How to proxy WebSockets in Traefik?

Question

I'm trying to set up Upsource to work behind Traefik: https://www.jetbrains.com/help/upsource/proxy-configuration.html

traefik is listening to port 8008 and 8443 (since 80/443 will be used for another):

--entryPoints='Name:http Address::8008 Redirect.EntryPoint:https' --entryPoints='Name:https Address::8443 TLS'

docker labels:

labels:
  traefik.backend: upsource
  traefik.enable: "true"
  traefik.port: "8080"
  traefik.frontend.rule: "Host:review.domain.com"

In conf/internal/bundle.properties, base-url is configured as follow:

base-url=https\://review.domain.com\:8443/

problem:

time="2017-09-20T03:23:59Z" level=error msg="Error getting ACME certificates [review.domain.com] : Cannot obtain certificates map[review.domain.com:acme: Error 400 - urn:acme:error:connection - Connection refused
Error Detail:
        Validation for review.domain.com:443

Why it validate for port 443 instead of 8443?

Moreover, to proxy WebSockets in Nginx:

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://upsourcemachine.domain.local:1111;
        proxy_pass_header Sec-Websocket-Extensions;

Can you confirm that Traefik support WebSockets? And if so, how to configure?

Answer 1

Traefik handle websocket, and you don't need any specific configuration for this.

Your problem seems to be more about the challenge in Let's Encrypt. Let's Encrypt doesn't handle TLS Challenge on other port than the default one and the default challenging in Traefik is TLS :(

So you need to configure Traefik to use DNS Challenge https://docs.traefik.io/configuration/acme/