Add support for edgedb protocol #10696

daniel156161 · 2024-05-05T22:08:10Z

Welcome!

Yes, I've searched similar issues on GitHub and didn't find any.
Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What did you do?

Read the docs https://docs.edgedb.com/database/reference/protocol#sockets https://docs.edgedb.com/changelog/1_0_b3#tls and thinked it works with ALPN

try to use the edgedb cli tool with the edgeDB Container behind the traefik proxy

edgeDB Default PORT(5656)

$ edgedb --dsn edgedb://DOMAIN

What did you see instead?

edgedb error: ClientConnectionFailedError: received fatal alert: NoApplicationProtocol

Tested too if EdgeDB container is working with https got a website over https://DOMAIN/ui just have a problem with the cli tool

What version of Traefik are you using?

Version: 3.0.0
Codename: beaufort
Go version: go1.22.2
Built: 2024-04-29T14:25:59Z
OS/Arch: linux/amd64

What is your environment & configuration?

traefik.yaml

services:
  traefik:
    image: traefik:v3.0.0
    container_name: traefik
    ports:
      - 80:80
      - 443:443
      # -- (Optional) Enable Dashboard, don't do in production
      - 8090:8080
      # -- Custom entrypoints
      - 5656:5656
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/traefik.yaml:/etc/traefik/traefik.yaml:ro
      - ./traefik/conf/:/etc/traefik/conf/
      - ./traefik/certs/:/etc/traefik/certs/
      - ./traefik/logs:/var/log/traefik/
    # -- (Optional) When using Cloudflare as Cert Resolver
    environment:
      - CF_DNS_API_TOKEN=API_KEY
      - "traefik.docker.network=traefik-network"
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
    # -- (Optional) When using a custom network
    networks:
      - traefik-network
    restart: unless-stopped

networks:
  traefik-network:
    external: true

EdgeDB Docker-Config

version: "3"

services:
  edgedb:
    image: edgedb/edgedb
    container_name: EdgeDB
    volumes:
      - "./dbschema:/dbschema"
      - "./data:/var/lib/edgedb/data"
    environment:
      EDGEDB_SERVER_INSTANCE_NAME: EdgeDB
      EDGEDB_SERVER_TLS_CERT_MODE: generate_self_signed
      EDGEDB_CLIENT_TLS_SECURITY: insecure
      EDGEDB_SERVER_ADMIN_UI: enabled
      EDGEDB_SERVER_USER: admin
      EDGEDB_SERVER_PASSWORD: test
      UID: 100
      GID: 100
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik-network"

      - "traefik.http.routers.edgedb.entrypoints=websecure"
      - "traefik.http.routers.edgedb.rule=Host(`DOMAIN`)"
      - "traefik.http.routers.edgedb.tls=true"
      - "traefik.http.routers.edgedb.tls.certresolver=production"
      - "traefik.http.routers.edgedb.service=edgedb"
      - "traefik.http.services.edgedb.loadbalancer.server.port=5656"
      - "traefik.http.services.edgedb.loadbalancer.server.scheme=https"

      - "traefik.tcp.routers.edgedb.entrypoints=edgedb"
      - "traefik.tcp.routers.edgedb.rule=HostSNI(`DOMAIN`)"
      - "traefik.tcp.routers.edgedb.service=edgedb"
      - "traefik.tcp.routers.edgedb.tls=true"
      - "traefik.tcp.routers.edgedb.tls.certresolver=production"
      - "traefik.tcp.services.edgedb.loadbalancer.server.port=5656"
    networks:
      traefik-network:

networks:
  traefik-network:
    external: true

traefik.yaml

global:
  checkNewVersion: false
  sendAnonymousUsage: false

# -- (Optional) Change Log Level and Format here...
#     - loglevels [DEBUG, INFO, WARNING, ERROR, CRITICAL]
#     - format [common, json, logfmt]
log:
  level: DEBUG
  format: common
  filePath: /var/log/traefik/traefik.log

# -- (Optional) Enable Accesslog and change Format here...
#     - format [common, json, logfmt]
#accesslog:
#  format: common
#  filePath: /var/log/traefik/access.log

