Traefik dashboard returns 404 page not found (traefik docker and bind9 docker setup)

8riven8 · September 14, 2023, 5:05pm

I configured Traefik in docker using the guide: Put Wildcard Certificates and SSL on EVERYTHING - Traefik Tutorial on YT

But when trying to access the dashboard - I see an error: 404 Page not found
enter image description here

I’ve tried everything:

disabled the firewall in ubuntu and in the router
Tried to log in from both local ip and local machine ip: localhost and 192.168.88.253
I configured docker compose file so that both Traefik and bind9 were in the same network and even configured a subdomain in bind 9 adding Traefik-dashboard entry to it.
I couldn’t access Traefik dashboard from the domain, and still can’t. However, I can’t enter it either by local ip and localhost.

Below I’ll give you all my tips, including docker-compose files, error logs, etc.
I would be very grateful if you could point out my flaws and help me solve this problem.

Let’s start with traefik docker-compose.yml:

version: '3.8'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      proxy1:
      dns-server_dns-network:
        ipv4_address: 10.20.3.5
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=****@protonmail.com
      - CF_DNS_API_TOKEN=mdc3Xlhxpuidm***
      # - CF_API_KEY=YOUR_API_KEY
      # be sure to use the correct one depending on if you are using a token or key
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /root/traefik/data/traefik.yml:/traefik.yml:ro
      - /root/traefik/data/acme.json:/acme.json
      - /root/traefik/data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.****.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.****.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=local.****.com"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.****.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  dns-server_dns-network:
    external: true
  proxy1:
    external: true

I’ll give you a little explanation:
dns-server_dns-network is the network of the dns-server (bind9), which is also inside the docker container, but a different one. In this case it is necessary to assign a local subdomain and everything would work correctly.
proxy1 - network of Traefik itself.

Traefik config.yml:

http:
 #region routers 
  routers:
    bind9:
      entryPoints:
        - "https"
      rule: "Host(`bind9.local.*****.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: bind9
    pterodactyl:
      entryPoints:
        - "https"
      rule: "Host(`pterodactyl.local.*****.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: pterodactyl
#endregion
#region services
  services:
    bind9:
      loadBalancer:
        servers:
          - url: "https://10.20.3.2:53"  
        passHostHeader: true
    pterodactyl:
      loadBalancer:
        servers:
          - url: "http://10.20.3.6:8082"
        passHostHeader: true
#endregion
  middlewares:
    addprefix-pihole:
      addPrefix:
prefix: "/admin"
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true
    redirectregex-pihole:
      redirectRegex:
        regex: /admin/$
        replacement: /

    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    idrac:
      headers:
        frameDeny: true
        browserXssFilter: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.88.0/24"
        - "172.16.0.0/12"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

Traefik.yml:

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: ****@protonmail.com
      storage: acme.json
      dnsChallenge:
        delayBeforeCheck: 5
        provider: cloudflare
       #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables>
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

acme.json file:

{
  "cloudflare": {
    "Account": {
      "Email": "*****@protonmail.com",
      "Registration": {
        "body": {
          "status": "valid",
          "contact": [
            "mailto:****@protonmail.com"
          ]
        },
        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/1308****76"
      },
      "PrivateKey": "MIIJKQ**********fhYGyV2xowwa/O9WSHf+3GU>
      "KeyType": "4096"
    },
    "Certificates": [
      {
        "domain": {
          "main": "local.*****.com",
          "sans": [
            "*.local.*****.com"
          ]
        },
        "certificate": "LS0tLS1C***********N3VUEKTURJ>
        "key": "LS0tLS1CRUdJTiBS*******Bejk4bzdCeTBtCnhLVFFC>
        "Store": "default"
      }
    ]
  }
}

If you run Traefik with a container, there is nothing in the logs:

root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"

However, if you write restart, errors will appear in the logs:

root@riven:~/traefik/data# docker restart traefik
traefik
root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:36+03:00" level=info msg="Configuration loaded from file: /traefik.yml"

Just in case, here’s a list of all the containers:

root@riven:~/dns-server/config# docker ps -a
CONTAINER ID   IMAGE                 COMMAND                  CREATED        STATUS          PORTS                                                                           NAMES
78296a683271   traefik:latest        "/entrypoint.sh trae…"   11 hours ago   Up 25 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp        traefik
5c3081b0c7df   ubuntu/bind9:latest   "docker-entrypoint.sh"   12 hours ago   Up 8 minutes    0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp   dns-server

