Develop Reference

Change host protocol from http to https with kafka

I have a problem with kafka when I work with http protocol kafka run with me without any problem
but after upgrading the protocol from http to https
after upgrade it all services return the same error
2021-10-28 23:16:26.367 WARN 1 --- [ad | producer-1] org.apache.kafka.clients.NetworkClient : [Producer clientId=producer-1] Connection to node 1 (/206.189.178.228:9092) could not be established. Broker may not be available.
2021-10-28 23:18:02.623 WARN 1 --- [ntainer#1-0-C-1] org.apache.kafka.clients.NetworkClient : [Consumer clientId=consumer-2, groupId=groupId] Connection to node 1 (/206.189.178.228:9092) could not be established. Broker may not be available.
in producer and consumer i dont know what happens or if this error appeared from SSL
but i did not change any configuration about Kafka
this is my kafak.yml file
kafka.yml
version: '2'
services:
zookeeper:
image: confluentinc/cp-zookeeper:5.5.0
environment:
ZOOKEEPER_CLIENT_PORT: 2181
ZOOKEEPER_TICK_TIME: 2000
networks:
- food_default
kafka:
image: confluentinc/cp-kafka:5.5.0
ports:
- 9092:9092
environment:
KAFKA_BROKER_ID: 1
KAFKA_ADVERTISED_HOST_NAME: kafka
LISTENERS: PLAINTEXT://206.189.178.228:9092
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://206.189.178.228:9092
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
networks:
- food_default
networks:
food_default:
external: true
and this is service config this config existing in each other service
version: '2'
services:
food-order-service:
image: altshiftcreative/food-app-order-service:v1.5
environment:
# - _JAVA_OPTIONS=-Xmx512m -Xms256m
- SPRING_PROFILES_ACTIVE=prod,swagger
- MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED=false
- EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE=http://admin:$${jhipster.registry.password}#jhipster-registry:8761/eureka
- SPRING_CLOUD_CONFIG_URI=http://admin:$${jhipster.registry.password}#jhipster-registry:8761/config
- SPRING_DATASOURCE_URL=jdbc:mysql://food-mysql:3306/food_db?useUnicode=true&characterEncoding=utf8&useSSL=false&allowPublicKeyRetrieval=true&useLegacyDatetimeCode=false&serverTimezone=UTC&createD>
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=https://shopbia.shop/auth/realms/jhipster
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID=internal
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET=internal
# - JHIPSTER_SLEEP=30 # gives time for other services to boot before the application
- KAFKA_BOOTSTRAPSERVERS=kafka:9092
ports:
- 8082:8082
networks:
- food_default
networks:
food_default:
external: true

Kafka isn't an HTTP protocol, so your problem has nothing to do with that
You've set KAFKA_BOOTSTRAPSERVERS=kafka:9092
i did not change any configuration about Kafka
I think you did. That IP address is not the default of anything. To revert to expected behavior within the same Docker network, you need to set
LISTENERS: PLAINTEXT://0.0.0.0:9092
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092
Unclear where you're getting the IP address from, but if you want to expose the Docker container to an external network in that subnet, then you will need other settings

Kong with Docker Compose on Windows: failed loading initial list of upstreams: failed to get from node cache: could not acquire callback lock

