Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Services deployed via Dokploy Inaccessible After Customizing Traefik Ports via Environment Variables #804

Open
chuyun opened this issue Dec 3, 2024 · 10 comments · May be fixed by Dokploy/website#14
Labels
bug Something isn't working

Comments

@chuyun
Copy link
Contributor

chuyun commented Dec 3, 2024

To Reproduce

  1. Customize the TRAEFIK_PORT and TRAEFIK_SSL_PORT environment variables as per the instructions in How to make Dokploy to do not require port 80 and 443 to be avilable? #130 .
  2. Restart the relevant services.
  3. Attempt to access the services through Traefik.

Current vs. Expected behavior

Expected Behavior
The services should be accessible through the customized ports without any issues.

Actual Behavior
All reverse-proxied services become inaccessible.

Provide environment information

Dokploy Version: v0.13.1

Which area(s) are affected? (Select all that apply)

Traefik

Are you deploying the applications where Dokploy is installed or on a remote server?

Same server where Dokploy is installed

Additional context

After following the guidance from Issue #130 to customize the environment variables TRAEFIK_PORT and TRAEFIK_SSL_PORT, all services reverse-proxied through Traefik become inaccessible. We need to discuss whether a general solution should be provided in Dokploy to resolve this issue.

Will you send a PR to fix it?

Maybe, need help

@chuyun chuyun added the bug Something isn't working label Dec 3, 2024
@chuyun chuyun changed the title Services Inaccessible After Customizing Traefik Ports via Environment Variables Services deployed via Dokploy Inaccessible After Customizing Traefik Ports via Environment Variables Dec 3, 2024
@ccinoo

This comment was marked as off-topic.

@Siumauricio
Copy link
Contributor

I see that it doesn't work, I don't know if it is due to the migration that we had done from traefik 2.5 to 3.10, I was playing for a couple of hours but it doesn't seem to work, I think I will need more time to check this.

@aliuq
Copy link

aliuq commented Dec 20, 2024

I seem to have encountered the same problem. I could access it before, but since the upgrade, accessing through the domain name only returns 404 page not found. I am not sure whether it is a problem with my configuration or a problem with dokploy.

@nktnet1
Copy link
Contributor

nktnet1 commented Dec 25, 2024

I got it working with the following script, which changes port 80 -> 81 and port 443 -> 444:

EDIT: Did not work (see edit for the old non-working code)

@Siumauricio happy to make a pull request + update the docs if needed ^

@Siumauricio
Copy link
Contributor

@nktnet1 would be great if you are able to make a pull request !

@nktnet1 nktnet1 linked a pull request Dec 25, 2024 that will close this issue
@nktnet1
Copy link
Contributor

nktnet1 commented Dec 25, 2024

I've made the pull request on the Dokploy/Website repository :)

@Siumauricio
Copy link
Contributor

@nktnet1 Reviewing carefully the script, why does it assign the https and http port to the dokploy container? when it has nothing to do and the one that should have the exposed port should be the dokploy-traefik container, if you can give details to understand it would be great, I tried the script but it does not work, because if you assign the port 81 and 444 for example it will be assigned to the dokploy container and not to traefik which is who balances the services.

@nktnet1
Copy link
Contributor

nktnet1 commented Dec 25, 2024

hmm yeah my bad, I did it in a rush and thought it was working, but turns out not (and doesn't make much sense either). Traefik was basically stopped from starting and through some of my old configurations from coolify, it happened to work.
Will spend some time investigating after the holidays - sorry for the confusion ^.

@patillacode
Copy link

patillacode commented Dec 26, 2024

I am on the same boat.

Hopefully I'll give you an idea if I specify my scenario!

I installed dokploy in a brand new VPS (Hetzner) and I just setup a project with one service via the Compose option.

Deployment goes fine and accessing the naked IP in the browser works under the port I setup in the docker-compose.yml file .

Now the issue: when trying to access via a custom domain I get the same 404 behaviour described above.

I have tried different ports (3000, 5058, 8000) without success.

I checked the traefik config and it has the ports 80 and 443 as you can see below

providers:
  swarm:
    exposedByDefault: false
    watch: false
  docker:
    exposedByDefault: false
  file:
    directory: /etc/dokploy/traefik/dynamic
    watch: true
entryPoints:
  web:
    address: ':80'
  websecure:
    address: ':443'
    http:
      tls:
        certResolver: letsencrypt
api:
  insecure: true
certificatesResolvers:
  letsencrypt:
    acme:
      email: email@email.com
      storage: /etc/dokploy/traefik/dynamic/acme.json
      httpChallenge:
        entryPoint: web

I am not an expert on this matter at all but I am open to help,

PS: awesome tool! thanks for making it happen @Siumauricio !

@patillacode
Copy link

patillacode commented Jan 1, 2025

I am out of carrots here...

I have been trying to debug this thing for days and I feel it is something stupid but I just can't see it.

  • I can access the dokploy UI via the domain https://dokploy.mydomain.comwithout a problem
  • I can access my service via http://MY_SERVER_IP:5058 without issue
  • I cannot access my service via https://staging.mydomain.com I keep getting 404.

One weird thing though is the when I click the Preview compose button I get my docker-compose-dokploy.yml file to the dot except for the traefik configuration, it is like tripled, not sure if that might be part of the issue or if it is just how dokploy is showing it to me.

If anyone could share any thoughts on this, it would be greatly appreciated.