# -- (Optional) Enable API and Dashboard here, don't do in production
api:
  dashboard: true
  insecure: true

# -- Change EntryPoints here...
entryPoints:
  web:
    address: :80
    # -- (Optional) Redirect all HTTP to HTTPS
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: :443
    proxyProtocol:
      trustedIPs:
        - 172.20.0.0/16
        - 173.245.48.0/20
        - 103.21.244.0/22
        - 103.22.200.0/22
        - 103.31.4.0/22
        - 141.101.64.0/18
        - 108.162.192.0/18
        - 190.93.240.0/20
        - 188.114.96.0/20
        - 197.234.240.0/22
        - 198.41.128.0/17
        - 162.158.0.0/15
        - 104.16.0.0/13
        - 104.24.0.0/14
        - 172.64.0.0/13
        - 131.0.72.0/22
    forwardedHeaders:
      trustedIPs:
        - 172.20.0.0/16
        - 173.245.48.0/20
        - 103.21.244.0/22
        - 103.22.200.0/22
        - 103.31.4.0/22
        - 141.101.64.0/18
        - 108.162.192.0/18
        - 190.93.240.0/20
        - 188.114.96.0/20
        - 197.234.240.0/22
        - 198.41.128.0/17
        - 162.158.0.0/15
        - 104.16.0.0/13
        - 104.24.0.0/14
        - 172.64.0.0/13
        - 131.0.72.0/22
  metrics:
    address: :8082

  # -- (Optional) Add custom Entrypoint
  edgedb:
    address: :5656
  # custom:
  #   address: :8080

# -- Configure your CertificateResolver here...
certificatesResolvers:
#   staging:
#     acme:
#       email: [email protected]
#       storage: /etc/traefik/certs/acme.json
#       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
#       -- (Optional) Remove this section, when using DNS Challenge
#       httpChallenge:
#         entryPoint: web
#       -- (Optional) Configure DNS Challenge
#       dnsChallenge:
#         provider: your-resolver (e.g. cloudflare)
#         resolvers:
#           - "1.1.1.1:53"
#           - "8.8.8.8:53"
  production:
    acme:
      email: E-MAIL
      storage: /etc/traefik/certs/acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      # -- (Optional) Remove this section, when using DNS Challenge
      #httpChallenge:
      #  entryPoint: web
      # -- (Optional) Configure DNS Challenge
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

metrics:
  prometheus:
    entryPoint: metrics
    addRoutersLabels: true
    addEntryPointsLabels: true
    addServicesLabels: true
    headerLabels:
      label: requests_total

# -- (Optional) Disable TLS Cert verification check
serversTransport:
  insecureSkipVerify: true

providers:
  docker:
    exposedByDefault: false
  file:
    directory: /etc/traefik/conf
    watch: true

tls:
  options:
    default:
      alpnProtocols:
        - edgedb-binary
        - http/1.1
        - h2
        - acme-tls/1