I am experimenting with Kong deployed via Docker using Docker Compose and Docker Desktop for Windows.
When I start the container I seee a bunch of Lua errors, which from reading other posts around the net seem to maybe indicate some issue with the Nginx proxy that Kong uses under the hood.
Strangely enough I am still able to hit Kong, and I'm not aware of what actual issues this might be presenting at runtime, but I'm suspicious of any startup errors like this.
Does this suggest an issue that should be addressed?
Thanks
Errors:
kong_1 | 2021/10/08 19:51:58 [crit] 1119#0: *43 [lua] balancers.lua:240: create_balancers(): failed loading initial list of upstreams: failed to get from node cache: could not acquire callback lock: timeout, context: ngx.timer
kong_1 | 2021/10/08 19:51:58 [crit] 1106#0: *45 [lua] balancers.lua:240: create_balancers(): failed loading initial list of upstreams: failed to get from node cache: could not acquire callback lock: timeout, context: ngx.timer
kong_1 | 2021/10/08 19:51:58 [crit] 1110#0: *39 [lua] balancers.lua:240: create_balancers(): failed loading initial list of upstreams: failed to get from node cache: could not acquire callback lock: timeout, context: ngx.timer
kong_1 | 2021/10/08 19:51:58 [crit] 1116#0: *42 [lua] balancers.lua:240: create_balancers(): failed loading initial list of upstreams: failed to get from node cache: could not acquire callback lock: timeout, context: ngx.timer
kong_1 | 2021/10/08 19:51:58 [crit] 1102#0: *38 [lua] balancers.lua:240: create_balancers(): failed loading initial list of upstreams: failed to get from node cache: could not acquire callback lock: timeout, context: ngx.timer
kong_1 | 2021/10/08 19:51:58 [crit] 1117#0: *50 [lua] balancers.lua:240: create_balancers(): failed loading initial list of upstreams: failed to get from node cache: could not acquire callback lock: timeout, context: ngx.timer
Docker compose file:
version: "3"
networks:
kong-net:
driver: bridge
services:
#######################################
# Postgres: The database used by Kong
#######################################
kong-database:
image: postgres:9.6
restart: always
networks:
- kong-net
environment:
POSTGRES_PASSWORD: kong
POSTGRES_USER: kong
POSTGRES_DB: kong
ports:
- "5432:5432"
healthcheck:
test: ["CMD", "pg_isready", "-U", "kong"]
interval: 5s
timeout: 5s
retries: 5
#######################################
# Kong database migration
#######################################
kong-migration:
image: kong:2.6.0-alpine
command: "kong migrations bootstrap"
networks:
- kong-net
restart: on-failure
environment:
KONG_PG_HOST: kong-database
KONG_DATABASE: postgres
KONG_PG_PASSWORD: kong
links:
- kong-database
depends_on:
- kong-database
#######################################
# Kong: The API Gateway
#######################################
kong:
image: kong:2.6.0-alpine
restart: always
networks:
- kong-net
environment:
KONG_DATABASE: postgres
KONG_PG_HOST: kong-database
KONG_PG_USER: kong
KONG_PG_PASSWORD: kong
KONG_PROXY_LISTEN: 0.0.0.0:8000
KONG_PROXY_LISTEN_SSL: 0.0.0.0:8443
KONG_ADMIN_LISTEN: 0.0.0.0:8001
depends_on:
- kong-migration
- kong-database
healthcheck:
test: ["CMD", "curl", "-f", "http://kong:8001"]
interval: 5s
timeout: 2s
retries: 15
ports:
- "8001:8001"
- "8000:8000"
#######################################
# Konga database prepare
#######################################
konga-prepare:
image: pantsel/konga:next
command: "-c prepare -a postgres -u postgresql://kong:kong#kong-database:5432/konga_db"
environment:
DB_ADAPTER: postgres
DB_HOST: kong-database
DB_USER: kong
DB_PASSWORD: kong
networks:
- kong-net
restart: on-failure
links:
- kong-database
depends_on:
- kong-database
#######################################
# Konga: Kong GUI
#######################################
konga:
image: pantsel/konga:next
restart: always
networks:
- kong-net
environment:
DB_ADAPTER: postgres
DB_HOST: kong-database
DB_USER: kong
DB_PASSWORD: kong
TOKEN_SECRET: km1GUr4RkcQD7DewhJPNXrCuZwcKmqjb
DB_DATABASE: konga_db
NODE_ENV: production
depends_on:
- kong-database
ports:
- "1337:1337"

