I’m hoping someone can help me figure out what I’m doing wrong.
I have a VM on my local network that has Traefik, 2 apps (whomai and myapp), and wireguard in server mode (let’s call this VM “server”). I have another VM on the same network with Traefik and wireguard in client mode (let’s call this VM “client”).
- both VMs can can ping each other using their VPN IP addresses
- wireguard successfully handshakes
- I have
myapp.mydomain.comas a host override on my router so every computer in my house points it to “client” - when I run
curl -L --header 'Host: myapp.mydomain.com'from the myapp container it successfully returns the myapp page.
But when I browse to http://myapp.mydomain.com I get “Internal Server Error”, yet nothing appears in the docker logs for any app (neither traefik container, neither wireguard container, nor the myapp container).
Any suggestions/assistance would be appreciated!
This seems like an issue where the wireguard is not using the correct DNS server. Does the wireguard DNS setting point to the router?
A diagrams might help me to see what is going on more clearly.
Thanks for helping, @Lem453@lemmy.ca.
Both wireguard containers are using my router for DNS, and my router points
myapp.mydomain.comandwhoami.mydomain.comto “client”.
500 errors typically log a stack trace in the server logs. Have you checked there? That would give more indication of where to start debugging.
By “server log”, do you mean traefik’s log? If so, this is the only thing I could find (and I don’t know what it means): https://lemmy.d.thewooskeys.com/comment/514711
No. Traefik says the 500 error came from downstream. So that means either wireguard or myapp. Check the logs for those.
I should add that I’m running Traefik 2.11.2 and wireguard from the Linuxserver image
lscr.io/linuxserver/wireguardversion v1.0.20210914-ls22.@deergon@lemmy.world, @shasta@lemm.ee, and @lemmyvore@feddit.nl,
THanks for your help. My main issue ended up being that I was trying to use Let’s Encrypt’s staging mode, but since staging certs are self-signed, Traefik was not accepting the requests. Also, though I had to switch Traefik’s logging level to Info instead of error to see that.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol VPN Virtual Private Network
4 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.
[Thread #723 for this sub, first seen 29th Apr 2024, 11:55] [FAQ] [Full list] [Contact] [Source code]
Just a few thoughts:
- Did you enable access logs in Traefik as well as setting global log level to debug? This usually gives a lot more info about whats going on
- Are the containers using the same docker network or host network, so they can reach each other?
Thanks for helping, @deergon@lemmy.world.
Both traefik containers (on the “server” and “client” VMs) and the wireguard server container were built with
TRAEFIK_NETWORK_MODE=host. The VMs can ping each other and the Wireguard containers can ping each other.Both traefik containers were built with
TRAEFIK_LOG_LEVEL=warnbut I changed them both toTRAEFIK_LOG_LEVEL=infojust now. There’s a tad more info in the logs, but nothing that seems pertinent.How about the Traefik access logs (separate from the main log), do they reveal anything?
From traefik’s access.log:
{"ClientAddr":"192.168.1.17:45930","ClientHost":"192.168.1.17","ClientPort":"45930","ClientUsername":"-","DownstreamContentSize":21,"DownstreamStatus":500,"Duration":13526669,"OriginContentSize":21,"OriginDuration":13462593,"OriginStatus":500,"Overhead":64076,"RequestAddr":"whoami.mydomain.com","RequestContentSize":0,"RequestCount":16032,"RequestHost":"whoami.mydomain.com","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"websecure-whoami-vpn@file","ServiceAddr":"10.13.16.1","ServiceName":"whoami-vpn@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"10.13.16.1","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2024-04-30T00:21:51.533176765Z","StartUTC":"2024-04-30T00:21:51.533176765Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-04-30T00:21:51Z"} {"ClientAddr":"192.168.1.17:45930","ClientHost":"192.168.1.17","ClientPort":"45930","ClientUsername":"-","DownstreamContentSize":21,"DownstreamStatus":500,"Duration":13754666,"OriginContentSize":21,"OriginDuration":13696179,"OriginStatus":500,"Overhead":58487,"RequestAddr":"whoami.mydomain.com","RequestContentSize":0,"RequestCount":16033,"RequestHost":"whoami.mydomain.com","RequestMethod":"GET","RequestPath":"/favicon.ico","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"websecure-whoami-vpn@file","ServiceAddr":"10.13.16.1","ServiceName":"whoami-vpn@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"10.13.16.1","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2024-04-30T00:21:51.74274202Z","StartUTC":"2024-04-30T00:21:51.74274202Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-04-30T00:21:51Z"}All I can tell from this is that there is a DownstreatStatus of 500. I don’t know what that means.
Have you tried accessing your service url from inside the Traefik container? Eg. wget https://10.13.16.1? Also you seem to be accessing the service url with https, which usually requires insecureSkipVerify=true. Otherwise you might get http-500 error downstream.
