Server setup w/ LetsEncrypt: entryPoint "web" doesn't exist
christippett opened this issue · 11 comments
I've run into issues setting up Exoframe server with LetsEncrypt enabled, Traefik is giving errors that it can not find the "web" entrypoint.
Errors from traefik.log (real domain substituted with example.com):
time="2020-06-11T04:22:50Z" level=error msg="entryPoint \"web\" doesn't exist" entryPointName=web routerName=exoframe-server-web@docker
time="2020-06-11T04:22:50Z" level=error msg="no valid entryPoint for this router" routerName=exoframe-server-web@docker
time="2020-06-11T04:23:01Z" level=error msg="Unable to obtain ACME certificate for domains \"exoframe.example.com\": unable to generate a certificate for the domains [exoframe.example.com]: acme: Error -> One or more domains had a problem:\n[exoframe.example.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://exoframe.example.com/.well-known/acme-challenge/3ib8JDrEm-pI4BqUqaPqNa7UBnM3jKajE82FnkRcu1c: Connection refused, url: \n" providerName=exoframeChallenge.acme routerName=exoframe-server@docker rule="Host(`exoframe.example.com`)"
Config
The server was setup/installed without any deviation from the documentation. The following docker flags were used to start exoframe-server:
docker run -d \
--privileged \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /home/exoframe/.exoframe:/root/.exoframe \
-v /home/exoframe/.ssh/authorized_keys:/root/.ssh/authorized_keys:ro \
-e EXO_PRIVATE_KEY=PfM-KHduM_b-YkweFHm8 \
--label traefik.enable=true \
--label "traefik.http.routers.exoframe-server.rule=Host(\`exoframe.example.com\`)" \
--label "traefik.http.routers.exoframe-server-web.rule=Host(\`exoframe.example.com\`)" \
--label traefik.http.routers.exoframe-server.tls.certresolver=exoframeChallenge \
--label traefik.http.middlewares.exoframe-server-redirect.redirectscheme.scheme=https \
--label traefik.http.routers.exoframe-server-web.entrypoints=web \
--label traefik.http.routers.exoframe-server-web.middlewares=exoframe-server-redirect@docker \
--label traefik.http.routers.exoframe-server.entrypoints=websecure \
--label entryPoints.web.address=:80 \
--label entryPoints.websecure.address=:443 \
--restart always \
--name exoframe-server \
exoframe/server# /home/exoframe/.exoframe/server.config.yml
debug: false
letsencrypt: true
letsencryptEmail: 'me@example.com'
compress: true
autoprune: true
baseDomain: '.example.com'
cors: false
traefikImage: 'traefik:latest'
traefikName: 'exoframe-traefik'
traefikArgs: []
exoframeNetwork: 'exoframe'
updateChannel: 'stable'
swarm: false
# /home/exoframe/.exoframe/.internal/traefik/traefik.yml
log:
level: warning
filePath: /var/traefik/traefik.log
entryPoints:
websecure:
address: ':443'
providers:
docker:
endpoint: 'unix:///var/run/docker.sock'
exposedByDefault: false
certificatesResolvers:
exoframeChallenge:
acme:
httpChallenge:
entryPoint: web
email: me@example.com
storage: /var/traefik/acme.json
Investigation into the issue
I manually updated the traefik configuration that's automatically generated, adding the web entrypoint.
# /home/exoframe/.exoframe/.internal/traefik/traefik.yml
log:
level: warning
filePath: /var/traefik/traefik.log
entryPoints:
web:
address: ':80'
websecure:
address: ':443'
providers:
docker:
endpoint: 'unix:///var/run/docker.sock'
exposedByDefault: false
certificatesResolvers:
exoframeChallenge:
acme:
httpChallenge:
entryPoint: web
email: me@example.com
storage: /var/traefik/acme.jsonThis seems to resolve the issue, at least from what I can see. Traefik no longer complains about the missing entrypoint and a LetsEncrypt certificate is successfully registered for exoframe.example.com.
I don't have any experience with Traefik, so I don't know if the above config is what you expect it to be. If the config is supposed to include the web entrypoint, the issue seems to be in the use of the spread operator when setting Traefik's config (here). The entryPoints key is being overridden by the the LetsEncrypt config which doesn't include the web entrypoint.
Is there anything I'm missing? Although I've got things working, I'd ideally like to have this setup in a way that's repeatable and doesn't involve manually updating config files.
@christippett that does look like a bug at a first glance indeed! I wonder how it was working for me all this time 🤔
I'll try to dig into it a bit more once I have time and figure out what's wrong
@christippett which version of Traefik are you using?
I started with latest traefik image, but also had the same issue when dropping down to using the 2.1 tag.
@christippett that does look like a bug at a first glance indeed! I wonder how it was working for me all this time 🤔
To be honest, that's what drove me nuts trying to debug the problem. If the problem was systemic, I would've expected others to have the same issue - but I couldn't find any related issues to suggest this.
@christippett yeah, it's a bit weird to see tbh - I've never had that problem across multiple installations of exoframe, all running Traefik v2.1.x 🤔
@christippett quick question - have you removed traefik config before trying v2.1? or did you start a new one with existing config?
Another request - could you please try using Exoframe v6.1 and see if that works?
Okay, tracked it down. That's definitely a bug introduced in v6.2.0 with new traefik config.
Should be an easy fix.
Okay, tracked it down. That's definitely a bug introduced in v6.2.0 with new traefik config.
Should be an easy fix.
Glad I'm not going crazy! Thanks @yamalight
Fixed in server v6.2.2. Should be released shortly!