El panel de Traefik devuelve página 404 no encontrada + error de protocolo de enlace TLS: error remoto: tls: certificado incorrecto (traefik + bind9 + CloudFlare + Let's Encrypt)

tag-icon tag-icon ssl docker bind wildcard traefik
El panel de Traefik devuelve página 404 no encontrada + error de protocolo de enlace TLS: error remoto: tls: certificado incorrecto (traefik + bind9 + CloudFlare + Let's Encrypt)

Configuré Traefik en la ventana acoplable usando la guía:Coloque certificados comodín y SSL en TODO - Tutorial de Traefik

Pero cuando intento acceder al panel, veo un error: 404 Página no encontrada ingrese la descripción de la imagen aquí

He hecho esta pregunta en varios foros:

  1. Foro Docker
  2. Foro de Traefik
  3. Foro AskUbuntu
  4. Foro StackOverFlow
  5. Foro de error del servidor

He probado todo:

  1. Deshabilitado el firewall en Ubuntu y en el enrutador
  2. Intenté iniciar sesión desde la IP local y la IP de la máquina local: localhost y 192.168.88.253
  3. Configuré el archivo Docker Compose para que tanto Traefik como bind9 estuvieran en la misma red e incluso configuré un subdominio en bind 9 agregándole la entrada Traefik-dashboard. No pude acceder al panel de Traefik desde el dominio y todavía no puedo. Sin embargo, no puedo ingresar ni por ip local ni por localhost.

A continuación, le daré todos mis consejos, incluidos archivos de composición de Docker, registros de errores, etc. Le agradecería mucho que pudiera señalar mis defectos y ayudarme a resolver este problema.

Comencemos con traefik docker-compose.yml:

version: '3.8'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      proxy1:
      dns-server_dns-network:
        ipv4_address: 10.20.3.5
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=****@protonmail.com
      - CF_DNS_API_TOKEN=mdc3Xlhxpuidm***
      # - CF_API_KEY=YOUR_API_KEY
      # be sure to use the correct one depending on if you are using a token or key
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /root/traefik/data/traefik.yml:/traefik.yml:ro
      - /root/traefik/data/acme.json:/acme.json
      - /root/traefik/data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.****.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.****.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=local.****.com"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.****.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  dns-server_dns-network:
    external: true
  proxy1:
    external: true

Te daré una pequeña explicación: dns-server_dns-network es la red del servidor dns (bind9), que también está dentro del contenedor acoplable, pero es diferente. En este caso es necesario asignar un subdominio local y todo funcionará correctamente. proxy1 - red de la propia Traefik.

Traefik config.yml:

http:
 #region routers 
  routers:
    bind9:
      entryPoints:
        - "https"
      rule: "Host(`bind9.local.*****.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: bind9
    pterodactyl:
      entryPoints:
        - "https"
      rule: "Host(`pterodactyl.local.*****.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: pterodactyl
#endregion
#region services
  services:
    bind9:
      loadBalancer:
        servers:
          - url: "https://10.20.3.2:53"  
        passHostHeader: true
    pterodactyl:
      loadBalancer:
        servers:
          - url: "http://10.20.3.6:8082"
        passHostHeader: true
#endregion
  middlewares:
    addprefix-pihole:
      addPrefix:
prefix: "/admin"
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true
    redirectregex-pihole:
      redirectRegex:
        regex: /admin/$
        replacement: /

    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    idrac:
      headers:
        frameDeny: true
        browserXssFilter: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.88.0/24"
        - "172.16.0.0/12"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

Traefik.yml:

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: ****@protonmail.com
      storage: acme.json
      dnsChallenge:
        delayBeforeCheck: 5
        provider: cloudflare
       #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables>
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

Archivo acme.json:

{
  "cloudflare": {
    "Account": {
      "Email": "*****@protonmail.com",
      "Registration": {
        "body": {
          "status": "valid",
          "contact": [
            "mailto:****@protonmail.com"
          ]
        },
        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/1308****76"
      },
      "PrivateKey": "MIIJKQ**********fhYGyV2xowwa/O9WSHf+3GU>
      "KeyType": "4096"
    },
    "Certificates": [
      {
        "domain": {
          "main": "local.*****.com",
          "sans": [
            "*.local.*****.com"
          ]
        },
        "certificate": "LS0tLS1C***********N3VUEKTURJ>
        "key": "LS0tLS1CRUdJTiBS*******Bejk4bzdCeTBtCnhLVFFC>
        "Store": "default"
      }
    ]
  }
}

Si ejecuta Traefik con un contenedor, no hay nada en los registros:

root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"

Sin embargo, si escribe reiniciar, aparecerán errores en los registros:

root@riven:~/traefik/data# docker restart traefik
traefik
root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:36+03:00" level=info msg="Configuration loaded from file: /traefik.yml"