Cannot get wildcard certificate with traefik v2 and godaddy

I'm trying to set up a wildcard certificate mechanism with traefik v2.2 and GoDaddy. What I want to do is generating a valid certificate for the URLs pattern *.example.org. Here there is my docker-compose:
version: '3.7'
services:
traefik:
image: traefik:v2.2
container_name: traefik
restart: always
env_file:
- .provider.env
# .provider.env contains `GODADDY_API_KEY` and `GODADDY_API_SECRET`
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./tls-certificates:/tls-certificates
ports:
# http
- 8080:80
# https
- 443:443
command:
- --api.dashboard=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=proxy
- --entrypoints.webinsecure.address=:80
- --entrypoints.websecure.address=:443
# --certificatesresolvers.<name> Certificates resolvers configuration
# ACME V2 supports wildcard certificates.
# Wildcard certificates can only be generated through a DNS-01 challenge.
- --certificatesresolvers.wildcard-godaddy.acme.tlschallenge=true
- --certificatesResolvers.wildcard-godaddy.acme.dnsChallenge.provider=godaddy
- --certificatesResolvers.wildcard-godaddy.acme.dnsChallenge.delayBeforeCheck=0
# Email address used for registration.
- --certificatesresolvers.wildcard-godaddy.acme.email=foo#example.org
# Certificates storage
- --certificatesresolvers.wildcard-godaddy.acme.storage=/tls-certificates/acme.json
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=webinsecure"
- "traefik.http.routers.traefik.rule=Host(`traefik.example.org`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${DASHBOARD_USERNAME}:${DASHBOARD_PASSWORD}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.example.org`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=wildcard-godaddy"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=example.org"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.example.org"
- "traefik.http.routers.traefik-secure.service=api#internal"
networks:
proxy:
external: true
In my dns I have an A record * pointing to my ip address.
However when I start the compose I get the following error:
traefik | time="2020-04-15T16:40:50Z" level=debug msg="No default certificate, generating one"
traefik | time="2020-04-15T16:40:51Z" level=debug msg="Looking for provided certificate(s) to validate [\"example.org\" \"*.example.org\"]..." providerName=wildcard-godaddy.acme
traefik | time="2020-04-15T16:40:51Z" level=debug msg="Domains [\"example.org\" \"*.example.org\"] need ACME certificates generation for domains \"example.org,*.example.org\"." providerName=wildcard-godaddy.acme
traefik | time="2020-04-15T16:40:51Z" level=debug msg="Loading ACME certificates [example.org *.example.org]..." providerName=wildcard-godaddy.acme
traefik | time="2020-04-15T16:40:51Z" level=debug msg="Building ACME client..." providerName=wildcard-godaddy.acme
traefik | time="2020-04-15T16:40:51Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=wildcard-godaddy.acme
traefik | time="2020-04-15T16:40:51Z" level=debug msg="Using DNS Challenge provider: godaddy" providerName=wildcard-godaddy.acme
traefik | time="2020-04-15T16:40:51Z" level=debug msg="Using TLS Challenge provider." providerName=wildcard-godaddy.acme
traefik | time="2020-04-15T16:40:51Z" level=debug msg="legolog: [INFO] [example.org, *.example.org] acme: Obtaining bundled SAN certificate"
traefik | time="2020-04-15T16:40:52Z" level=debug msg="legolog: [INFO] [*.example.org] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/id1"
traefik | time="2020-04-15T16:40:52Z" level=debug msg="legolog: [INFO] [example.org] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/id2"
traefik | time="2020-04-15T16:40:52Z" level=debug msg="legolog: [INFO] [*.example.org] acme: use dns-01 solver"
traefik | time="2020-04-15T16:40:52Z" level=debug msg="legolog: [INFO] [example.org] acme: use tls-alpn-01 solver"
traefik | time="2020-04-15T16:40:52Z" level=debug msg="TLS Challenge Present temp certificate for example.org" providerName=acme
traefik | time="2020-04-15T16:40:52Z" level=debug msg="legolog: [INFO] [example.org] acme: Trying to solve TLS-ALPN-01"
traefik | time="2020-04-15T16:40:58Z" level=debug msg="TLS Challenge CleanUp temp certificate for example.org" providerName=acme
traefik | time="2020-04-15T16:40:58Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Preparing to solve DNS-01"
traefik | time="2020-04-15T16:40:58Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Trying to solve DNS-01"
traefik | time="2020-04-15T16:40:58Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Checking DNS record propagation using [127.0.0.11:53]"
traefik | time="2020-04-15T16:40:58Z" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]"
traefik | time="2020-04-15T16:40:58Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation."
traefik | time="2020-04-15T16:41:00Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation."
traefik | time="2020-04-15T16:41:02Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation."
traefik | time="2020-04-15T16:41:04Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation."
traefik | time="2020-04-15T16:41:06Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation."
traefik | time="2020-04-15T16:41:08Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation."
traefik | time="2020-04-15T16:41:10Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation."
traefik | time="2020-04-15T16:41:12Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation."
traefik | time="2020-04-15T16:41:14Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation."
traefik | time="2020-04-15T16:41:21Z" level=debug msg="legolog: [INFO] [*.example.org] acme: Cleaning DNS-01 challenge"
traefik | time="2020-04-15T16:41:22Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/id1"
traefik | time="2020-04-15T16:41:22Z" level=debug msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/id1"
traefik | time="2020-04-15T16:41:22Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/id2"
traefik | time="2020-04-15T16:41:22Z" level=debug msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/id2"
traefik | time="2020-04-15T16:41:22Z" level=error msg="Unable to obtain ACME certificate for domains \"example.org,*.example.org\" : unable to generate a certificate for the domains [example.org *.example.org]: acme: Error -> One or more domains had a problem:\n[*.example.org] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: During secondary validation: Incorrect TXT record \"null\" found at _acme-challenge.example.org, url: \n[example.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url: \n" providerName=wildcard-godaddy.acme
I do not understand either I'm misconfiguring something or if there's a problem on the let's encrypt/godaddy side.
Edit:
On port 80 I have another nginx instance up & running

