Traefik services hostname issue

[NameAgain]

Hello Community,

I've followed this Youtube video to use Traefik in TrueNas Scale:


Strangely, the hostnames don't work. Basically, if I click the "open" button,

I get redirected to the correct host name, but getting an error [DNS_PROBE_FINISHED_NXDOMAIN].

If I use the IP from the service in Traefik the page loads.

I'm a bit stuck here. Could somebody point me to the right direction?

 

[NameAgain]

Alright, I solved it myself. Here for those who are facing the same issue:

My router, a Fritz!Box, did use DNS-Rebind-Productions to protect the network for DNS-Rebind attacks. So, that means you need to add your domains into a white list. For FritzBox this would be Network -> Network Settings and scroll down to DNS-Rebind-Production.

Add your domain e.g. example.com, no wildcard needed all subdomains are already included with that.

 

[panzerscope]

I used the same video as it happens. My issue with Traefik though is that when I use my subdomain for access an app, it is taking me to the NAS GUI instead. I have have tried everything I can think of and hitting a wall.

 

[NameAgain]

@panzerscope
So if you are just working with internal DNS IPs, then Cloudflare redirects shouldn't be an issue, which sounds like your router could redirect you to your TrueNas IP.

Can you do two things?

1. Checking the the IPs of your subdomains in the terminal
   Code:

   nslookup subdomain.example.com

2. Opening your subdomain via the network tab in the dev console and checking if there are no 301-308 staus codes

 

[panzerscope]

Hey there,

Thanks for reaching out. Ok so I did what you asked, I did the NS lookup in shell and this was the readout.

I also checked the network Tab on Chrome and the Subdomain is getting a code 302.

Just as an fyi, I runs Pfsense firewall at 192.168.1.1. Is it messing with my DNS resolution ?

Thanks very much,
P

 

[NameAgain]

Hey,

so I assume the 175.67.181.248 is your second IP in the TrueNas network through all your apps a running. The 302 indicates there is a redirect, have you checked this?

Redirecting Client DNS Requests | pfSense Documentation

docs.netgate.com

 

[panzerscope]

Hey,

so I assume the 175.67.181.248 is your second IP in the TrueNas network through all your apps a running. The 302 indicates there is a redirect, have you checked this?

Redirecting Client DNS Requests | pfSense Documentation

docs.netgate.com

Hey,

The second IP is something TrueNas is handling as parts of the system I would imagine. I will look at the resource you linked which looks to make sure that Pfsense is capturing and processing all the DNS requests rather than an outside source. Let me put that into place and see what we get. Update coming soon.

Thanks very much.

 

[victort]

You need to set the hostnames to resolve to whatever IP your Traefik is listening on.
In pfsense you can do this in DNS resolver, at the bottom where it says hostname override.

Or alternatively in DHCP server.

 

[panzerscope]

Hey,

so I assume the 175.67.181.248 is your second IP in the TrueNas network through all your apps a running. The 302 indicates there is a redirect, have you checked this?

Redirecting Client DNS Requests | pfSense Documentation

docs.netgate.com

So I tried that method, and making the DNS exclusive to Pfsense was blocking my SSL authentication as it processes a DNS challenge to CloudFlare, though I am sure there is a workaround.

You need to set the hostnames to resolve to whatever IP your Traefik is listening on.
In pfsense you can do this in DNS resolver, at the bottom where it says hostname override.

Or alternatively in DHCP server.

This actually resolved the issue. I was looking in that are on Pfsense a little earlier and wondered if it was something that would help the issue, but you reminded me and confirmed it.

Thanks very much to the both of you. I had been boiling my head over this one for a little while.

 

[truecharts]

We want to highlight that our support is only available on our Discord.
We've no staff available here to help you out.