Now let’s move on to the dns server bind9, which is also running in a container:

bind9 docker-compose.yml:

version: '3'

networks:
  dns-network:
    driver: bridge
    ipam:
      config:
        - subnet: 10.20.0.0/16

services:
  bind9:
    container_name: dns-server
    image: ubuntu/bind9:latest
    environment:
      - BIND9_USER=root
      - TZ=Europe/Moscow
    networks:
      dns-network:
        ipv4_address: 10.20.3.2
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    volumes:
      - ./config:/etc/bind
      - ./cache:/var/cache/bind
      - ./records:/var/lib/bind
    restart: unless-stopped

named.conf file:

acl internal {
    10.10.0.0/16;
    10.11.0.0/16;
    10.20.0.0/16;
    10.50.0.0/16;
    192.168.88.0/24;
};

options {
    forwarders {
        1.1.1.1;
        1.0.0.1;
    };
    allow-query { internal; };
};

zone "local.*****.com" IN {
    type master;
    file "/etc/bind/local-*****-com.zone";
};

local-*****-com.zone file:

$TTL 2D

$ORIGIN local.*****.com.

@       IN      SOA     ns.local.*****.com.  admin.*****.com. (
                        2023083100      ; serial
                        12h             ; refresh
                        15m             ; retry
                        3w              ; expire
                        2h              ; minimum ttl
)

        IN      NS      ns.local.*****.com.

ns      IN      A       10.20.3.2

; -- add dns records below

servers IN      A       10.20.3.4
*.servers IN    A       10.20.3.4
traefik-dashboard IN A 10.20.3.5

Bind9 logs:

root@riven:~/dns-server/config# docker logs --tail=200 dns-server
Starting named...
exec /usr/sbin/named -u "root" "-g" ""
14-Sep-2023 14:54:56.133 starting BIND 9.18.12-1ubuntu1.1-Ubuntu (Extended Support Version) <id:>
14-Sep-2023 14:54:56.133 running on Linux x86_64 6.2.0-32-generic #32~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 18 10:40:13 UTC 2
14-Sep-2023 14:54:56.133 built with  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fdebug-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=/usr/src/bind9-1:9.18.12-1ubuntu1.1 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
14-Sep-2023 14:54:56.133 running as: named -u root -g
14-Sep-2023 14:54:56.133 compiled by GCC 12.2.0
14-Sep-2023 14:54:56.133 compiled with OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 linked to OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 compiled with libxml2 version: 2.9.14
14-Sep-2023 14:54:56.133 linked to libxml2 version: 20914
14-Sep-2023 14:54:56.133 compiled with json-c version: 0.16
14-Sep-2023 14:54:56.133 linked to json-c version: 0.16
14-Sep-2023 14:54:56.133 compiled with zlib version: 1.2.13
14-Sep-2023 14:54:56.133 linked to zlib version: 1.2.13
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 BIND 9 is maintained by Internet Systems Consortium,
14-Sep-2023 14:54:56.133 Inc. (ISC), a non-profit 501(c)(3) public-benefit 
14-Sep-2023 14:54:56.133 corporation.  Support and training for BIND 9 are 
14-Sep-2023 14:54:56.133 available at https://www.isc.org/support
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 found 8 CPUs, using 8 worker threads
14-Sep-2023 14:54:56.133 using 8 UDP listeners per interface
14-Sep-2023 14:54:56.133 DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
14-Sep-2023 14:54:56.133 DS algorithms: SHA-1 SHA-256 SHA-384
14-Sep-2023 14:54:56.133 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
14-Sep-2023 14:54:56.133 TKEY mode 2 support (Diffie-Hellman): yes
14-Sep-2023 14:54:56.133 TKEY mode 3 support (GSS-API): yes
14-Sep-2023 14:54:56.137 config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
14-Sep-2023 14:54:56.137 loading configuration from '/etc/bind/named.conf'
14-Sep-2023 14:54:56.137 unable to open '/etc/bind/bind.keys'; using built-in keys instead
14-Sep-2023 14:54:56.137 looking for GeoIP2 databases in '/usr/share/GeoIP'
14-Sep-2023 14:54:56.137 using default UDP/IPv4 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 using default UDP/IPv6 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 listening on IPv4 interface lo, 127.0.0.1#53
14-Sep-2023 14:54:56.141 listening on IPv4 interface eth0, 10.20.3.2#53
14-Sep-2023 14:54:56.141 Could not open '//run/named/named.pid'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/named.pid': Permission denied
14-Sep-2023 14:54:56.141 generating session key for dynamic DNS
14-Sep-2023 14:54:56.141 Could not open '//run/named/session.key'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/session.key': Permission denied
14-Sep-2023 14:54:56.141 could not create //run/named/session.key
14-Sep-2023 14:54:56.141 failed to generate session key for dynamic DNS: permission denied
14-Sep-2023 14:54:56.141 sizing zone task pool based on 1 zones
14-Sep-2023 14:54:56.141 none:99: 'max-cache-size 90%' - setting to 57829MB (out of 64255MB)
14-Sep-2023 14:54:56.141 using built-in root key for view _default
14-Sep-2023 14:54:56.141 set up managed keys zone for view _default, file 'managed-keys.bind'
14-Sep-2023 14:54:56.141 automatic empty zone: 10.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 16.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 17.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 18.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 19.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 20.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 21.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 22.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 23.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 24.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 25.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 26.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 27.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 28.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 29.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 30.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 31.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 168.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 64.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 65.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 66.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 67.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 68.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 69.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 70.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 71.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 72.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 73.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 74.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 75.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 76.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 77.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 78.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 79.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 80.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 81.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 82.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 83.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 84.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 85.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 86.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 87.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 88.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 89.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 90.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 91.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 92.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 93.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 94.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 95.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 96.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 97.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 98.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 99.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 101.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 102.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 103.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 104.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 105.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 106.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 107.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 108.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 109.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 110.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 111.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 112.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 113.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 114.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 115.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 116.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 117.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 118.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 119.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 120.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 121.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 122.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 123.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 124.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 125.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 126.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 0.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 254.169.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 2.0.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.51.198.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 113.0.203.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: D.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 9.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: A.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: B.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: EMPTY.AS112.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: HOME.ARPA
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on 127.0.0.1#953
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on ::1#953
14-Sep-2023 14:54:56.145 not using config file logging statement for logging due to -g option
14-Sep-2023 14:54:56.145 managed-keys-zone: loaded serial 2
14-Sep-2023 14:54:56.149 zone local.*****.com/IN: loaded serial 2023083100
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:1::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:dc3::35#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:ba3e::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fe::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:12::d0d#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2::c#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2f::f#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:a8::e#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:9f::42#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fd::1#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:c27::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:200::b#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2d::d#53
14-Sep-2023 14:54:56.153 all zones loaded
14-Sep-2023 14:54:56.153 running
14-Sep-2023 14:54:56.173 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
14-Sep-2023 14:54:56.177 resolver priming query complete: success

