full image - Repost: Traefik trouble with only 1 container (from Reddit.com, Traefik trouble with only 1 container)
Mining:
Exchanges:
Donations:
Any help would be greatly appreciated.. I've been working on this for so long I'm at a lossI have a FQDN with DNS hosted and proxied through cloudflare. I'm trying to set up linkstack to be proxied by Traefik, but keep recieving a 502 Bad Gateway Error. I've been able to successfully proxy 2 other containers using the same method. I've attached my main docker-compose, linkstack, traefik, and socket-proxy .yml files. Please let me know if there is any other information I can provide.Error message :024-09-03T17:28:04-04:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 47a347934bcbd3f5 2024-09-03T17:28:04-04:00 DBG github.com/traefik/traefik/v3/pkg/server/service/proxy.go:100 > 502 Bad Gateway error="dial tcp 192.168.90.3:8190: connect: connection refuseddocker-compose.yml:########################### NETWORKSnetworks: default: driver: bridge socket_proxy: name: socket_proxy driver: bridge ipam: config: - subnet: 192.168.91.0/24 t3_proxy: name: t3_proxy driver: bridge ipam: config: - subnet: 192.168.90.0/24########################### SECRETSsecrets: basic_auth_credentials: file: $DOCKERDIR/secrets/basic_auth_credentials cf_dns_api_token: file: $DOCKERDIR/secrets/cf_dns_api_token mysql_root_pass: file: $DOCKERDIR/secrets/mysql_root_passinclude: ########################### SERVICES # PREFIX udms = Ultimate Docker Media Server # HOSTNAME=udms - defined in .env # CORE - compose/$HOSTNAME/socket-proxy.yml - compose/$HOSTNAME/traefik.yml - compose/$HOSTNAME/linkstack.yml - compose/$HOSTNAME/homepage.yml# - compose/$HOSTNAME/actual.ymlsocket-proxy.yml:services: # Docker Socket Proxy - Security Enchanced Proxy for Docker Socket socket-proxy: container_name: socket-proxy image: tecnativa/docker-socket-proxy security_opt: - no-new-privileges:true restart: unless-stopped #profiles: ["core", "all"] networks: socket_proxy: ipv4_address: 192.168.91.254 # You can specify a static IP privileged: false # true for VM. False for unprivileged LXC container. ports: # - "$ZEROTIER_IP_SYNOLOGY:2375:2375" # Port 2375 should only ever get exposed to the internal network. When possible use this line. # I use the next line instead, as I want portainer to manage multiple docker endpoints within my home network. - "127.0.0.1:2375:2375" volumes: - "/var/run/docker.sock:/var/run/docker.sock" environment: - LOG_LEVEL=debug # debug,info,notice,warning,err,crit,alert,emerg ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.). # 0 to revoke access. # 1 to grant access. ## Granted by Default - EVENTS=1 - PING=1 - VERSION=1 ## Revoked by Default # Security critical - AUTH=1 - SECRETS=1 - POST=1 # Watchtower # Not always needed - BUILD=0 - COMMIT=0 - CONFIGS=0 - CONTAINERS=1 # Traefik, portainer, etc. - DISTRIBUTION=0 - EXEC=0 - IMAGES=1 # Portainer - INFO=1 # Portainer - NETWORKS=1 # Portainer - NODES=0 - PLUGINS=0 - SERVICES=1 # Portainer - SESSION=0 - SWARM=0 - SYSTEM=0 - TASKS=1 # Portainer - VOLUMES=1 # Portainertraefik.yml:services: # Traefik 3 - Reverse Proxy traefik: container_name: traefik image: traefik:3.0 security_opt: - no-new-privileges:true restart: unless-stopped #profiles: ["core", "all"] networks: t3_proxy: ipv4_address: 192.168.90.254 # You can specify a static IP socket_proxy: command: # CLI arguments - --global.checkNewVersion=true - --global.sendAnonymousUsage=true - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --entrypoints.traefik.address=:8080 # - --entrypoints.ping.address=:8081 - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.web.http.redirections.entrypoint.permanent=true - --api=true - --api.dashboard=true # - --api.insecure=true # - --ping=true # - --serversTransport.insecureSkipVerify=true # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://ift.tt/HbWgntS - --entrypoints.websecure.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS - --log=true - --log.filePath=/logs/traefik.log - --log.level=INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC - --accessLog=true - --accessLog.filePath=/logs/access.log - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines - --accessLog.filters.statusCodes=204-299,400-499,500-599 - --providers.docker=true # - --providers.docker.endpoint=unix:///var/run/docker.sock # Disable for Socket Proxy. Enable otherwise. - --providers.docker.endpoint=tcp://socket-proxy:2375 # Enable for Socket Proxy. Disable otherwise. - --providers.docker.exposedByDefault=false - --providers.docker.network=t3_proxy # - --providers.docker.swarmMode=false # Traefik v2 Swarm # - --providers.swarm.endpoint=tcp://127.0.0.1:2377 # Traefik v3 Swarm - --entrypoints.websecure.http.tls=true - --entrypoints.websecure.http.tls.options=tls-opts@file # Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services - --entrypoints.websecure.http.tls.certresolver=dns-cloudflare - --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME_HS - --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME_HS - --entrypoints.websecure.http.tls.domains[1].main=$DOMAINNAME_1 - --entrypoints.websecure.http.tls.domains[1].sans=*.