Turned out it was a bug (fixed in v.2.2.1). See here: https://github.com/go-acme/lego/issues/1113

Eureka, ZUUL, Docker Compose on bridge network java.net.ConnectException: Connection refused

I'm running a Zuul service and Eureka service on separate docker containers with minimalistic configurations (both are spring boot projects).
Eureka:
docker-compose.xml:
version: '2'
services:
app:
build:
context: ./
image: eureka
environment:
eureka.client.serviceUrl.defaultZone: http://eurekaserver_app_1:8070/eureka/
tty: false
network_mode: bridge
ports:
- 8070:8070
DockerFile:
FROM java:8
COPY ./build/libs/eureka-server-0.0.1-SNAPSHOT.jar /usr/src/eureka/
WORKDIR /usr/src/eureka
EXPOSE 8070
CMD ["java","-jar","eureka-server-0.0.1-SNAPSHOT.jar"]
Zuul:
docker-compose.xml:
version: '2'
services:
app:
build:
context: ./
image: zuul-service
environment:
eureka.client.serviceUrl.defaultZone: http://eurekaserver_app_1:8070/eureka/
tty: false
ports:
- 8069:8069
network_mode: bridge
DockerFile:
FROM java:8
COPY ./build/libs/zuul-service-0.0.1-SNAPSHOT.jar /usr/src/item/
WORKDIR /usr/src/item
EXPOSE 8069
ENTRYPOINT ["java","-jar","zuul-service-0.0.1-SNAPSHOT.jar"]
I used the network ls --no-trunc Docker command to make sure they are not spinning up a new network:
NETWORK ID NAME DRIVER SCOPE
ba216f3e01bb168848074a99875666fe382a4eda15daad0c428a8102707ee49f bridge bridge local
a63a8adf0fd162d9b99bdf77bc4a13c0bfcfb8a9aca3c5375e60d5df5c5e305d host host local
2debbe96f8a96fdd8d6da983877609e0bdb7a1df6b25537f35f1608de0739fc7 none null local
Which seems alright, The problem is that Eureka container starts up properly, however zuul-service isn't when I used docker-compose up. It throws:
com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)
app_1 | at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:187) ~[jersey-apache-client4-1.19.1.jar!/:1.19.1]
app_1 | at com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123) ~[jersey-client-1.19.1.jar!/:1.19.1]
app_1 | at com.netflix.discovery.EurekaIdentityHeaderFilter.handle(EurekaIdentityHeaderFilter.java:27) ~[eureka-client-1.8.6.jar!/:1.8.6]
app_1 | at com.sun.jersey.api.client.Client.handle(Client.java:652) ~[jersey-client-1.19.1.jar!/:1.19.1]
app_1 | at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682) ~[jersey-client-1.19.1.jar!/:1.19.1]
app_1 | at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) ~[jersey-client-1.19.1.jar!/:1.19.1]
app_1 | at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:509) ~[jersey-client-1.19.1.jar!/:1.19.1]
app_1 | at com.netflix.discovery.shared.transport.jersey.AbstractJerseyEurekaHttpClient.getApplicationsInternal(AbstractJerseyEurekaHttpClient.java:194) ~[eureka-client-1.8.6.jar!/:1.8.6]
I am quite unsure on what I could be missing here?

The official Docker Compose docamantation says:
By default Compose sets up a single network for your app. Each
container for a service joins the default network and is both
reachable by other containers on that network, and discoverable by
them at a hostname identical to the container name.
I suggest you to create one docker-compose.yaml file for both applications, properly name them and separate Dockerfiles to different folders:
version: '2'
services:
eureka:
build:
context: ./eureka/
image: eureka
environment:
eureka.client.serviceUrl.defaultZone: http://eureka:8070/eureka/
tty: false
ports:
- 8070:8070
zuul:
build:
context: ./zuul/
image: zuul-service
environment:
eureka.client.serviceUrl.defaultZone: http://eureka:8070/eureka/
tty: false
ports:
- 8069:8069
When containers are up, they will be able to communicate between each other by eureka:8070 and zuul:8069 accordingly.

traefik: hangs after msg="Server configuration reloaded on :80"

