this post was submitted on 28 Apr 2024
16 points (100.0% liked)

Selfhosted

40200 readers
716 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm hoping someone can help me figure out what I'm doing wrong.

I have a VM on my local network that has Traefik, 2 apps (whomai and myapp), and wireguard in server mode (let's call this VM "server"). I have another VM on the same network with Traefik and wireguard in client mode (let's call this VM "client").

  • both VMs can can ping each other using their VPN IP addresses
  • wireguard successfully handshakes
  • I have myapp.mydomain.com as a host override on my router so every computer in my house points it to "client"
  • when I run curl -L --header 'Host: myapp.mydomain.com' from the myapp container it successfully returns the myapp page.

But when I browse to http://myapp.mydomain.com I get "Internal Server Error", yet nothing appears in the docker logs for any app (neither traefik container, neither wireguard container, nor the myapp container).

Any suggestions/assistance would be appreciated!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 6 months ago (4 children)

Just a few thoughts:

  • Did you enable access logs in Traefik as well as setting global log level to debug? This usually gives a lot more info about whats going on
  • Are the containers using the same docker network or host network, so they can reach each other?
[–] [email protected] 1 points 6 months ago (3 children)

Thanks for helping, @[email protected].

Both traefik containers (on the "server" and "client" VMs) and the wireguard server container were built with TRAEFIK_NETWORK_MODE=host. The VMs can ping each other and the Wireguard containers can ping each other.

Both traefik containers were built with TRAEFIK_LOG_LEVEL=warn but I changed them both to TRAEFIK_LOG_LEVEL=info just now. There's a tad more info in the logs, but nothing that seems pertinent.

[–] [email protected] 1 points 6 months ago (2 children)

How about the Traefik access logs (separate from the main log), do they reveal anything?

[–] [email protected] 1 points 6 months ago (1 children)

From traefik's access.log:

{"ClientAddr":"192.168.1.17:45930","ClientHost":"192.168.1.17","ClientPort":"45930","ClientUsername":"-","DownstreamContentSize":21,"DownstreamStatus":500,"Duration":13526669,"OriginContentSize":21,"OriginDuration":13462593,"OriginStatus":500,"Overhead":64076,"RequestAddr":"whoami.mydomain.com","RequestContentSize":0,"RequestCount":16032,"RequestHost":"whoami.mydomain.com","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"websecure-whoami-vpn@file","ServiceAddr":"10.13.16.1","ServiceName":"whoami-vpn@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"10.13.16.1","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2024-04-30T00:21:51.533176765Z","StartUTC":"2024-04-30T00:21:51.533176765Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-04-30T00:21:51Z"}
{"ClientAddr":"192.168.1.17:45930","ClientHost":"192.168.1.17","ClientPort":"45930","ClientUsername":"-","DownstreamContentSize":21,"DownstreamStatus":500,"Duration":13754666,"OriginContentSize":21,"OriginDuration":13696179,"OriginStatus":500,"Overhead":58487,"RequestAddr":"whoami.mydomain.com","RequestContentSize":0,"RequestCount":16033,"RequestHost":"whoami.mydomain.com","RequestMethod":"GET","RequestPath":"/favicon.ico","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"websecure-whoami-vpn@file","ServiceAddr":"10.13.16.1","ServiceName":"whoami-vpn@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"10.13.16.1","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2024-04-30T00:21:51.74274202Z","StartUTC":"2024-04-30T00:21:51.74274202Z","TLSCipher":"TLS_CHACHA20_POLY1305_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-04-30T00:21:51Z"}

All I can tell from this is that there is a DownstreatStatus of 500. I don't know what that means.

[–] [email protected] 1 points 6 months ago

Have you tried accessing your service url from inside the Traefik container? Eg. wget https://10.13.16.1? Also you seem to be accessing the service url with https, which usually requires insecureSkipVerify=true. Otherwise you might get http-500 error downstream.