How to successfully configure HA Docker behind Traefik for use_x_forwarded_for and ip_ban_enabled

TheNotSoSmartHome · May 10, 2019, 8:55pm

Please look at the post above.

There is services that include the traefik image and config and then at the base level a network config as well. This one will link the external network to the one used in the docker-compose.yml.

CBRHerms · May 12, 2019, 10:32pm

You’ve set your compose version at the top of your file to version: "3"

external is a version: "2" config option. Think they changed it for 3+

TheNotSoSmartHome · May 13, 2019, 8:29pm

The issue is not the version. svaguilav had copied the network section into the services section which was not expected and caused an error.

FutureTense · May 15, 2019, 10:15pm

For some reason I had to reboot my router, but this did the trick. Thanks!

Robvred · April 27, 2020, 9:04am

I’ve the same “Bad gateway” error, and I’ve used the same config as you @TheNotSoSmartHome to check my configuration but it’s same.
That’s pretty wired and I’ve been busting my brains over it for the past few nights…

Behind Traefik too, wo the http section all working fine, as soon as add it, it’s doesn’t work.

Configuration.yaml

http:
    base_url: https://xxxxxxxxxxxxx
    ssl_certificate: /ssl/fullchain.pem
    ssl_key: /ssl/privkey.pem
    port: 8123
    use_x_forwarded_for: true
    trusted_proxies:
      - 172.18.0.4 # Traefik

Docker compose

version: "3.7"

########################### NETWORKS
networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge
########################### SERVICES
services:
  homeassistant:
    container_name: home-assistant
    image: homeassistant/home-assistant:stable
    restart: always
    networks:
      - t2_proxy
    volumes:
      - /data/home-assistant/config:/config
      - /data/home-assistant/ssl:/ssl
      - /data/home-assistant/share:/share
    devices:
      - /dev/ttyUSB0:/dev/ttyUSB0
      - /dev/ttyACM0:/dev/ttyACM0
    environment:
      - TZ=$TZ
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.homeassistant-rtr.entrypoints=https"
      - "traefik.http.routers.homeassistant-rtr.rule=Host(`homeassistant.$DOMAINNAME`)"
      - "traefik.http.routers.homeassistant-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.homeassistant-rtr.middlewares=chain-oauth@file" # Google OAuth 2.0
      ## HTTP Services
      - "traefik.http.routers.homeassistant-rtr.service=homeassistant-svc"
      - "traefik.http.services.homeassistant-svc.loadbalancer.server.port=8123"

Do I’ve missed something ?

Thanks for your help !

Robvred · April 27, 2020, 1:05pm

Solved.

In http conf it’s require to not configure port and ssl