If applicable, please paste the log output in DEBUG level

2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:100 > Traefik version 3.0.0 built on 2024-04-29T14:25:59Z version=3.0.0
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/cmd/traefik/traefik.go:107 > Static configuration loaded [json] staticConfiguration={"api":{"dashboard":true,"insecure":true},"certificatesResolvers":{"production":{"acme":{"caServer":"https://acme-v02.api.letsencrypt.org/directory","certificatesDuration":2160,"dnsChallenge":{"provider":"cloudflare","resolvers":["1.1.1.1:53","8.8.8.8:53"]},"email":"CENSORED_EMAIL","keyType":"RSA4096","storage":"/etc/traefik/certs/acme.json"}}},"entryPoints":{"edgedb":{"address":":5656","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"metrics":{"address":":8082","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"traefik":{"address":":8080","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"web":{"address":":80","forwardedHeaders":{},"http":{"redirections":{"entryPoint":{"permanent":true,"priority":9223372036854775806,"scheme":"https","to":"websecure"}}},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"websecure":{"address":":443","forwardedHeaders":{"trustedIPs":["172.20.0.0/16","173.245.48.0/20","103.21.244.0/22","103.22.200.0/22","103.31.4.0/22","141.101.64.0/18","108.162.192.0/18","190.93.240.0/20","188.114.96.0/20","197.234.240.0/22","198.41.128.0/17","162.158.0.0/15","104.16.0.0/13","104.24.0.0/14","172.64.0.0/13","131.0.72.0/22"]},"http":{},"http2":{"maxConcurrentStreams":250},"proxyProtocol":{"trustedIPs":["172.20.0.0/16","173.245.48.0/20","103.21.244.0/22","103.22.200.0/22","103.31.4.0/22","141.101.64.0/18","108.162.192.0/18","190.93.240.0/20","188.114.96.0/20","197.234.240.0/22","198.41.128.0/17","162.158.0.0/15","104.16.0.0/13","104.24.0.0/14","172.64.0.0/13","131.0.72.0/22"]},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}}},"global":{},"log":{"filePath":"/var/log/traefik/traefik.log","format":"common","level":"DEBUG"},"metrics":{"prometheus":{"addEntryPointsLabels":true,"addRoutersLabels":true,"addServicesLabels":true,"buckets":[0.1,0.3,1.2,5],"entryPoint":"metrics","headerLabels":{"label":"requests_total"}}},"providers":{"docker":{"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","watch":true},"file":{"directory":"/etc/traefik/conf","watch":true},"providersThrottleDuration":"2s"},"serversTransport":{"insecureSkipVerify":true,"maxIdleConnsPerHost":200},"tcpServersTransport":{"dialKeepAlive":"15s","dialTimeout":"30s"}}
2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:605 > 
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/

2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/cmd/traefik/traefik.go:490 > Configured Prometheus metrics metricsProviderName=prometheus
2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:458 > Enabling ProxyProtocol for trusted IPs [172.20.0.0/16 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22] entryPointName=websecure
2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:73 > Starting provider aggregator aggregator.ProviderAggregator
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:220 > Starting TCP Server entryPointName=traefik
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:220 > Starting TCP Server entryPointName=websecure
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:220 > Starting TCP Server entryPointName=edgedb
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:220 > Starting TCP Server entryPointName=web
2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *file.Provider
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *file.Provider provider configuration config={"directory":"/etc/traefik/conf","watch":true}
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:220 > Starting TCP Server entryPointName=metrics
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /etc/traefik/conf
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /etc/traefik/conf/headers.yml
2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *traefik.Provider
2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *docker.Provider
2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *acme.ChallengeTLSALPN
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *acme.ChallengeTLSALPN provider configuration config={}
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *docker.Provider provider configuration config={"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","watch":true}
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *traefik.Provider provider configuration config={}
2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *acme.Provider
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *acme.Provider provider configuration config={"HTTPChallengeProvider":{},"ResolverName":"production","TLSChallengeProvider":{},"caServer":"https://acme-v02.api.letsencrypt.org/directory","certificatesDuration":2160,"dnsChallenge":{"provider":"cloudflare","resolvers":["1.1.1.1:53","8.8.8.8:53"]},"email":"CENSORED_EMAIL","keyType":"RSA4096","storage":"/etc/traefik/certs/acme.json","store":{}}
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:213 > Attempt to renew certificates "720h0m0s" before expiry and check every "24h0m0s" acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme
2024-05-05T21:32:31Z INF github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:795 > Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"authentik":{"forwardAuth":{"address":"http://authentik-server:9000/outpost.goauthentik.io/auth/traefik","authResponseHeaders":["X-authentik-username","X-authentik-groups","X-authentik-email","X-authentik-name","X-authentik-uid","X-authentik-jwt","X-authentik-meta-jwks","X-authentik-meta-outpost","X-authentik-meta-provider","X-authentik-meta-app","X-authentik-meta-version"],"trustForwardHeader":true}}},"routers":{"plex":{"entryPoints":["websecure"],"rule":"Host(`plex.CENSORED_DOMAIN`)","service":"plex","tls":{"certResolver":"production"}},"syncthing":{"entryPoints":["websecure"],"middlewares":["authentik@file"],"rule":"Host(`syncthing.CENSORED_DOMAIN`)","service":"syncthing","tls":{"certResolver":"production"}},"synology":{"entryPoints":["websecure"],"rule":"Host(`synology.CENSORED_DOMAIN`)","service":"synology","tls":{"certResolver":"production"}},"vm":{"entryPoints":["websecure"],"rule":"Host(`vm.CENSORED_DOMAIN`)","service":"vm","tls":{"certResolver":"production"}}},"services":{"plex":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://CENSORED_IP:32400/"}]}},"syncthing":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://CENSORED_IP:8384"}]}},"synology":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://CENSORED_IP:5001/"}]}},"vm":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://CENSORED_IP:5001/vm"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=file
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"dashboard_redirect":{"redirectRegex":{"permanent":true,"regex":"^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$","replacement":"${1}/dashboard/"}},"dashboard_stripprefix":{"stripPrefix":{"prefixes":["/dashboard/","/dashboard"]}},"redirect-web-to-websecure":{"redirectScheme":{"permanent":true,"port":"443","scheme":"https"}}},"routers":{"api":{"entryPoints":["traefik"],"priority":9223372036854775806,"rule":"PathPrefix(`/api`)","service":"api@internal"},"dashboard":{"entryPoints":["traefik"],"middlewares":["dashboard_redirect@internal","dashboard_stripprefix@internal"],"priority":9223372036854775805,"rule":"PathPrefix(`/`)","service":"dashboard@internal"},"prometheus":{"entryPoints":["metrics"],"priority":9223372036854775807,"rule":"PathPrefix(`/metrics`)","service":"prometheus@internal"},"web-to-websecure":{"entryPoints":["web"],"middlewares":["redirect-web-to-websecure"],"priority":9223372036854775806,"rule":"HostRegexp(`^.+$`)","service":"noop@internal"}},"serversTransports":{"default":{"insecureSkipVerify":true,"maxIdleConnsPerHost":200}},"services":{"api":{},"dashboard":{},"noop":{},"prometheus":{}}},"tcp":{"serversTransports":{"default":{"dialKeepAlive":"15s","dialTimeout":"30s"}}},"tls":{},"udp":{}} providerName=internal
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{},"tcp":{},"tls":{},"udp":{}} providerName=production.acme
