I’m hoping someone can help me figure out what I’m doing wrong.
I have a VM on my local network that has Traefik, 2 apps (whomai and myapp), and wireguard in server mode (let’s call this VM “server”). I have another VM on the same network with Traefik and wireguard in client mode (let’s call this VM “client”).
- both VMs can can ping each other using their VPN IP addresses
- wireguard successfully handshakes
- I have
myapp.mydomain.com
as a host override on my router so every computer in my house points it to “client” - when I run
curl -L --header 'Host: myapp.mydomain.com'
from the myapp container it successfully returns the myapp page.
But when I browse to http://myapp.mydomain.com
I get “Internal Server Error”, yet nothing appears in the docker logs for any app (neither traefik container, neither wireguard container, nor the myapp container).
Any suggestions/assistance would be appreciated!
Just a few thoughts:
- Did you enable access logs in Traefik as well as setting global log level to debug? This usually gives a lot more info about whats going on
- Are the containers using the same docker network or host network, so they can reach each other?
Thanks for helping, @deergon@lemmy.world.
Both traefik containers (on the “server” and “client” VMs) and the wireguard server container were built with
TRAEFIK_NETWORK_MODE=host
. The VMs can ping each other and the Wireguard containers can ping each other.Both traefik containers were built with
TRAEFIK_LOG_LEVEL=warn
but I changed them both toTRAEFIK_LOG_LEVEL=info
just now. There’s a tad more info in the logs, but nothing that seems pertinent.How about the Traefik access logs (separate from the main log), do they reveal anything?
From traefik’s access.log:
{"ClientAddr":"192.168.1.17:45930","ClientHost":"192.168.1.17","ClientPort":"45930","ClientUsername":"-","DownstreamContentSize":21,"DownstreamStatus":500,"Duration":13526669,"OriginContentSize":21,"OriginDuration":13462593,"OriginStatus":500,"Overhead":64076,"RequestAddr":"whoami.mydomain.com","RequestContentSize":0,"RequestCount":16032,"RequestHost":"whoami.mydomain.com","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"websecure-whoami-vpn@file","ServiceAddr":"10.13.16.1","ServiceName":"whoami-vpn@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"10.13.16.1","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2024-04-30T00:21:51.533176765Z","StartUTC":"2024-04-30T00:21:51.533176765Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-04-30T00:21:51Z"} {"ClientAddr":"192.168.1.17:45930","ClientHost":"192.168.1.17","ClientPort":"45930","ClientUsername":"-","DownstreamContentSize":21,"DownstreamStatus":500,"Duration":13754666,"OriginContentSize":21,"OriginDuration":13696179,"OriginStatus":500,"Overhead":58487,"RequestAddr":"whoami.mydomain.com","RequestContentSize":0,"RequestCount":16033,"RequestHost":"whoami.mydomain.com","RequestMethod":"GET","RequestPath":"/favicon.ico","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"websecure-whoami-vpn@file","ServiceAddr":"10.13.16.1","ServiceName":"whoami-vpn@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"10.13.16.1","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2024-04-30T00:21:51.74274202Z","StartUTC":"2024-04-30T00:21:51.74274202Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-04-30T00:21:51Z"}
All I can tell from this is that there is a DownstreatStatus of 500. I don’t know what that means.
Have you tried accessing your service url from inside the Traefik container? Eg. wget https://10.13.16.1? Also you seem to be accessing the service url with https, which usually requires insecureSkipVerify=true. Otherwise you might get http-500 error downstream.