Issue
Hey ! Sorry to create an issue but I'm having problems configuring Souin with Traefik.
First of all, thanks for the awesome project ! It's a great tool to now go fully Traefik with caching features (instead of using Haproxy).
Here goes the error. When I disable Souin, everything works fine and I can access my homeassistant remotely with correct certs generated by Lets encrypt etc. However, as soon as I configure Souin, I keep getting the errors below. My configuration is available below too.
reverse-proxy-http-cache | {"level":"DEBUG","time":"2021-07-18T08:59:42.764Z","caller":"plugins/base.go:105","message":"Provider initialized"}
reverse-proxy-http-cache | {"level":"DEBUG","time":"2021-07-18T08:59:42.781Z","caller":"plugins/base.go:109","message":"Transport initialized"}
reverse-proxy-http-cache | {"level":"DEBUG","time":"2021-07-18T08:59:42.781Z","caller":"plugins/base.go:122","message":"Souin configuration is now loaded"}
reverse-proxy-http-cache | {"level":"DEBUG","time":"2021-07-18T08:59:42.782Z","caller":"souin/main.go:102","message":"Waiting for an incoming request..."}
reverse-proxy-http-cache | 2021/07/18 08:59:55 http: TLS handshake error from XXX:58720: remote error: tls: bad certificate
reverse-proxy-http-cache | 2021/07/18 08:59:56 http: TLS handshake error from XXX:58728: remote error: tls: bad certificate
I tried disabling the redirection from http to https in Traefik but it didn't change anything. I'm using network_mode: host as I have some requirements for the homeassistant for that. In case you are wondering, I'm copying the configuration.yml using Dockerfile.
Any idea why this fails ? Maybe it doesn't resolve to localhost:81 ? I've checked using netstat and Traefik is available on port 81 & 444 in the host network. I've also checked the acme.json file and its filled & it's available in the souin container at the specified path.
Thanks for your time !
Configuration
docker-compose:
version: '2.4'
################################################################################
### SERVICES
################################################################################
services:
https-proxy:
build:
context: ./traefik
dockerfile: Dockerfile
container_name: https-proxy
restart: unless-stopped
network_mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/homeassistant/traefik/acme:/etc/traefik/acme
labels:
- "traefik.enable=false"
healthcheck:
test: traefik healthcheck --ping
start_period: 500s
interval: 1800s
timeout: 3s
retries: 10
reverse-proxy-http-cache:
build:
context: ./proxy-http-cache
dockerfile: Dockerfile
container_name: reverse-proxy-http-cache
network_mode: host
environment:
GOPATH: /app
volumes:
- /opt/homeassistant/traefik/acme/acme.json:/ssl/traefik.json
- /opt/homeassistant/proxy-http-cache/:/configuration
hass:
...
Souin configuration:
log_level: DEBUG
default_cache: # Required
port: # Ports on which Souin will be exposed
web: 80
tls: 443
ttl: 10s # Default TTL
reverse_proxy_url: 'http://localhost:81' # If it's in the same network you can use http://your-service, otherwise just use https://yourdomain.com
ssl_providers:
- traefik
Traefik configuration (short extract):
entryPoints:
web:
address: :81
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :444