What I'm missing?
MichelDiz opened this issue ยท 9 comments
Follows issue video. Do not worry about the information contained. IP is dynamic and so on. Everything changes there nothing is definitive. It's on a Google Cloud machine. I show all settings in the video.
Cheers
version: '2'
services:
traefik:
privileged: true
image: rawmind/alpine-traefik:1.4.0-3
environment:
TRAEFIK_ADMIN_AUTH_METHOD: digest
TRAEFIK_ADMIN_AUTH_USERS: ''
TRAEFIK_ADMIN_ENABLE: 'true'
TRAEFIK_ADMIN_READ_ONLY: 'false'
TRAEFIK_ADMIN_STATISTICS: '10'
TRAEFIK_HTTPS_COMPRESSION: 'true'
TRAEFIK_HTTPS_ENABLE: 'false'
TRAEFIK_HTTPS_PORT: '443'
TRAEFIK_HTTP_COMPRESSION: 'true'
TRAEFIK_HTTP_PORT: '80'
TRAEFIK_INSECURE_SKIP: 'false'
TRAEFIK_RANCHER_ENABLE: 'true'
TRAEFIK_RANCHER_MODE: metadata
TRAEFIK_DEBUG: 'true'
TRAEFIK_RANCHER_DOMAIN: umover.com.br
ports:
- 8000:8000/tcp
- 80:80/tcp
- 443:443/tcp
labels:
io.rancher.scheduler.affinity:host_label: traefik_lb=true
io.rancher.container.hostname_override: container_name
io.rancher.scheduler.global: 'true'
version: '2'
services:
traefik:
metadata:
traefik:
ssl_crt: ''
ssl_key: ''
retain_ip: true
start_on_create: true
health_check:
healthy_threshold: 2
response_timeout: 5000
port: 8000
unhealthy_threshold: 3
interval: 5000
strategy: recreate
Hi @MichelDiz ...
i don't understand so much your video. Traefik is working fine as you show entering traefik admin page. You have 2 frontends, one with host rule "wekan" and other with path rule "ghost", with the correct backends configured.
"ghost" that has path rule "/blog" is accessing fine.
"wekan" with host rule is not working due to you dns seems wrong configured. You need a dns pointing traefik ip, that match the host rule you configured.
Otherwise, as advise, you are publishing the ports of the services directly and you don't need if you want to publish through traefik.
Anyway, it doesn't seem a problem of traefik neither this container.
Please, read the difference about layer 4 or layer 7 load balancers working mode and traefik documentation to know how frontend matchers works.
http://rancher.com/traefik-active-load-balancer-on-rancher/
https://docs.traefik.io/basics/#frontends
Best regards...
UPDATE: https://youtu.be/F30DAwxMFks
Does not seem to be DNS problem. I've done all DNS tests now, and it's still the same. There is no external IP only for Traefik. There is no way to point to an internal IP as DNS - this does not make sense.
In my list of Types there are other IPs but are from other services. The main address is what matters. I switched to "DNS and HTTP proxy CDN" pointing to the machine's IP with Rancher installed. Nothing changed.
In fact Traefik is not accessing the resources properly - it only accesses the HTML while the features in JavaScript, images, favicon and CSS it does not reach.
Trying to reach umover.com.br/blog get few erros - despite loads the pure HTML.
404 โ Not Found | GET umover.com.br/assets/js/infinitescroll.js | a few seconds ago
-- | -- | --
404 โ Not Found | GET umover.com.br/assets/js/jquery.fitvids.js | a few seconds ago
404 โ Not Found | GET umover.com.br/assets/js/infinitescroll.js | a few seconds ago
404 โ Not Found | GET umover.com.br/public/ghost-sdk.min.js | a few seconds ago
404 โ Not Found | GET umover.com.br/assets/js/jquery.fitvids.js | a few seconds ago
404 โ Not Found | GET umover.com.br/public/ghost-sdk.min.js | a few seconds ago
404 โ Not Found | GET umover.com.br/assets/built/screen.css | a few seconds ago
I've added some extra PORT to texting only. Because I was having this same problem in 3 tests I did - with three different operating systems (Debian, RancherOS and CentOS). All tests were started with a clean virtual machine. The latter I decided to install an older Docker to see if this was the problem. It was not, the problem persisted.
Exposing ghost and Wekan through PORT I can access the services without problems. Can view images, CSS working and so on.
At first I thought it was a Firewall problem, but it did not. Because everything works in other PORTs. But not through Traefik.
At this point here from another video (from another test) https://youtu.be/7ZO3lB5K8aA?t=1m8s you may notice that I am accessing the Ghost correctly through a PORT. Despite having accessed through the IP I assure you that I could access through the address of the domain that I pointed out in the DNS.
In fact everything works by pointing directly. Note Rancher's address. Most of the time I'm using the address pointing to DNS. And all services work by IP or by domain.
My last test will be to disable CloudFlare and point directly to the machine with Rancher. But I need a DNS service anyway ...
Cheers
The problem you show in the video is a dns problem. Do you have a dns entry same as host matcher that you set to point to traefik ip??