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/pdocker.go:89 > Provider connection established with docker 20.10.23 (API 1.41) providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=mariadb-monitoring-and-backup-efc6655c0b879c4df2bb5ffeeb1adbe8e37aaf88addbc0cc9cc588ebad66a830 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=borgbackup-monitoring-and-backup-7ffbb799621def904bd7eb3fffbe9fe26a68483e8a0771fa14605e5a1dce522f providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=gotenberg-paperless-ngx-0b0b37409ca3ad0587f7f3d2a86cddc6a596dfa78ca55bc2844725031e34aaf3 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=broker-paperless-ngx-ccb4257f1dc282f7b6cc85cb0ea7e16219b4f975e2a5c230a359eeaf61146ab9 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=protonmail-bridge-paperless-ngx-9fe31c20c58d758966aaaf8e93fe98519edf682b2dab707a3088985e3ae0f1fa providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=tika-paperless-ngx-e3015bf1a4bc4e630839f12bb66ef153ecb488465cf02718c7635f2adbac9c27 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=worker-authentik-0e45844324972821bd1f41991b1f9066c5acb788f24c97a92b322d1250282a35 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=influxdb-monitoring-and-backup-697d7817891d6169b0d94022e2d6ae05beb75310e0d1a284264abcde78754100 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=gickup-monitoring-and-backup-5537ab57fd29df9d7fab2303c0b39eb1bbadace02a6ee1e236fe395d3d1a39eb providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=redis-authentik-7a1bdeaeafbac0f02297ad27f0a80750018dcfd739967276bb7537c236a41de1 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=postgresql-authentik-556efdbe20475f6171cc846104451a6e8c1e1e4104cb2b8317f4d8dd1cfb6523 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=mosquitto-monitoring-and-backup-696b0007081c19418d14afee3c6ceaa16e2cbc96ca2cd99964515733e1ee15c3 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=Unifi-Controller-d6f2af34f8cd0b49d0ec78d5b39969fc7938bbbb93fd2c3f9c09631ebd8f1075 providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"routers":{"authentik":{"entryPoints":["websecure"],"rule":"Host(`authentik.CENSORED_DOMAIN`)","service":"authentik","tls":{"certResolver":"production"}},"battlesnake":{"entryPoints":["websecure"],"rule":"Host(`battlesnake.CENSORED_DOMAIN`)","service":"battlesnake","tls":{"certResolver":"production"}},"edgedb":{"entryPoints":["websecure"],"rule":"Host(`edgedb.CENSORED_DOMAIN`)","service":"edgedb","tls":{"certResolver":"production"}},"gitea":{"entryPoints":["websecure"],"rule":"Host(`git.CENSORED_DOMAIN`)","service":"gitea","tls":{"certResolver":"production"}},"grafana":{"entryPoints":["websecure"],"rule":"Host(`grafana.CENSORED_DOMAIN`)","service":"grafana-monitoring-and-backup","tls":{"certResolver":"production"}},"homeassistant":{"entryPoints":["websecure"],"rule":"Host(`homeassistant.CENSORED_DOMAIN`)","service":"homeassistant","tls":{"certResolver":"production"}},"nodered":{"entryPoints":["websecure"],"rule":"Host(`nodered.CENSORED_DOMAIN`)","service":"nodered","tls":{"certResolver":"production"}},"ntfy":{"entryPoints":["websecure"],"rule":"Host(`ntfy.CENSORED_DOMAIN`)","service":"ntfy","tls":{"certResolver":"production"}},"paperless":{"entryPoints":["websecure"],"middlewares":["authentik@file"],"rule":"Host(`paperless.CENSORED_DOMAIN`)","service":"paperless","tls":{"certResolver":"production"}},"picoshare":{"entryPoints":["websecure"],"middlewares":["authentik@file"],"rule":"Host(`i.CENSORED_DOMAIN`)","service":"picoshare","tls":{"certResolver":"production"}},"portainer":{"entryPoints":["websecure"],"rule":"Host(`portainer.CENSORED_DOMAIN`)","service":"portainer","tls":{"certResolver":"production"}},"prometheus":{"entryPoints":["websecure"],"middlewares":["authentik@file"],"rule":"Host(`prometheus.CENSORED_DOMAIN`)","service":"prometheus","tls":{"certResolver":"production"}},"teleport-http":{"entryPoints":["web"],"rule":"Host(`teleport.CENSORED_DOMAIN`) || HostRegexp(`{subhost:[a-zA-Z0-9-]+}.teleport.CENSORED_DOMAIN`)","service":"teleport"},"teleport-https":{"entryPoints":["websecure"],"rule":"Host(`teleport.CENSORED_DOMAIN`) || HostRegexp(`{subhost:[a-zA-Z0-9-]+}.teleport.CENSORED_DOMAIN`)","service":"teleport","tls":{"certResolver":"production","domains":[{"main":"teleport.CENSORED_DOMAIN","sans":["*.teleport.CENSORED_DOMAIN"]}]}},"uptime":{"entryPoints":["websecure"],"middlewares":["authentik@file"],"rule":"Host(`uptime.CENSORED_DOMAIN`)","service":"uptime","tls":{"certResolver":"production"}},"web":{"entryPoints":["websecure"],"rule":"Host(`CENSORED_DOMAIN`)","service":"web-traefik","tls":{"certResolver":"production"}}},"services":{"authentik":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.11:9000"}]}},"battlesnake":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.2:8000"}]}},"edgedb":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.20.0.17:5656"}]}},"gitea":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.3:3000"}]}},"grafana-monitoring-and-backup":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.16:3000"}]}},"homeassistant":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.9:8123"}]}},"nodered":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.6:1880"}]}},"ntfy":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.14:49152"}]}},"paperless":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.15:8000"}]}},"picoshare":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.12:80"}]}},"portainer":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.10:9000"}]}},"prometheus":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.7:9090"}]}},"teleport":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.20.0.5:3080"}]}},"uptime":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.4:3001"}]}},"web-traefik":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.20.0.8:80"}]}}}},"tcp":{"routers":{"edgedb":{"entryPoints":["edgedb"],"rule":"HostSNI(`edgedb.CENSORED_DOMAIN`)","service":"edgedb","tls":{"certResolver":"production","passthrough":false}}},"services":{"edgedb":{"loadBalancer":{"servers":[{"address":"172.20.0.17:5656"}]}}}},"tls":{},"udp":{}} providerName=docker
