Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Internal Server Error with Traefik HTTPS backend on port 443

Tags:

traefik

With docker, I try to setup a traefik backend using HTTPS port 443, so communication between the traefik container and the app container (apache 2.4) will be encrypted.

I got an Internal Server Error if i activate traefik.protocol=https and traefik.port=443 on my docker container. This issue has been documented here: https://github.com/containous/traefik/issues/2770#issuecomment-374926137

Exactly same setup work great with jwidler/nginx-proxy (reverse proxy available on docker hub) for instance. Certificates on the container (apache 2.4 running inside) are real signed one (i installed them on traefik and on the apache of my container). If i request directly my apache container with https://... all browsers say certificate is valid (green). So the certificates in the container are ok.

The question is simple: Using InsecureSkipVerify = true is not safe. Is there any solution for production to be able to make work a container backend with label traefik.protocol=https and traefik.port=443, by using a certificate issued by a well-know authority (in my case Gandi or Comodo).

Thanks.

like image 542
Yivan Avatar asked Mar 21 '18 16:03

Yivan

2 Answers

I guess you may need to add 

InsecureSkipVerify = true

in the main/global section

Please refer to https://docs.traefik.io/configuration/commons/, which says:

InsecureSkipVerify : If set to true invalid SSL certificates are accepted for backends.
Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks.
like image 55
chxzqw Avatar answered Sep 24 '22 10:09

chxzqw

I only managed to expose the Kubernetes Dashboard with setting InsecureSkipVerify = true. Here is how I added it to the traefik deployment file (last line):

spec:
  serviceAccountName: traefik-ingress-controller
  terminationGracePeriodSeconds: 60
  containers:
  - image: traefik
    name: traefik-ingress-lb
    ports:
    - name: https
      containerPort: 443
    args:
    - --api
    - --kubernetes
    - --logLevel=INFO
    - --defaultentrypoints=https
    - --entrypoints=Name:https Address::443 TLS
    - --insecureSkipVerify=true
like image 30
Newalp Avatar answered Sep 20 '22 10:09

Newalp
Sign in to Comment

Related questions

Traefik Bad Gateway
Traefik docker image not working on Windows but working on MacOS?
Where are Traefik logs?
Why is my traefik.toml file not be read by docker-compose configuration
Multiple Routers and Services on the same container with traefik 2
Kubernetes basic authentication with Traefik
Self-hosted Gitlab registry: Connection refused for localhost:5000
Traefik Forward Authentication in k8s ingress controller
How to implement fail2ban with Traefik
Is there a way to serve static resources with Traefik?
Is there a way to not use GKE's standard load balancer?
Routing paths with Traefik
Define host and path frontend rule for Traefik
Routing to Different SQL Server Instances Running through Docker on Default Port
How to connect to Traefik TCP Services with TLS configuration enabled?
Traefik version 2 only shows 404 or no website at all
How do you mount the docker socket on Windows?
Traefik,multiple frontend rules to one docker container
Editing Files inside of a Docker Container
Redirect in Traefik from one domain to another

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!