The problem you have with ghost is due to the path you added to traefik matcher, as you could see in your own logs. If you add a path matcher you need a reverse proxy to address it, due to ghost make internal calls without it. Thats why you couldn't access the css, img, etc...not a traefik problem, a problem of your config.
I don't understand what you say about internal ip. Who have talked about internal ip??
It isn't a traefik neither this container issue.
Did you read my recommended links?? Please, read them.
For now it's 80% sure it's a DNS thing. I'll keep on it. Maybe Traefik isn't compatible with Cloudflare.
Captured from your video....
80% sure it's a DNS thing?? You are so funny...
I don't know Brazilian language, but the last line ERR_NAME_NOT_RESOLVED... may be, it's almost a 99,99% .... ;)
kkkkkkkkkk LOL
Dude, I realized all these warnings, but I believed that everything was correct in the Cloudflare. I just trusted because I've never seen anything wrong with CloudFlare before.
For you to have an idea, I was only able to route ghost on the host. Wekan does not open/route. I've already forced Types in CloudFlare to point to the addresses that Traefik generates. And it gives "404 No Found". It works only in the main domain, subdomains are in trouble.
Understand, this behavior is strange. ERR_NAME_NOT_RESOLVED can happen for other reasons. As I was sure that the configuring was correct in CloudFlare. I ignored it.
Your problem is not cloudfare neither traefik....moreover, it seems you are doing things without full understanding and without enough focus....
My last try... step by step.....
Your cloudfare dns name and your traefik frontend matcher ARE NOT EQUALS....Have you noticed it??
Your dns entry, wekan.default.umover.com.br
Your traefik Host matcher, wekan.wekan.umover.com.br
Then, obviously you get a 404 from traefik...Due to host requested DOESN'T MATCH with any of traefik host rules... Please, read how traefik matchers works....
WHY your wekan label doesn't work??
traefik.domain wrong label, if you want to override default host rule. The right label is traefik.frontend.rule as you can read in the documentation https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour
Same with other problems that you reported....Already answered before...
"Your cloudfare dns name and your traefik frontend matcher ARE NOT EQUALS .... Have you noticed it ??"
Yes, I noticed shortly after making the videos. The problem is that CloudFlare is automatically generating the inputs based in Rancher Stacks. TXT and TYPE A. It generates this alone because it is configured attached to Rancher. CloudFlare service locates the STACK and generates the entries / records.
wekan.default.umover.com.br
% {{stack_name}}.% {{environment_name}}
But I made up for it. After fixing it now only appears "404 Not found" and there appears in Traefik the warning that there was 404. In part it is a good sign.
The correct with this test and Traefik
% {{stack_name}}.% {{Service_name}}
"Host:wekan.wekan.umover.com.br"
Notice the CloudFlare Service that goes to "infra"
See below, I made some tests with what CloudFlare is doing (automated). OBS. I've noticed that it edits any manual changes I make. after a while
In the test with cULR I could notice that it accesses http://traefiker.traefik.umover.com.br with error 404
But with http://traefiker.traefik.umover.com.br:8000 he succeeds.
That is, the CloudFlare that is messing up. Well, he was not created to work with Traefik.
MichelDiz@DESKTOP-2AIPIM4 MINGW64 ~
$ curl -H -url http://umover.com.br
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 19 100 19 0 0 19 0 0:00:01 --:--:-- 0:00:01 46404 page not found
MichelDiz@DESKTOP-2AIPIM4 MINGW64 ~
$ curl -H -url http://umover.com.br:7878
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 177 100 177 0 0 177 0 0:00:01 --:--:-- 0:00:01 378{"id":"6023eda4-0247 -45df-9186-08037719b26d","type":"error","links":{},"actions":{},"status":401,"code":"Unauthorized" ,"message":"Unauthorized","detail":null,"baseType":"error"}
MichelDiz@DESKTOP-2AIPIM4 MINGW64 ~
$ curl -H -url http://umover.com.br:8000
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 34 100 34 0 0 34 0 0:00:01 --:--:-- 0:00:01 75<a href="/dashboard/">Found</a>.
MichelDiz@DESKTOP-2AIPIM4 MINGW64 ~
$ curl -H -url http://traefiker.traefik.umover.com.br
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 19 100 19 0 0 19 0 0:00:01 --:--:-- 0:00:01 48404 page not found
MichelDiz@DESKTOP-2AIPIM4 MINGW64 ~
$ curl -H -url http://traefiker.traefik.umover.com.br:8000
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 34 100 34 0 0 34 0 0:00:01 --:--:-- 0:00:01 77<a href="/dashboard/">Found</a>.
Ha haaaa! It was CloudFlare!
http://blog.ghost.umover.com.br/welcome/
http://wekan.wekan.umover.com.br/sign-in
I setup Google Cloud DNS and it's okay now. I just have to set the domain rules. From:
${Stackname}.${servicename}.${domain} to ${Stackname}.${domain}
there's how to do it without traefik.frontend.rule label?
See the Google Cloud DNS set
