I'm trying to set up Upsource to work behind Traefik: https://www.jetbrains.com/help/upsource/proxy-configuration.html
traefik is listening to port 8008 and 8443 (since 80/443 will be used for another):
--entryPoints='Name:http Address::8008 Redirect.EntryPoint:https' --entryPoints='Name:https Address::8443 TLS'
docker labels:
labels:
traefik.backend: upsource
traefik.enable: "true"
traefik.port: "8080"
traefik.frontend.rule: "Host:review.domain.com"
In conf/internal/bundle.properties
, base-url
is configured as follow:
base-url=https\://review.domain.com\:8443/
problem:
time="2017-09-20T03:23:59Z" level=error msg="Error getting ACME certificates [review.domain.com] : Cannot obtain certificates map[review.domain.com:acme: Error 400 - urn:acme:error:connection - Connection refused
Error Detail:
Validation for review.domain.com:443
Why it validate for port 443 instead of 8443?
Moreover, to proxy WebSockets in Nginx:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://upsourcemachine.domain.local:1111;
proxy_pass_header Sec-Websocket-Extensions;
Can you confirm that Traefik support WebSockets? And if so, how to configure?
WebSocket over a Forward Proxy. WebSocket communication can take successfully take place in the presence of forward proxies, providing the client and proxy server have been configured properly to deal with it.
Solution. The Traefik 2. x ingress controller does not set the WebSocket headers.
Today, most transparent proxy servers will not yet be familiar with the Web Socket protocol and these proxy servers will be unable to support the Web Socket protocol. In the future, however, proxy servers will likely become Web Sockets-aware and able to properly handle and forward WebSocket traffic.
WebSocket over a Reverse Proxy. WebSocket communication can take place over any reverse proxy which is configured to perform forwarding at the transport layer. Some proxies are able to handle WebSocket communication from certain clients at the application layer.
Traefik handle websocket, and you don't need any specific configuration for this.
Your problem seems to be more about the challenge in Let's Encrypt. Let's Encrypt doesn't handle TLS Challenge on other port than the default one and the default challenging in Traefik is TLS :(
So you need to configure Traefik to use DNS Challenge https://docs.traefik.io/configuration/acme/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With