cvjoint / traefik2 Goto Github PK

I've been trying and failing to bypass forward auth on the API calls for FreshRSS. Using a setup similar to your Sonarr and Radarr compose files doesn't seem to work with FreshRSS;

- "traefik.http.routers.freshrss-rtr-bypass.rule=Host(`freshrss.$DOMAINNAME`) && (Headers(`X-Api-Key`, `$FRESHRSS_API_KEY`) || Query(`Passwd`, `$FRESHRSS_API_KEY`))"

With the above set, the following seems to successfully authenticate when using a browser or Postman;

https://freshrss.$DOMAINNAME/api/greader.php/accounts/ClientLogin?Email=xxx&Passwd=$FRESHRSS_API_KEY

but when adding to an RSS reader like Fiery Feeds or Reeder it doesn't work. I used an HTTP monitor and the call from the RSS apps seem to trigger authelia.

The following works but I'd rather not do this;

- "traefik.http.routers.freshrss-rtr-bypass.rule=Host(`freshrss.$DOMAINNAME`) && PathPrefix(`/api`)"

Any suggestions appreciated,
Thanks.

According to that issue you shouldn't use authelia middleware (like you do in secure-chain) to secure authelia because it will keep redirecting you until your request headers are too big for traefik.

If I use network_mode: "container:pia" or network_mode: "service:pia" to route a container through the pia container, I can no longer connect to the routed container using ip:port from other machines on the local network.

If I add the port of the routed container to the pia container, I am then able to connect to the routed container from the host machine using localhost:port but still not from other machines on the network.

In the rutorrent example in ymlfiles/pia.yml, is it possible to connect to rutorrent from other machines on the network using ip:port. If so, how? Thanks.

Edit: I realise what's happening now. The pia container has traefik labels for rutorrent and I can now connect from the local network using ip:port.

A few further questions;

1. Is there any other way to achieve the same thing but leave the traefik labels in the same block as their container in the compose file, just for ease of maintenance and readability?
2. If not, is it advisable, in the pia container, to add further traefik labels for other containers that use network_mode: "service:pia" or should I use separate pia containers for each other service?

What toml's files need to be in the rules folder

In ymlfiles/bitwarden.yml you have the Authelia label. With this on I'm unable to login to BitWarden using the iOS app, it just crashes. If I disable auth, it works. Is this just so people don't unwittingly expose BitWarden or are you able to use Authelia and still login using the BitWarden mobile apps? Thanks.

I'm using your config in a docker container with Traefikv2 but TLS negotiation is failing....any ideas?

2020-04-23T19:45:06.254712145Z 2020-04-23 19:45:06.254574 [info] VPN_ENABLED defined as 'yes'
2020-04-23T19:45:06.292974932Z 2020-04-23 19:45:06.292825 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/gw2.atl3.slickvpn.com.ovpn
2020-04-23T19:45:06.302457705Z dos2unix: converting file /config/openvpn/gw2.atl3.slickvpn.com.ovpn to Unix format...
2020-04-23T19:45:06.333174151Z 2020-04-23 19:45:06.333035 [info] VPN remote line defined as 'gw2.atl3.slickvpn.com 443 udp'
2020-04-23T19:45:06.365964775Z 2020-04-23 19:45:06.365792 [info] VPN_REMOTE defined as 'gw2.atl3.slickvpn.com'
2020-04-23T19:45:06.402278610Z 2020-04-23 19:45:06.402117 [info] VPN_PORT defined as '443'
2020-04-23T19:45:06.433175632Z 2020-04-23 19:45:06.432991 [info] VPN_PROTOCOL defined as 'udp'
2020-04-23T19:45:06.463870158Z 2020-04-23 19:45:06.463738 [info] VPN_DEVICE_TYPE defined as 'tun0'
2020-04-23T19:45:06.496232271Z 2020-04-23 19:45:06.496066 [info] LAN_NETWORK defined as '10.0.0.1/24'
2020-04-23T19:45:06.528128873Z 2020-04-23 19:45:06.527995 [info] NAME_SERVERS defined as '1.1.1.1,1.0.0.1'
2020-04-23T19:45:06.556027443Z 2020-04-23 19:45:06.555843 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2020-04-23T19:45:06.588867347Z 2020-04-23 19:45:06.588724 [info] Adding 1.1.1.1 to resolv.conf
2020-04-23T19:45:06.622103973Z 2020-04-23 19:45:06.621919 [info] Adding 1.0.0.1 to resolv.conf
2020-04-23T19:45:06.652088612Z 2020-04-23 19:45:06.651924 [info] Starting OpenVPN...
2020-04-23T19:45:06.658278851Z Thu Apr 23 19:45:06 2020 WARNING: file 'credentials.conf' is group or others accessible
2020-04-23T19:45:06.658301200Z Thu Apr 23 19:45:06 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
2020-04-23T19:45:06.658308860Z Thu Apr 23 19:45:06 2020 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08
2020-04-23T19:45:06.697777343Z Thu Apr 23 19:45:06 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]45.79.221.197:443
2020-04-23T19:45:06.697809522Z Thu Apr 23 19:45:06 2020 UDP link local: (not bound)
2020-04-23T19:45:06.697820232Z Thu Apr 23 19:45:06 2020 UDP link remote: [AF_INET]45.79.221.197:443
2020-04-23T19:45:06.725962878Z Thu Apr 23 19:45:06 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2020-04-23T19:46:06.926533682Z Thu Apr 23 19:46:06 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-04-23T19:46:06.926581072Z Thu Apr 23 19:46:06 2020 TLS Error: TLS handshake failed
2020-04-23T19:46:06.926702262Z Thu Apr 23 19:46:06 2020 SIGUSR1[soft,tls-error] received, process restarting
2020-04-23T19:46:11.950206067Z Thu Apr 23 19:46:11 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]45.79.221.197:443
2020-04-23T19:46:11.950246707Z Thu Apr 23 19:46:11 2020 UDP link local: (not bound)
2020-04-23T19:46:11.950259947Z Thu Apr 23 19:46:11 2020 UDP link remote: [AF_INET]45.79.221.197:443
2020-04-23T19:47:12.022754477Z Thu Apr 23 19:47:12 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-04-23T19:47:12.022897867Z Thu Apr 23 19:47:12 2020 TLS Error: TLS handshake failed
2020-04-23T19:47:12.023041387Z Thu Apr 23 19:47:12 2020 SIGUSR1[soft,tls-error] received, process restarting
2020-04-23T19:47:17.049793600Z Thu Apr 23 19:47:17 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]45.79.221.197:443
2020-04-23T19:47:17.049870641Z Thu Apr 23 19:47:17 2020 UDP link local: (not bound)
2020-04-23T19:47:17.049886881Z Thu Apr 23 19:47:17 2020 UDP link remote: [AF_INET]45.79.221.197:443

any idea how to overcome the permission issues shown in the logs?

2020-04-25T15:40:49.783792205Z [INFO] nzbget 21.0 server-mode
2020-04-25T15:45:10.559214557Z /data/nzbget.log: Permission denied
2020-04-25T15:45:10.712879529Z [INFO] Reloading...
2020-04-25T15:45:11.162671467Z /data/nzbget.log: Permission denied
2020-04-25T15:45:11.162714087Z /data/nzbget.log: Permission denied
2020-04-25T15:45:11.162724046Z /data/nzbget.log: Permission denied
2020-04-25T15:45:11.162732536Z /data/nzbget.log: Permission denied
2020-04-25T15:45:11.162811475Z /data/nzbget.log: Permission denied
2020-04-25T15:45:11.163433597Z nzbget.conf(55): Invalid value for option "TempDir" (/data/tmp): could not create directory /data/tmp: Permission denied
2020-04-25T15:45:11.163462847Z nzbget.conf(52): Invalid value for option "QueueDir" (/data/queue): could not create directory /data/queue: Permission denied
2020-04-25T15:45:11.163472037Z nzbget.conf(46): Invalid value for option "NzbDir":
2020-04-25T15:45:11.163480076Z [ERROR] nzbget.conf(55): Invalid value for option "TempDir" (/data/tmp): could not create directory /data/tmp: Permission denied
2020-04-25T15:45:11.163487646Z [ERROR] nzbget.conf(52): Invalid value for option "QueueDir" (/data/queue): could not create directory /data/queue: Permission denied
2020-04-25T15:45:11.163495046Z [ERROR] nzbget.conf(46): Invalid value for option "NzbDir":
2020-04-25T15:45:11.163501556Z [INFO] Pausing all activities due to errors in configuration

I tried creating the directories shown in the logs and permissioned them as $USER:docker just like all of my other containers, but its still in the logs as an issue.

I have had no success running the command specified in the mariadb yml for database backups:
docker run --rm --entrypoint cat dsteinkopf script/backup-all-mysql /backup-all-mysql.sh > $USERDIR/docker/mariadb/backup-all-mysql.sh

Attempting to do so yields the following output:

Unable to find image 'dsteinkopf:latest' locally
docker: Error response from daemon: pull access denied for dsteinkopf, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.

Hello,

Thanks for the amazing help with your repo! I'm trying to migrate from Traefik 1.7 to 2.2 (fresh install server) and one of the migration steps is nextcloud. After using the YML from your repo for nextcloud I'm not able to get the container to use the SSL certificate from Traefik instead of the one from Linuxserver.io. Do you have any pointers? Thanks a lot!

Hey, thanks for all of these great containers. I am unable to reach this one via unifi.domainname.

The only I can reach the container is via https://10.0.0.216:8443, which isnt really making sense to me.

Would you be able to help?