.fail2ban-local.plugin.fail2ban-local.rules.urlregexps[1].mode: allow traefik.http.routers.fail2ban-registery.rule: Host(`fail2ban-registery.localhost`) traefik.http.routers.fail2ban-registery.middlewares: fail2ban-registery traefik.http.middlewares.fail2ban-registery.plugin.fail2ban-registery.enabled: true ```

[kraoc]

Worked now... Don't know why... Maybe a network issue...

But all access are 403 now... It seems to block all trafic by default ?

Seems the same as #89

PS: I managed to work by looking into traefik log and whitelist all my internal IPs...

[tomMoulard]

If you managed to get this working, I'll close this issue. Thanks.