I am attempting to deploy a traefik app via docker-machine to an EC2 instance using the following commands:
docker-machine scp include/traefik.toml swarm-master:/home/ubuntu/traefik.toml
docker-machine scp include/acme.json swarm-master:/home/ubuntu/acme.json
docker $(docker-machine config swarm-master) run \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $PWD/traefik.toml:/traefik.toml \
-v $PWD/acme.json:/acme.json \
-p 80:80 \
-p 443:443 \
-l traefik.frontend.rule=Host:traefik.domain.com \
-l traefik.port=8080 \
--network swarm-net \
--name traefik \
traefik:1.4.3-alpine \
-l DEBUG \
--docker
However, my application hangs after the following output:
traefik.toml 100% 503 29.4KB/s 00:00
acme.json 100% 0 0.0KB/s 00:00
time="2017-11-21T21:39:44Z" level=info msg="Traefik version v1.4.3 built on 2017-11-14_11:14:24AM"
time="2017-11-21T21:39:44Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":false,"CheckNewVersion":true,"AccessLogsFile":"","AccessLog":null,"TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":null,"Auth":null,"WhitelistSourceRange":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":["http"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":0,"InsecureSkipVerify":false,"RootCAs":null,"Retry":null,"HealthCheck":{"Interval":30000000000},"RespondingTimeouts":null,"ForwardingTimeouts":null,"Docker":{"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false},"File":null,"Web":null,"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
time="2017-11-21T21:39:44Z" level=info msg="Preparing server http &{Network: Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc42008bae0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2017-11-21T21:39:44Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false}"
time="2017-11-21T21:39:44Z" level=info msg="Starting server on :80"
time="2017-11-21T21:39:44Z" level=debug msg="Provider connection established with docker 17.05.0-ce (API 1.29)"
time="2017-11-21T21:39:44Z" level=debug msg="Filtering container with empty frontend rule /swarm-agent"
time="2017-11-21T21:39:44Z" level=debug msg="Filtering container with empty frontend rule /swarm-agent-master"
time="2017-11-21T21:39:44Z" level=debug msg="Validation of load balancer method for backend backend-traefik failed: invalid load-balancing method ''. Using default method wrr."
time="2017-11-21T21:39:44Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-traefik":{"servers":{"server-traefik":{"url":"http://172.31.48.2:8080","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-traefik-domain-com-0":{"entryPoints":["http"],"backend":"backend-traefik","routes":{"route-frontend-Host-traefik-domain-com-0":{"rule":"Host:traefik.domain.com"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}}}}"
time="2017-11-21T21:39:44Z" level=debug msg="Last docker config received more than 2s, OK"
time="2017-11-21T21:39:44Z" level=debug msg="Creating frontend frontend-Host-traefik-domain-com-0"
time="2017-11-21T21:39:44Z" level=debug msg="Wiring frontend frontend-Host-traefik-domain-com-0 to entryPoint http"
time="2017-11-21T21:39:44Z" level=debug msg="Creating route route-frontend-Host-traefik-domain-com-0 Host:traefik.domain.com"
time="2017-11-21T21:39:44Z" level=debug msg="Creating backend backend-traefik"
time="2017-11-21T21:39:44Z" level=debug msg="Creating load-balancer wrr"
time="2017-11-21T21:39:44Z" level=debug msg="Creating server server-traefik at http://172.31.48.2:8080 with weight 0"
time="2017-11-21T21:39:44Z" level=info msg="Server configuration reloaded on :80"
^Ctime="2017-11-21T21:39:59Z" level=info msg="I have to go... interrupt"
time="2017-11-21T21:39:59Z" level=info msg="Stopping server"
time="2017-11-21T21:39:59Z" level=debug msg="Waiting 10s seconds before killing connections on entrypoint http..."
time="2017-11-21T21:39:59Z" level=debug msg="Entrypoint http closed"
time="2017-11-21T21:39:59Z" level=info msg="Server stopped"
time="2017-11-21T21:39:59Z" level=info msg="Shutting down"
time="2017-11-21T21:39:59Z" level=error msg="Error creating server: http: Server closed"
traefik.toml:
debug = false
checkNewVersion = true
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[web.auth.basic]
users = ["admin:alkdsjfalkdjflakdsjfalkdjfalkdjfaldkjf"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "name#domain.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false
and acme.json has permissions 600.
However, when I run the following (seemingly same) command after logging into my EC2 instance, traefik is successfully deployed:
docker run \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $PWD/traefik.toml:/traefik.toml \
-v $PWD/acme.json:/acme.json \
-p 80:80 \
-p 443:443 \
-l traefik.frontend.rule=Host:traefik.domain.com \
-l traefik.port=8080 \
--network swarm-net \
--name traefik \
traefik:1.4.3-alpine \
-l DEBUG \
--docker
Any reason why I am not deploying with docker-machine are greatly appreciated. Thanks!