All my networks:

root@riven:~/dns-server/config# docker network ls
NETWORK ID     NAME                     DRIVER    SCOPE
bed0ea1726ee   bridge                   bridge    local
37f54b168f7e   dns-server_dns-network   bridge    local
8db2a758902a   host                     host      local
d5d2a3a56006   none                     null      local
44f6196d71d9   proxy1                   bridge    local

Checking ip addresses of containers:

root@riven:~/dns-server/config# docker ps -a
CONTAINER ID   IMAGE                 COMMAND                  CREATED        STATUS          PORTS                                                                           NAMES
78296a683271   traefik:latest        "/entrypoint.sh trae…"   11 hours ago   Up 25 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp        traefik
5c3081b0c7df   ubuntu/bind9:latest   "docker-entrypoint.sh"   12 hours ago   Up 8 minutes    0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp   dns-server
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 78296a683271
10.20.3.5172.18.0.2
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 5c3081b0c7df
10.20.3.2

But as you can see DNS server is working fine, you can see it from nslookup queries:

root@riven:~/dns-server/config# nslookup local.*****.com
Server:         192.168.88.1
Address:        192.168.88.1#53

Non-authoritative answer:
Name:   local.*****.com
Address: 91.***.***.1*4

root@riven:~/dns-server/config# nslookup servers.local.*****.com 10.20.3.2
Server:         10.20.3.2
Address:        10.20.3.2#53

Name:   servers.local.*****.com
Address: 10.20.3.4

root@riven:~/dns-server/config# nslookup traefik-dashboard.local.*****.com 10.20.3.2
Server:         10.20.3.2
Address:        10.20.3.2#53

Name:   traefik-dashboard.local.*****.com
Address: 10.20.3.5

Also if I go to the local domain (local.*****.com) I will see my microtik router page

But if I go into the traefik panel, I see that nothing is working:

enter image description here

Note that I am doing all of the above from a local host machine and with the ubuntu firewall (UFW) completely disabled
And also with mikrotik firewall disabled!!!