$DOMAINNAME_1 # - --entrypoints.websecure.http.tls.domains[2].main=$DOMAINNAME_2 # Pulls main cert for third domain # - --entrypoints.websecure.http.tls.domains[2].sans=*.$DOMAINNAME_2 # Pulls wildcard cert for third domain - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory - --providers.file.watch=true # Only works on top level files in the rules folder # - --certificatesResolvers.dns-cloudflare.acme.caServer=https://ift.tt/hEZPB8M # LetsEncrypt Staging Server - uncomment when testing - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate # - --metrics.prometheus=true # - --metrics.prometheus.buckets=0.1,0.3,1.2,5.0 # - --metrics.prometheus.addEntryPointsLabels=true # - --metrics.prometheus.addrouterslabels=true # - --metrics.prometheus.addServicesLabels=true # - --metrics.influxdb2=true # - --metrics.influxdb2.address=https://ift.tt/KA2z0UM # - --metrics.influxdb2.token=$INFLUXDB_TOKEN # - --metrics.influxdb2.org=zHome # - --metrics.influxdb2.bucket=traefik-hs # - --metrics.influxdb2.addEntryPointsLabels=true # - --metrics.influxdb2.addrouterslabels=true # - --metrics.influxdb2.addServicesLabels=true # - --metrics.influxdb2.pushInterval=30s # - --metrics.influxdb2.additionallabels.host=$DOMAINNAME_HS #healthcheck: # test: ["CMD", "traefik", "healthcheck", "--ping"] # interval: 5s # retries: 3 ports: - target: 80 published: 80 protocol: tcp mode: host - target: 443 published: 443 protocol: tcp mode: host # - target: 8080 # need to enable --api.insecure=true # published: 8080 # protocol: tcp # mode: host volumes: - $DOCKERDIR/appdata/traefik3/rules/$HOSTNAME:/rules # Dynamic File Provider directory # - /var/run/docker.sock:/var/run/docker.sock:ro # Enable if not using Socket Proxy - $DOCKERDIR/appdata/traefik3/acme/acme.json:/acme.json # Certs File - $DOCKERDIR/logs/$HOSTNAME/traefik:/logs # Traefik logs environment: - TZ=$TZ - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token - HTPASSWD_FILE=/run/secrets/basic_auth_credentials # HTTP Basic Auth Credentials - DOMAINNAME_HS # Passing the domain name to traefik container to be able to use the variable in rules. - DOMAINNAME_1 # Additional Domain variable passthrough to container - DOMAINNAME_AT # Additional Domain variable passthrough to container secrets: - cf_dns_api_token - basic_auth_credentials labels: #- "autoheal=true" - "traefik.enable=true" # HTTP Routers - "traefik.http.routers.traefik-rtr.entrypoints=websecure" - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_HS`)" # Services - API - "traefik.http.routers.traefik-rtr.service=api@internal" # Healthcheck/ping #- "traefik.http.routers.ping.rule=Host(`traefik.$DOMAINNAME_HS`) && Path(`/ping`)" #- "traefik.http.routers.ping.tls=true" #- "traefik.http.routers.ping.service=ping@internal" # Middlewares # - "traefik.http.routers.traefik-rtr.middlewares=chain-no-auth@file" # For No Authentication - "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file" # For Basic HTTP Authentication #- "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file" # For Google OAuth #- "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file" # For Authelia Authenticationlinkstack.yml:services: linkstack: image: linkstackorg/linkstack:latest environment: TZ: $TZ SERVER_ADMIN: 'admin@example.com' HTTP_SERVER_NAME: 'example.com' HTTPS_SERVER_NAME: 'example.com' LOG_LEVEL: 'debug' PHP_MEMORY_LIMIT: '256M' UPLOAD_MAX_FILESIZE: '8M' volumes: - $DOCKERDIR/appdata/linkstack:/htdocs networks: - t3_proxy - socket_proxy ports: - "8120:80" - '8190:443' labels: - "traefik.enable=true" - "traefik.http.routers.linkstack-rtr.rule=Host(`$DOMAINNAME_HS`) || Host(`www.$DOMAINNAME_HS`)" # Both domain.com and www.domain.com - "traefik.http.routers.linkstack-rtr.entrypoints=websecure" - "traefik.http.routers.linkstack-rtr.tls=true" - "traefik.http.routers.linkstack-rtr.tls.certresolver=dns-cloudflare" - "traefik.http.routers.linkstack-rtr.service=linkstack-svc" - "traefik.http.services.linkstack-svc.loadBalancer.server.port=8190" - "traefik.http.services.linkstack-svc.loadbalancer.server.scheme=https" - "traefik.http.routers.linkstack-rtr.middlewares=chain-basic-auth@file" - "traefik.http.routers.linkstack-rtr.middlewares=linkstack-head" - "traefik.http.middlewares.linkstack-head.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.linkstack-head.headers.customResponseHeaders.X-Robots-Tag=none" - "traefik.http.middlewares.linkstack-head.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000" - "traefik.http.middlewares.linkstack-head.headers.stsSeconds=31536000" - "traefik.http.middlewares.linkstack-head.headers.accesscontrolalloworiginlist=*" restart: unless-stoppedvolumes: linkstack:
Social Media Icons