traefik failed external connectivity - 443 already in use

1
votes

I am running a server and I have a pointed my domain via cloudflare to my server IP and have a signed SSL certificate via LetsEncrypt for my domain. My server is running an apache webserver using porto 443 for the ssl traffic. I installed docker and a run a couple of containers. My goal is to get traefik up and running using port 443 as well and route all docker traffic through it. Is that even possible?

I used this here: https://www.linuxserver.io/2018/02/03/using-traefik-as-a-reverse-proxy-with-docker/ to write my traefik.toml file and my docker-compose file.

However, whenever I start up the docker-compose all services are up except traefik. I receive following error:

ERROR: for traefik Cannot start service traefik: driver failed programming external connectivity on endpoint traefik (2d10b64b47e62e7dcb5f94265529fb647e4ba62dbeeb43c201ea02d39f60b381): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use ERROR: Encountered errors while bringing up the project.

I wonder if the reason is that I already use port 443 for my domain?! How can I fix this?

Thanks for your help!

2
docker-composetraefik

2 Answers

0
votes

You are using docker in Linux:

Some of these commands should give you a clue that you are using them:

sudo lsof -i -P -n | grep LISTEN

netstat -tulpn | grep LISTEN

example:

docker-pr 2405 root 4u IPv6 28930 0t0 TCP *:443 (LISTEN)

if 443 is occupied by docker ... it means that you have in some YML an exposed port 443, besides that of Traefik (if it is some other application proceeds to change port or close it [pkill])

You can try to separate the "Services" of the YML in different YML and turn them on one by one, in order to find the image that is causing you conflicts (If you separate them remember to create the appropriate external "Networks".)

(by the way ... I recommend that the first image that starts be the one of traefik)

(You can also copy and paste your YML files for better help.)

Edit

RewriteEngine on 
RewriteCond %{HTTPS} off 
# RewriteCond %{SERVER_PORT} ^9000$ 
RewriteRule ^(.*)$ https://%{HTTP_HOST}:9443%{REQUEST_URI}

edit2 in toml config traefik: (I have no idea what works, try it)

# Entrypoints, http and https
[entryPoints]

# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"

# https is the default
[entryPoints.https]
address = ":9443"

[entryPoints.https.tls]

The other solution that occurs to me is to make your main apache as a Proxy Tunnel, BUT, then you do not need to bring traefik :P

0
votes

I've got the same issue. I've tried everything I found on stackoverflow and github.

Only this worked for me:

sudo lsof -i -P -n | grep LISTEN

And I've got somethink like this:

enter image description here

And I decided to kill the first PID (related to 80 port)

sudo kill -9 1876

And then I've started the service with docker on network and everything worked fine. Hooray!!!