I have no idea what I did wrong or how to make it all work. At least how to make the Traefik panel work. I would be grateful for help and advice.

bluepuma77 · September 15, 2023, 6:06am

Did you try to access the Traefik dashboard at
https://traefik-dashboard.local.****.com/dashboard/?

If it still not works, make sure to enable Traefik debug log and access log.

It’s best practice to create a global http->https redirect on Traefik entrypoint, then you don’t need it on every router. See simple Traefik example.

8riven8 · September 15, 2023, 10:55am

I tried accessing the link you gave. It didn’t work.

8riven8 · September 15, 2023, 10:55am

Couldn’t do it with the local host either

8riven8 · September 15, 2023, 1:37pm

//NEW UPDATE (15 SEPT 2023):

traefik-access.log:

192.168.88.253 - - [15/Sep/2023:12:43:14 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 1 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:43:16 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 2 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:43:16 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 3 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:43:16 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 4 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:43:34 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 5 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:43:34 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 6 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:43:35 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 7 "-" "-" 0ms
10.20.0.1 - - [15/Sep/2023:12:43:39 +0000] "GET /dashboard/? HTTP/2.0" 404 19 "-" "-" 8 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:47:40 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 1 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:47:41 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 2 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:47:42 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 3 "-" "-" 0ms
10.20.0.1 - - [15/Sep/2023:12:47:46 +0000] "GET /dashboard/? HTTP/2.0" 404 19 "-" "-" 4 "-" "-" 0ms
10.20.0.1 - - [15/Sep/2023:12:47:48 +0000] "GET /dashboard/? HTTP/2.0" 404 19 "-" "-" 5 "-" "-" 0ms
10.20.0.1 - - [15/Sep/2023:12:47:48 +0000] "GET /dashboard/? HTTP/2.0" 404 19 "-" "-" 6 "-" "-" 0ms
10.20.0.1 - - [15/Sep/2023:12:47:50 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 7 "-" "-" 0ms
10.20.0.1 - - [15/Sep/2023:12:47:50 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 8 "-" "-" 0ms
10.20.0.1 - - [15/Sep/2023:12:47:50 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 9 "-" "-" 0ms
10.20.0.1 - - [15/Sep/2023:12:47:52 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 10 "-" "-" 0ms
10.20.0.1 - - [15/Sep/2023:12:47:52 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 11 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:48:12 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 12 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:48:12 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 13 "-" "-" 0ms
192.168.88.253 - - [15/Sep/2023:12:48:12 +0000] "GET /dashboard/? HTTP/2.0" - - "-" "-" 14 "-" "-" 0ms

traefik.log:

time="2023-09-15T15:45:52+03:00" level=info msg="Traefik version 2.10.4 built on 2023-07-24T16:29:02Z"
time="2023-09-15T15:45:52+03:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"https\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483646}}},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"},\"file\":{\"watch\":true,\"filename\":\"/config.yml\"}},\"api\":{\"dashboard\":true,\"debug\":true},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/var/log/traefik.log\",\"format\":\"common\"},\"accessLog\":{\"filePath\":\"/var/log/traefik-access.log\",\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"cloudflare\":{\"acme\":{\"email\":\"Ther1ven@protonmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"dnsChallenge\":{\"provider\":\"cloudflare\",\"delayBeforeCheck\":\"5s\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]}}}}}"
time="2023-09-15T15:45:52+03:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2023-09-15T15:45:52+03:00" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2023-09-15T15:45:52+03:00" level=debug msg="Starting TCP Server" entryPointName=http
time="2023-09-15T15:45:52+03:00" level=debug msg="Starting TCP Server" entryPointName=https
time="2023-09-15T15:45:52+03:00" level=info msg="Starting provider *file.Provider"
time="2023-09-15T15:45:52+03:00" level=debug msg="*file.Provider provider configuration: {\"watch\":true,\"filename\":\"/config.yml\"}"
time="2023-09-15T15:45:52+03:00" level=info msg="Starting provider *traefik.Provider"
time="2023-09-15T15:45:52+03:00" level=debug msg="*traefik.Provider provider configuration: {}"
time="2023-09-15T15:45:52+03:00" level=info msg="Starting provider *docker.Provider"
time="2023-09-15T15:45:52+03:00" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2023-09-15T15:45:52+03:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2023-09-15T15:45:52+03:00" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
time="2023-09-15T15:45:52+03:00" level=info msg="Starting provider *acme.Provider"
time="2023-09-15T15:45:52+03:00" level=debug msg="*acme.Provider provider configuration: {\"email\":\"Ther1ven@protonmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"dnsChallenge\":{\"provider\":\"cloudflare\",\"delayBeforeCheck\":\"5s\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]},\"ResolverName\":\"cloudflare\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
time="2023-09-15T15:45:52+03:00" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-09-15T15:45:52+03:00" level=info msg="Testing certificate renew..." providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-09-15T15:45:52+03:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"bind9\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"default-headers\",\"https-redirectscheme\"],\"service\":\"bind9\",\"rule\":\"Host(`bind9.local.*****.com`)\",\"tls\":{}},\"pterodactyl\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"default-headers\",\"https-redirectscheme\"],\"service\":\"pterodactyl\",\"rule\":\"Host(`pterodactyl.local.*****.com`)\",\"tls\":{}}},\"services\":{\"bind9\":{\"loadBalancer\":{\"servers\":[{\"url\":\"https://10.20.3.2:53\"}],\"passHostHeader\":true}},\"pterodactyl\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://10.20.3.6:8082\"}],\"passHostHeader\":true}}},\"middlewares\":{\"addprefix-pihole\":{\"addPrefix\":{\"prefix\":\"/admin\"}},\"default-headers\":{\"headers\":{\"customRequestHeaders\":{\"X-Forwarded-Proto\":\"https\"},\"stsSeconds\":15552000,\"stsIncludeSubdomains\":true,\"stsPreload\":true,\"forceSTSHeader\":true,\"frameDeny\":true,\"customFrameOptionsValue\":\"SAMEORIGIN\",\"contentTypeNosniff\":true,\"browserXssFilter\":true}},\"default-whitelist\":{\"ipWhiteList\":{\"sourceRange\":[\"10.0.0.0/8\",\"192.168.88.0/24\",\"172.16.0.0/12\"]}},\"https-redirectscheme\":{\"redirectScheme\":{\"scheme\":\"https\",\"permanent\":true}},\"idrac\":{\"headers\":{\"customRequestHeaders\":{\"X-Forwarded-Proto\":\"https\"},\"stsSeconds\":15552000,\"stsIncludeSubdomains\":true,\"forceSTSHeader\":true,\"frameDeny\":true,\"customFrameOptionsValue\":\"SAMEORIGIN\",\"browserXssFilter\":true}},\"redirectregex-pihole\":{\"redirectRegex\":{\"regex\":\"/admin/$\",\"replacement\":\"/\"}},\"secured\":{\"chain\":{\"middlewares\":[\"default-whitelist\",\"default-headers\"]}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
time="2023-09-15T15:45:52+03:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"http-to-https\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"redirect-http-to-https\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483646}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"redirect-http-to-https\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}},\"serversTransports\":{\"default\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2023-09-15T15:45:52+03:00" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=cloudflare.acme
time="2023-09-15T15:45:52+03:00" level=debug msg="Provider connection established with docker 24.0.5 (API 1.43)" providerName=docker
time="2023-09-15T15:45:52+03:00" level=debug msg="Filtering disabled container" container=bind9-dns-server-5c3081b0c7df5ccbfda73c4f97d37cee5041b0affd068f0a6e555fcb01970a72 providerName=docker
time="2023-09-15T15:45:52+03:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"traefik\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"traefik-https-redirect\"],\"service\":\"traefik-traefik\",\"rule\":\"Host(`traefik-dashboard.local.*****.com`)\"},\"traefik-secure\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"traefik-auth\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik-dashboard.local.*****.com`)\",\"tls\":{\"certResolver\":\"cloudflare\",\"domains\":[{\"main\":\"local.*****.com\",\"sans\":[\"*.local.*****.com\"]}]}}},\"services\":{\"traefik-traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"sslheader\":{\"headers\":{\"customRequestHeaders\":{\"X-Forwarded-Proto\":\"https\"}}},\"traefik-auth\":{\"basicAuth\":{\"users\":[\"USER:BASIC_AUTH_PASSWORD\"]}},\"traefik-https-redirect\":{\"redirectScheme\":{\"scheme\":\"https\"}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2023-09-15T15:45:52+03:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-09-15T15:45:52+03:00" level=debug msg="Added outgoing tracing middleware noop@internal" middlewareType=TracingForwarder entryPointName=http routerName=http-to-https@internal middlewareName=tracing
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up redirection to https 443" entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=http middlewareName=traefik-internal-recovery
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" entryPointName=https routerName=pterodactyl@file middlewareName=pipelining middlewareType=Pipelining serviceName=pterodactyl
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating load-balancer" serviceName=pterodactyl entryPointName=https routerName=pterodactyl@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating server 0 http://10.20.3.6:8082" entryPointName=https routerName=pterodactyl@file serviceName=pterodactyl serverName=0