Por si acaso, aquí hay una lista de todos los contenedores:

root@riven:~/dns-server/config# docker ps -a
CONTAINER ID   IMAGE                 COMMAND                  CREATED        STATUS          PORTS                                                                           NAMES
78296a683271   traefik:latest        "/entrypoint.sh trae…"   11 hours ago   Up 25 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp        traefik
5c3081b0c7df   ubuntu/bind9:latest   "docker-entrypoint.sh"   12 hours ago   Up 8 minutes    0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp   dns-server

Ahora pasemos al servidor DNS bind9, que también se ejecuta en un contenedor:

bind9 docker-compose.yml:

version: '3'

networks:
  dns-network:
    driver: bridge
    ipam:
      config:
        - subnet: 10.20.0.0/16

services:
  bind9:
    container_name: dns-server
    image: ubuntu/bind9:latest
    environment:
      - BIND9_USER=root
      - TZ=Europe/Moscow
    networks:
      dns-network:
        ipv4_address: 10.20.3.2
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    volumes:
      - ./config:/etc/bind
      - ./cache:/var/cache/bind
      - ./records:/var/lib/bind
    restart: unless-stopped

archivo nombrado.conf:

acl internal {
    10.10.0.0/16;
    10.11.0.0/16;
    10.20.0.0/16;
    10.50.0.0/16;
    192.168.88.0/24;
};

options {
    forwarders {
        1.1.1.1;
        1.0.0.1;
    };
    allow-query { internal; };
};

zone "local.*****.com" IN {
    type master;
    file "/etc/bind/local-*****-com.zone";
};

Archivo local-*****-com.zone:

$TTL 2D

$ORIGIN local.*****.com.

@       IN      SOA     ns.local.*****.com.  admin.*****.com. (
                        2023083100      ; serial
                        12h             ; refresh
                        15m             ; retry
                        3w              ; expire
                        2h              ; minimum ttl
)

        IN      NS      ns.local.*****.com.

ns      IN      A       10.20.3.2

; -- add dns records below

servers IN      A       10.20.3.4
*.servers IN    A       10.20.3.4
traefik-dashboard IN A 10.20.3.5

Registros de Bind9:

root@riven:~/dns-server/config# docker logs --tail=200 dns-server
Starting named....
exec /usr/sbin/named -u "root" "-g" ""
14-Sep-2023 14:54:56.133 starting BIND 9.18.12-1ubuntu1.1-Ubuntu (Extended Support Version) <id:>
14-Sep-2023 14:54:56.133 running on Linux x86_64 6.2.0-32-generic #32~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 18 10:40:13 UTC 2
14-Sep-2023 14:54:56.133 built with  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fdebug-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=/usr/src/bind9-1:9.18.12-1ubuntu1.1 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
14-Sep-2023 14:54:56.133 running as: named -u root -g
14-Sep-2023 14:54:56.133 compiled by GCC 12.2.0
14-Sep-2023 14:54:56.133 compiled with OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 linked to OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 compiled with libxml2 version: 2.9.14
14-Sep-2023 14:54:56.133 linked to libxml2 version: 20914
14-Sep-2023 14:54:56.133 compiled with json-c version: 0.16
14-Sep-2023 14:54:56.133 linked to json-c version: 0.16
14-Sep-2023 14:54:56.133 compiled with zlib version: 1.2.13
14-Sep-2023 14:54:56.133 linked to zlib version: 1.2.13
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 BIND 9 is maintained by Internet Systems Consortium,
14-Sep-2023 14:54:56.133 Inc. (ISC), a non-profit 501(c)(3) public-benefit 
14-Sep-2023 14:54:56.133 corporation.  Support and training for BIND 9 are 
14-Sep-2023 14:54:56.133 available at https://www.isc.org/support
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 found 8 CPUs, using 8 worker threads
14-Sep-2023 14:54:56.133 using 8 UDP listeners per interface
14-Sep-2023 14:54:56.133 DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
14-Sep-2023 14:54:56.133 DS algorithms: SHA-1 SHA-256 SHA-384
14-Sep-2023 14:54:56.133 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
14-Sep-2023 14:54:56.133 TKEY mode 2 support (Diffie-Hellman): yes
14-Sep-2023 14:54:56.133 TKEY mode 3 support (GSS-API): yes
14-Sep-2023 14:54:56.137 config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
14-Sep-2023 14:54:56.137 loading configuration from '/etc/bind/named.conf'
14-Sep-2023 14:54:56.137 unable to open '/etc/bind/bind.keys'; using built-in keys instead
14-Sep-2023 14:54:56.137 looking for GeoIP2 databases in '/usr/share/GeoIP'
14-Sep-2023 14:54:56.137 using default UDP/IPv4 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 using default UDP/IPv6 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 listening on IPv4 interface lo, 127.0.0.1#53
14-Sep-2023 14:54:56.141 listening on IPv4 interface eth0, 10.20.3.2#53
14-Sep-2023 14:54:56.141 Could not open '//run/named/named.pid'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/named.pid': Permission denied
14-Sep-2023 14:54:56.141 generating session key for dynamic DNS
14-Sep-2023 14:54:56.141 Could not open '//run/named/session.key'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/session.key': Permission denied
14-Sep-2023 14:54:56.141 could not create //run/named/session.key
14-Sep-2023 14:54:56.141 failed to generate session key for dynamic DNS: permission denied
14-Sep-2023 14:54:56.141 sizing zone task pool based on 1 zones
14-Sep-2023 14:54:56.141 none:99: 'max-cache-size 90%' - setting to 57829MB (out of 64255MB)
14-Sep-2023 14:54:56.141 using built-in root key for view _default
14-Sep-2023 14:54:56.141 set up managed keys zone for view _default, file 'managed-keys.bind'
14-Sep-2023 14:54:56.141 automatic empty zone: 10.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 16.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 17.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 18.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 19.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 20.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 21.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 22.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 23.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 24.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 25.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 26.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 27.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 28.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 29.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 30.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 31.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 168.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 64.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 65.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 66.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 67.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 68.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 69.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 70.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 71.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 72.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 73.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 74.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 75.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 76.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 77.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 78.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 79.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 80.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 81.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 82.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 83.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 84.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 85.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 86.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 87.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 88.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 89.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 90.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 91.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 92.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 93.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 94.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 95.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 96.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 97.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 98.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 99.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 101.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 102.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 103.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 104.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 105.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 106.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 107.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 108.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 109.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 110.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 111.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 112.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 113.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 114.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 115.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 116.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 117.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 118.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 119.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 120.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 121.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 122.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 123.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 124.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 125.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 126.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 0.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 254.169.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 2.0.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.51.198.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 113.0.203.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: D.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 9.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: A.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: B.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: EMPTY.AS112.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: HOME.ARPA
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on 127.0.0.1#953
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on ::1#953
14-Sep-2023 14:54:56.145 not using config file logging statement for logging due to -g option
14-Sep-2023 14:54:56.145 managed-keys-zone: loaded serial 2
14-Sep-2023 14:54:56.149 zone local.*****.com/IN: loaded serial 2023083100
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:1::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:dc3::35#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:ba3e::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fe::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:12::d0d#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2::c#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2f::f#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:a8::e#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:9f::42#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fd::1#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:c27::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:200::b#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2d::d#53
14-Sep-2023 14:54:56.153 all zones loaded
14-Sep-2023 14:54:56.153 running
14-Sep-2023 14:54:56.173 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
14-Sep-2023 14:54:56.177 resolver priming query complete: success

Todas mis redes:

root@riven:~/dns-server/config# docker network ls
NETWORK ID     NAME                     DRIVER    SCOPE
bed0ea1726ee   bridge                   bridge    local
37f54b168f7e   dns-server_dns-network   bridge    local
8db2a758902a   host                     host      local
d5d2a3a56006   none                     null      local
44f6196d71d9   proxy1                   bridge    local

Comprobación de direcciones IP de contenedores:

root@riven:~/dns-server/config# docker ps -a
CONTAINER ID   IMAGE                 COMMAND                  CREATED        STATUS          PORTS                                                                           NAMES
78296a683271   traefik:latest        "/entrypoint.sh trae…"   11 hours ago   Up 25 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp        traefik
5c3081b0c7df   ubuntu/bind9:latest   "docker-entrypoint.sh"   12 hours ago   Up 8 minutes    0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp   dns-server
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 78296a683271
10.20.3.5172.18.0.2
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 5c3081b0c7df
10.20.3.2

Pero como puede ver, el servidor DNS funciona bien, puede verlo en las consultas de nslookup:

root@riven:~/dns-server/config# nslookup local.*****.com
Server:         192.168.88.1
Address:        192.168.88.1#53

Non-authoritative answer:
Name:   local.*****.com
Address: 91.***.***.1*4

root@riven:~/dns-server/config# nslookup servers.local.*****.com 10.20.3.2
Server:         10.20.3.2
Address:        10.20.3.2#53

Name:   servers.local.*****.com
Address: 10.20.3.4

root@riven:~/dns-server/config# nslookup traefik-dashboard.local.*****.com 10.20.3.2
Server:         10.20.3.2
Address:        10.20.3.2#53

Name:   traefik-dashboard.local.*****.com
Address: 10.20.3.5

Además, si voy al dominio local (local.*****.com), veré la página de mi enrutador microtik. ingrese la descripción de la imagen aquí

Pero si entro al panel de traefik, veo que nada funciona:

ingrese la descripción de la imagen aquí

rizo:

ingrese la descripción de la imagen aquí ingrese la descripción de la imagen aquí

Tenga en cuenta que estoy haciendo todo lo anterior desde una máquina host local y con el firewall de Ubuntu (UFW) completamente deshabilitado. ¡¡¡Y también con el firewall de Mikrotik deshabilitado!!!

No tengo idea de qué hice mal ni cómo hacer que todo funcione. Al menos cómo hacer que funcione el panel Traefik. Agradecería ayuda y consejo.

información relacionada