Allow me to share my config:

Original docker-compose-dokploy.yml in my code base:

services:
  postgres:
    image: postgres
    restart: always
    env_file:
      - .env
    healthcheck:
      test: ["CMD-SHELL", "sh -c 'pg_isready -U ligaconquis'"]
      interval: 30s
      timeout: 3s
      retries: 3
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    networks:
      - dokploy-network

  website:
    restart: always
    build: .
    command: bash -c "make docker-setup && gunicorn --threads 4 --workers=4 ligaconquis.wsgi -b 0.0.0.0:${DOKPLOY_DOCKER_PORT} --timeout=600"
    env_file:
      - .env
    healthcheck:
      test: ["CMD-SHELL", "curl --head  --request GET $DJANGO_BASE_URL/status/ | grep '200 OK'"]
      interval: 30s
      timeout: 5s
      retries: 3
    volumes:
      - media:/ligaconquis/media
    ports:
      - ${DOKPLOY_DOCKER_PORTS}
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - dokploy-network
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.${CONTAINER_NAME}.rule=Host(`${DJANGO_BASE_URL}`)"
      - "traefik.http.routers.${CONTAINER_NAME}.entrypoints=websecure"
      - "traefik.http.routers.${CONTAINER_NAME}.tls.certResolver=letsencrypt"
      - "traefik.http.services.${CONTAINER_NAME}.loadbalancer.server.port=${DOKPLOY_DOCKER_PORT}"

volumes:
  postgres_data:
  media:

networks:
  dokploy-network:
    external: true

Preview Compose button returns this:

services:
  postgres:
    image: postgres
    restart: always
    env_file:
      - .env
    healthcheck:
      test:
        - CMD-SHELL
        - sh -c 'pg_isready -U ligaconquis'
      interval: 30s
      timeout: 3s
      retries: 3
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    networks:
      - dokploy-network
  website:
    restart: always
    build: .
    command: bash -c "make docker-setup && gunicorn --threads 4 --workers=4 ligaconquis.wsgi -b 0.0.0.0:${DOKPLOY_DOCKER_PORT} --timeout=600"
    env_file:
      - .env
    healthcheck:
      test:
        - CMD-SHELL
        - curl --head  --request GET $DJANGO_BASE_URL/status/ | grep '200 OK'
      interval: 30s
      timeout: 5s
      retries: 3
    volumes:
      - media:/ligaconquis/media
    ports:
      - ${DOKPLOY_DOCKER_PORTS}
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - dokploy-network
    labels:
      - traefik.enable=true
      - traefik.http.routers.${CONTAINER_NAME}.rule=Host(`${DJANGO_BASE_URL}`)
      - traefik.http.routers.${CONTAINER_NAME}.entrypoints=websecure
      - traefik.http.routers.${CONTAINER_NAME}.tls.certResolver=letsencrypt
      - traefik.http.services.${CONTAINER_NAME}.loadbalancer.server.port=${DOKPLOY_DOCKER_PORT}
      - traefik.http.routers.ligaconquistador-staging-m7ti5h-1-web.rule=Host(`staging.mydomain.com`)
      - traefik.http.routers.ligaconquistador-staging-m7ti5h-1-web.entrypoints=web
      - traefik.http.services.ligaconquistador-staging-m7ti5h-1-web.loadbalancer.server.port=5058
      - traefik.http.routers.ligaconquistador-staging-m7ti5h-1-web.service=ligaconquistador-staging-m7ti5h-1-web
      - traefik.http.routers.ligaconquistador-staging-m7ti5h-1-web.middlewares=redirect-to-https@file
      - traefik.http.routers.ligaconquistador-staging-m7ti5h-1-websecure.rule=Host(`staging.mydomain.com`)
      - traefik.http.routers.ligaconquistador-staging-m7ti5h-1-websecure.entrypoints=websecure
      - traefik.http.services.ligaconquistador-staging-m7ti5h-1-websecure.loadbalancer.server.port=5058
      - traefik.http.routers.ligaconquistador-staging-m7ti5h-1-websecure.service=ligaconquistador-staging-m7ti5h-1-websecure
      - traefik.http.routers.ligaconquistador-staging-m7ti5h-1-websecure.tls.certresolver=letsencrypt
volumes:
  postgres_data: null
  media: null
networks:
  dokploy-network:
    external: true

Note on the above:

  • The loadbalancer.server.port is 5058 where my service runs
  • As you can see the traefik config is kinda weird, right?

Domain configured in my service (not working - 404 behaviour both http & https):

Screenshot 2025-01-01 at 17 49 19

Although I see the request goes to the right IP and for what I understand port:

Screenshot 2025-01-01 at 17 59 34

Domain configured for Dokploy (perfectly working):

Screenshot 2025-01-01 at 17 50 52

Dokploy's traefik Config (/etc/dokploy/traefik/traefik.yml):

providers:
  swarm:
    exposedByDefault: false
    watch: false
  docker:
    exposedByDefault: false
  file:
    directory: /etc/dokploy/traefik/dynamic
    watch: true
entryPoints:
  web:
    address: ':80'
  websecure:
    address: ':443'
    http:
      tls:
        certResolver: letsencrypt
api:
  insecure: true
certificatesResolvers:
  letsencrypt:
    acme:
      email: email@gmail.com
      storage: /etc/dokploy/traefik/dynamic/acme.json
      httpChallenge:
        entryPoint: web

My domain's DNS configuration:

Screenshot 2025-01-01 at 17 54 29

And the deploy settings (no issues in the logs and the service is running as expected):

Screenshot 2025-01-01 at 18 03 53

I hope someone can help debug the issue.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
6 participants