time="2023-09-15T15:45:52+03:00" level=debug msg="child http://10.20.3.6:8082 now UP"
time="2023-09-15T15:45:52+03:00" level=debug msg="Propagating new UP status"
time="2023-09-15T15:45:52+03:00" level=debug msg="Added outgoing tracing middleware pterodactyl" middlewareName=tracing middlewareType=TracingForwarder entryPointName=https routerName=pterodactyl@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" routerName=pterodactyl@file middlewareName=https-redirectscheme@file middlewareType=RedirectScheme entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up redirection to https " middlewareName=https-redirectscheme@file middlewareType=RedirectScheme entryPointName=https routerName=pterodactyl@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" routerName=pterodactyl@file middlewareName=default-headers@file middlewareType=Headers entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] false false  map[] false 15552000 true true true true SAMEORIGIN true true       false}" entryPointName=https routerName=pterodactyl@file middlewareName=default-headers@file middlewareType=Headers
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] false false  map[] false 15552000 true true true true SAMEORIGIN true true       false}" middlewareType=Headers entryPointName=https routerName=pterodactyl@file middlewareName=default-headers@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding tracing to middleware" routerName=pterodactyl@file middlewareName=default-headers@file entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" routerName=bind9@file serviceName=bind9 middlewareName=pipelining middlewareType=Pipelining entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating load-balancer" routerName=bind9@file serviceName=bind9 entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating server 0 https://10.20.3.2:53" entryPointName=https routerName=bind9@file serviceName=bind9 serverName=0
time="2023-09-15T15:45:52+03:00" level=debug msg="child https://10.20.3.2:53 now UP"
time="2023-09-15T15:45:52+03:00" level=debug msg="Propagating new UP status"
time="2023-09-15T15:45:52+03:00" level=debug msg="Added outgoing tracing middleware bind9" routerName=bind9@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" middlewareName=https-redirectscheme@file middlewareType=RedirectScheme entryPointName=https routerName=bind9@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up redirection to https " entryPointName=https routerName=bind9@file middlewareName=https-redirectscheme@file middlewareType=RedirectScheme
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" routerName=bind9@file middlewareName=default-headers@file middlewareType=Headers entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] false false  map[] false 15552000 true true true true SAMEORIGIN true true       false}" middlewareName=default-headers@file middlewareType=Headers entryPointName=https routerName=bind9@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] false false  map[] false 15552000 true true true true SAMEORIGIN true true       false}" routerName=bind9@file middlewareName=default-headers@file middlewareType=Headers entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding tracing to middleware" entryPointName=https routerName=bind9@file middlewareName=default-headers@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding route for bind9.local.*****.com with TLS options default" entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding route for pterodactyl.local.*****.com with TLS options default" entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding certificate for domain(s) *.local.*****.com,local.*****.com"
time="2023-09-15T15:45:52+03:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-09-15T15:45:52+03:00" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=http routerName=http-to-https@internal middlewareName=tracing middlewareType=TracingForwarder
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" routerName=http-to-https@internal middlewareType=RedirectScheme middlewareName=redirect-http-to-https@internal entryPointName=http
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up redirection to https 443" routerName=http-to-https@internal middlewareType=RedirectScheme middlewareName=redirect-http-to-https@internal entryPointName=http
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" serviceName=traefik-traefik entryPointName=http middlewareName=pipelining middlewareType=Pipelining routerName=traefik@docker
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=traefik@docker serviceName=traefik-traefik
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating server 0 http://172.18.0.2:80" serviceName=traefik-traefik serverName=0 entryPointName=http routerName=traefik@docker
time="2023-09-15T15:45:52+03:00" level=debug msg="child http://172.18.0.2:80 now UP"
time="2023-09-15T15:45:52+03:00" level=debug msg="Propagating new UP status"
time="2023-09-15T15:45:52+03:00" level=debug msg="Added outgoing tracing middleware traefik-traefik" entryPointName=http routerName=traefik@docker middlewareType=TracingForwarder middlewareName=tracing
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=http routerName=traefik@docker middlewareName=traefik-https-redirect@docker
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up redirection to https " entryPointName=http routerName=traefik@docker middlewareName=traefik-https-redirect@docker middlewareType=RedirectScheme
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-09-15T15:45:52+03:00" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing entryPointName=https routerName=traefik-secure@docker middlewareType=TracingForwarder
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" entryPointName=https middlewareType=BasicAuth middlewareName=traefik-auth@docker routerName=traefik-secure@docker
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding tracing to middleware" routerName=traefik-secure@docker middlewareName=traefik-auth@docker entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" entryPointName=https routerName=pterodactyl@file serviceName=pterodactyl middlewareName=pipelining middlewareType=Pipelining
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating load-balancer" routerName=pterodactyl@file serviceName=pterodactyl entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating server 0 http://10.20.3.6:8082" serviceName=pterodactyl serverName=0 entryPointName=https routerName=pterodactyl@file
time="2023-09-15T15:45:52+03:00" level=debug msg="child http://10.20.3.6:8082 now UP"
time="2023-09-15T15:45:52+03:00" level=debug msg="Propagating new UP status"
