Traefik Bad Gateway error while switching to HTTPS

Question

I'm using Traefik to get SSL certificate for my fastapi application in a container. After spinning up the container I could find that my SSL certificate is just fine, but my website would throw me a "Bad Gateway" error.

Below are relevant parts of my docker-compose, a Dockerfile.traefik, which is built inside the docker-compose, and a traefik.prod.toml that is used within it.

For the api entrypoint, I'm using a python module toncinta-api(you can see it as the entrypoint of the service api in my docker-compose ), which contains the command uvicorn.run("api:app", host='0.0.0.0')

Docker-compose:

.
.
  api:
    image: toncinta/toncinta-python:chime
    container_name: toncinta-api-default
    #ports:
    #  - "80:80"
    expose:
      - 80
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.fastapi.rule=Host(`toncinta-api.com`)"
      - "traefik.http.routers.fastapi.tls=true"
      - "traefik.http.routers.fastapi.tls.certresolver=letsencrypt"
    stdin_open: true
    tty: true
    entrypoint: toncinta-api
    
  traefik:  # new
    build:
      context: .
      dockerfile: Dockerfile.traefik
    ports:
      - 80:80
      - 443:443
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik-public-certificates:/certificates"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`dashboard.toncinta-api.com`) && (PathPrefix(`/`)"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.routers.dashboard.service=api@internal"

Dockerfile.traefik

# Dockerfile.traefik

FROM traefik:v2.9.6

COPY ./traefik.prod.toml ./etc/traefik/traefik.toml

traefik.prod.toml

# traefik.prod.toml

[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.web.http]
    [entryPoints.web.http.redirections]
      [entryPoints.web.http.redirections.entryPoint]
        to = "websecure"
        scheme = "https"

  [entryPoints.websecure]
    address = ":443"

[accessLog]

[api]
dashboard = true

[providers]
  [providers.docker]
    exposedByDefault = false

[certificatesResolvers.letsencrypt.acme]
  email = "[email protected]"
  storage = "/certificates/acme.json"
  [certificatesResolvers.letsencrypt.acme.httpChallenge]
    entryPoint = "web"

I suspect this might be related to the ports I expose/use for uvicorn server and traefik. I followed some related stackoverflow discussions, but could not find a fix.

Answer 1

As doneforaiur pointed out, I managed to resolve it by adding port to the command like so: uvicorn.run("api:app", host='0.0.0.0', port=5000) and explicitly exposing it as a port in the service definition of my web service in docker-compose.

But now my problem is that only toncinta-api.com gets HTTPS and browsers dismiss www.toncinta-api.com as insecure. Is that something to do with how traefik configures the certificates, again, something to be changed still in my docker-compose?

Answer 2

Answering separately following comments from community bot. These lines under the the tag label of the service web of my docker-compose helped me with https on www.toncinta.com

.
.
"traefik.http.routers.fastapi2.rule=Host(www.toncinta-api.com)" - 
"traefik.http.routers.fastapi2.tls=true" - 
"traefik.http.routers.fastapi2.tls.certresolver=letsencrypt"