Post "https://restic.myurl.com:8000/test_repo/?create=true": dial tcp [<myserverip>]:8000: i/o timeout
I know my “certresolver” (lecrypt) is working correctly, as I’m using it for other services and it also does not fail to create a certificate for “https://restic.myurl.com”.
I configured my entrypoints globally in the static config.
You would only set the entrypoints for a router if you would want to limit them to a particular set of entrypoints for this router (see docs).
All my other services work fine like that.
Any reason you do not redirect to https or is it just for the minimal example?
I also have a global config that redirects all http traffic to https.
Ah, thanks for the details on entrypoints. I didn’t know that so I always make them explicit.
Did you manage to make yours work? Mine is working fine.
As for why I’m not using TLS… the answer is: I will. It’s in my ToDo list The service is internal to my LAN so not a big deal but, still, I have an internal CA and make a point of using TLS on all my internal services. Anyway, thanks for bringing that to my attention.
@nununo well if you just use it internal then ofc its no problem, but then why do you use traefik at all?
Its always the same with traefik… I forget one litte config and it takes me way to long to figure out whats missing
I should really make a checklist.
This time I forgot to set the external network, so thx @nununo you helped me out after all
The weird thing was that I was still getting responses to the restic domain in the traefik debug log, so I thought it was working alright.
Well, I have a local CA and I issue (internal) certificates for all my local servers. I use Traefik for 2 reasons:
as a reverse proxy to assign a different subdomain to each service, even when they are hosted under the same IP;
to automatically apply the internal TLS certificates to each of those certificates.
I do this because:
With internal certificates I avoid all those browser warnings;
The multiple subdomains allow me to use default port 443 for most of the services instead of using a shared FQDN and use an obscure port numbers for each service;
It’s an opportunity to learn how to use yet another amazing tool;