time="2023-09-15T15:45:52+03:00" level=debug msg="Added outgoing tracing middleware pterodactyl" routerName=pterodactyl@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" routerName=pterodactyl@file middlewareName=https-redirectscheme@file middlewareType=RedirectScheme entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up redirection to https " middlewareName=https-redirectscheme@file middlewareType=RedirectScheme entryPointName=https routerName=pterodactyl@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" middlewareName=default-headers@file middlewareType=Headers entryPointName=https routerName=pterodactyl@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] false false  map[] false 15552000 true true true true SAMEORIGIN true true       false}" middlewareType=Headers entryPointName=https routerName=pterodactyl@file middlewareName=default-headers@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] false false  map[] false 15552000 true true true true SAMEORIGIN true true       false}" entryPointName=https routerName=pterodactyl@file middlewareName=default-headers@file middlewareType=Headers
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding tracing to middleware" middlewareName=default-headers@file entryPointName=https routerName=pterodactyl@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" entryPointName=https routerName=bind9@file serviceName=bind9 middlewareName=pipelining middlewareType=Pipelining
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating load-balancer" entryPointName=https routerName=bind9@file serviceName=bind9
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating server 0 https://10.20.3.2:53" entryPointName=https routerName=bind9@file serviceName=bind9 serverName=0
time="2023-09-15T15:45:52+03:00" level=debug msg="child https://10.20.3.2:53 now UP"
time="2023-09-15T15:45:52+03:00" level=debug msg="Propagating new UP status"
time="2023-09-15T15:45:52+03:00" level=debug msg="Added outgoing tracing middleware bind9" entryPointName=https routerName=bind9@file middlewareName=tracing middlewareType=TracingForwarder
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=https routerName=bind9@file middlewareName=https-redirectscheme@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up redirection to https " routerName=bind9@file middlewareName=https-redirectscheme@file middlewareType=RedirectScheme entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" middlewareName=default-headers@file middlewareType=Headers routerName=bind9@file entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] false false  map[] false 15552000 true true true true SAMEORIGIN true true       false}" entryPointName=https middlewareName=default-headers@file middlewareType=Headers routerName=bind9@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[] false [] [] [] [] [] 0 false [] [] false false  map[] false 15552000 true true true true SAMEORIGIN true true       false}" routerName=bind9@file entryPointName=https middlewareName=default-headers@file middlewareType=Headers
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding tracing to middleware" middlewareName=default-headers@file entryPointName=https routerName=bind9@file
time="2023-09-15T15:45:52+03:00" level=debug msg="Creating middleware" entryPointName=https middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding route for pterodactyl.local.*****.com with TLS options default" entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding route for bind9.local.*****.com with TLS options default" entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Adding route for traefik-dashboard.local.*****.com with TLS options default" entryPointName=https
time="2023-09-15T15:45:52+03:00" level=debug msg="Looking for provided certificate(s) to validate [\"local.*****.com\" \"*.local.*****.com\"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2023-09-15T15:45:52+03:00" level=debug msg="No ACME certificate generation required for domains [\"local.*****.com\" \"*.local.*****.com\"]." providerName=cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-09-15T15:47:36+03:00" level=debug msg="Serving default certificate for request: \"\""
time="2023-09-15T15:47:36+03:00" level=debug msg="http: TLS handshake error from 192.168.88.253:55072: remote error: tls: bad certificate"
time="2023-09-15T15:47:37+03:00" level=debug msg="Serving default certificate for request: \"\""
time="2023-09-15T15:47:37+03:00" level=debug msg="http: TLS handshake error from 192.168.88.253:55080: remote error: tls: bad certificate"
time="2023-09-15T15:47:37+03:00" level=debug msg="Serving default certificate for request: \"\""
time="2023-09-15T15:47:37+03:00" level=debug msg="http: TLS handshake error from 192.168.88.253:55094: remote error: tls: bad certificate"
time="2023-09-15T15:47:40+03:00" level=debug msg="Serving default certificate for request: \"\""
time="2023-09-15T15:47:43+03:00" level=debug msg="Serving default certificate for request: \"localhost\""
time="2023-09-15T15:47:43+03:00" level=debug msg="http: TLS handshake error from 10.20.0.1:40312: remote error: tls: bad certificate"
time="2023-09-15T15:47:44+03:00" level=debug msg="Serving default certificate for request: \"localhost\""
time="2023-09-15T15:47:44+03:00" level=debug msg="http: TLS handshake error from 10.20.0.1:40318: remote error: tls: bad certificate"
time="2023-09-15T15:47:44+03:00" level=debug msg="Serving default certificate for request: \"localhost\""
time="2023-09-15T15:47:44+03:00" level=debug msg="http: TLS handshake error from 10.20.0.1:40320: remote error: tls: bad certificate"
time="2023-09-15T15:47:46+03:00" level=debug msg="Serving default certificate for request: \"localhost\""
time="2023-09-15T16:17:10+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56048: read tcp 10.20.3.5:443->134.209.41.228:56048: read: connection reset by peer"
time="2023-09-15T16:17:10+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56064: EOF"
time="2023-09-15T16:17:11+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56066: tls: no cipher suite supported by both client and server"
time="2023-09-15T16:17:11+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56076: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])"
time="2023-09-15T16:17:11+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56078: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])"
time="2023-09-15T16:17:11+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56080: tls: client offered only unsupported versions: [302 301]"
time="2023-09-15T16:17:12+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56094: read tcp 10.20.3.5:443->134.209.41.228:56094: read: connection reset by peer"
time="2023-09-15T16:17:12+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56110: read tcp 10.20.3.5:443->134.209.41.228:56110: read: connection reset by peer"
time="2023-09-15T16:17:12+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56122: EOF"
time="2023-09-15T16:17:12+03:00" level=debug msg="http: TLS handshake error from 134.209.41.228:56128: read tcp 10.20.3.5:443->134.209.41.228:56128: read: connection reset by peer"

\\THE END NEW UPDATE (15 SEPT 2023):

8riven8 · September 15, 2023, 1:39pm

I’ve added the logs you recommended

8riven8 · September 15, 2023, 2:51pm

I have a domain example.com . I created a global subdomain on it local.example.com and sent it to the server ip (my work computer and the server are the same, I do all the actions on the server).

On the server itself there is bind9, which is my local zone local.example.com assigns local subdomains to servers on the intra-container ip address 10.20.3.4 and *.servers - so that those local game servers that were created using pterodactyl have a local subdomain server1.servers.local.example.com .
And I also made a local subdomain for Traefik, so that only I could log into it locally from the host machine.

I have a microtic router that stands between my local home network and access to the global Internet, a static IP serves as access to the global Internet 93...***
The router, using fixed dhcp, assigns to my physical computer =ip server 192.168.88.253
Important: the firewall on mikrotic is disabled (temporarily, while I’m testing the launch and activation of traefik+bind9+pterodactyl
Next comes the physical server = my computer on the ubuntu operating system, in which the firewall is also disabled. Bind9 and Traefik are on it.

Docker containers with bind9 and traefik do not have access to the local home network, but have access to proxy1 and dns-network networks (bind9 network).
Inside the dns network, the local ip zone is different: 10.20.0.0/8
That’s where the grafting of these ip subdomains takes place. And already the output traffic from these networks is carried out by docker-compose in which ports 80,443,53 are open. It is through the ports that traffic is exchanged with the local and, if I want, even with the global Internet.

That’s my entire configuration.

8riven8 · September 16, 2023, 1:51am

curl:

8riven8 · September 16, 2023, 12:45pm

curl:

8riven8 · September 16, 2023, 1:14pm

When I try to log into the dashboard via browser locally from the server, I can see in the browser:

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to localhost. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

192.168.88.253:80 uses an invalid security certificate.

The certificate is not trusted because it is self-signed.

Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT