Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change in dynamic config for a TCP router applied but effectively ignored #10411

Closed
2 tasks done
aspnetde opened this issue Feb 5, 2024 · 3 comments
Closed
2 tasks done

Change in dynamic config for a TCP router applied but effectively ignored #10411

aspnetde opened this issue Feb 5, 2024 · 3 comments
Assignees
@jspdown
Labels
contributor/waiting-for-feedback kind/question a question status/5-frozen-due-to-age

Comments

@aspnetde
Copy link

aspnetde commented Feb 5, 2024

Welcome!

  • Yes, I've searched similar issues on GitHub and didn't find any.
  • Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What did you do?

Hello everyone!

(Disclaimer: I already posted this in the community forum but now realize that it's probably a bug and might fit better here, so forgive me the cross-post.)

I have got a Traefik instance, hosted in Docker, that is supposed to forward all traffic 1:1 to a server behind it. This works, everything arrives at IP_A successfully, which also responds to those requests. However, if I change the Traefik config at runtime from IP_A to IP_B, it seems to work at first, too. Plus, when I look at the (only temporarily activated) dashboard of Traefik, then the address for the service (IP_B) is also correctly shown.

What did you see instead?

All traffic continues to go to IP_A, it never arrives at IP_B although that one is now configured. Only when I stop and restart the container does the change take effect.

In other words: The instance starts with IP_A as configured. During runtime I change the address to IP_B, which, according to the logs and the dashboard, is applied successfully, but then effectively ignored as any traffic is still and only routed to IP_A.

What version of Traefik are you using?

Version: 2.10.7
Codename: saintmarcelin
Go version: go1.21.5
Built: 2023-12-06T15:54:59Z
OS/Arch: linux/amd64

(Same with the latest 2.11.* build from Docker Hub.)

What is your environment & configuration?

docker-compose.yml

version: '3.8'

services:
  traefik:
    image: traefik:v2.10
    restart: always
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.file.directory=/config
      - --providers.file.watch=true
      - --entrypoints.websecure.address=:443
    ports:
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /config:/config

My /config/routes.yml:

tcp:
  routers:
    external-service-router:
      rule: "HostSNI(`*`)"
      service: "external-service"
      entryPoints: ["websecure"]
  services:
    external-service:
      loadBalancer:
        servers:
          - address: "IP_A:443"

If applicable, please paste the log output in DEBUG level

traefik-1  | time="..." level=debug msg="Creating TCP server 0 at IP_B:443" entryPointName=websecure routerName=external-service-router@file serviceName=external-service serverName=0
traefik-1  | time="..." level=debug msg="Adding route for \"HostSNI(`*`)\"" entryPointName=websecure routerName=external-service-router@file
@jspdown jspdown self-assigned this Feb 8, 2024
@jspdown
Copy link
Contributor

jspdown commented Feb 13, 2024

Hello @aspnetde 👋
I've tried reproducing the issue but everything seems to work as expected.

Here is my setup:

./docker-compose.yaml:

version: '3.8'

services:
  traefik:
    image: traefik:v2.10
    restart: always
    command:
      - --api.insecure=true
      - --log.level=debug
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.file.directory=/config
      - --providers.file.watch=true
      - --entrypoints.websecure.address=:443
    ports:
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config:/config

config/routers.yaml

tcp:
  routers:
    external-service-router:
      rule: "HostSNI(`*`)"
      service: "external-service"
      entryPoints: ["websecure"]
  services:
    external-service:
      loadBalancer:
        servers:
          - address: "<IP_A>:443"

The IP I used are those of public server such as traefik.io.
When I change the IP address to something else, I see the right log:

Creating TCP server 0 at :443" serverName=0 entryPointName=websecure routerName=external-service-router@file serviceName=external-service

I call the service by doing a curl as follow:

curl https://localhost -H "Host: traefik.io" -vk

Could you provide a self contained reproducible test case? Or point me where my setup differs?

@aspnetde
Copy link
Author

Unfortunately, I don't have a development machine available right now. Your configuration looks quite similar to mine as posted above, but it's not exactly the same. Maybe disabling the debug mode would have the (not so) desired effect? Anyway, I can try to reproduce it once again in a couple of days.

@aspnetde
Copy link
Author

@jspdown You are right, I can reproduce the correct behavior now, too. Even when testing it with my config, without using the debug mode. I have no idea what went wrong back initially.

@traefik traefik locked and limited conversation to collaborators Mar 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jspdown jspdown

Labels
contributor/waiting-for-feedback kind/question a question status/5-frozen-due-to-age
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aspnetde @jspdown @traefiker