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for synology.CENSORED_DOMAIN with TLS options default entryPointName=websecure
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for syncthing.CENSORED_DOMAIN with TLS options default entryPointName=websecure
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for vm.CENSORED_DOMAIN with TLS options default entryPointName=websecure
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for plex.CENSORED_DOMAIN with TLS options default entryPointName=websecure
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/tls/certificate.go:131 > Adding certificate for domain(s) CENSORED_DOMAIN
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:384 > Trying to challenge certificate for domain [synology.CENSORED_DOMAIN] found in HostSNI rule ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=synology@file rule=Host(`synology.CENSORED_DOMAIN`)
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:384 > Trying to challenge certificate for domain [syncthing.CENSORED_DOMAIN] found in HostSNI rule ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=syncthing@file rule=Host(`syncthing.CENSORED_DOMAIN`)
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:851 > Looking for provided certificate(s) to validate ["synology.CENSORED_DOMAIN"]... ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=synology@file rule=Host(`synology.CENSORED_DOMAIN`)
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:384 > Trying to challenge certificate for domain [vm.CENSORED_DOMAIN] found in HostSNI rule ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=vm@file rule=Host(`vm.CENSORED_DOMAIN`)
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:851 > Looking for provided certificate(s) to validate ["syncthing.CENSORED_DOMAIN"]... ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=syncthing@file rule=Host(`syncthing.CENSORED_DOMAIN`)
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/tls/certificate.go:131 > Adding certificate for domain(s) *.CENSORED_DOMAIN,CENSORED_DOMAIN
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:851 > Looking for provided certificate(s) to validate ["vm.CENSORED_DOMAIN"]... ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=vm@file rule=Host(`vm.CENSORED_DOMAIN`)
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:384 > Trying to challenge certificate for domain [plex.CENSORED_DOMAIN] found in HostSNI rule ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=plex@file rule=Host(`plex.CENSORED_DOMAIN`)
2024-05-05T21:32:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:851 > Looking for provided certificate(s) to validate ["plex.CENSORED_DOMAIN"]... ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=plex@file rule=Host(`plex.CENSORED_DOMAIN`)
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:895 > No ACME certificate generation required for domains ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["synology.CENSORED_DOMAIN"] providerName=production.acme routerName=synology@file rule=Host(`synology.CENSORED_DOMAIN`)
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:895 > No ACME certificate generation required for domains ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["syncthing.CENSORED_DOMAIN"] providerName=production.acme routerName=syncthing@file rule=Host(`syncthing.CENSORED_DOMAIN`)
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:895 > No ACME certificate generation required for domains ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["vm.CENSORED_DOMAIN"] providerName=production.acme routerName=vm@file rule=Host(`vm.CENSORED_DOMAIN`)
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:895 > No ACME certificate generation required for domains ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["plex.CENSORED_DOMAIN"] providerName=production.acme routerName=plex@file rule=Host(`plex.CENSORED_DOMAIN`)
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for edgedb.CENSORED_DOMAIN with TLS options default entryPointName=websecure
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/server/service/tcp/service.go:95 > Creating TCP server entryPointName=edgedb routerName=edgedb@docker serviceName=edgedb@docker
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:400 > Adding TLS route for "HostSNI(`edgedb.CENSORED_DOMAIN`)" entryPointName=edgedb routerName=edgedb@docker
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:384 > Trying to challenge certificate for domain [edgedb.CENSORED_DOMAIN] found in HostSNI rule ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=edgedb@docker rule=HostSNI(`edgedb.CENSORED_DOMAIN`)
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:851 > Looking for provided certificate(s) to validate ["edgedb.CENSORED_DOMAIN"]... ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=edgedb@docker rule=HostSNI(`edgedb.CENSORED_DOMAIN`)
2024-05-05T21:32:33Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:384 > Trying to challenge certificate for domain [edgedb.CENSORED_DOMAIN] found in HostSNI rule ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=production.acme routerName=edgedb@docker rule=Host(`edgedb.CENSORED_DOMAIN`)
2024-05-05T21:32:34Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 08094eb2651d80a0
2024-05-05T21:32:34Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 7879a10142195a55
2024-05-05T21:32:34Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f820ddc51d8c6408
2024-05-05T21:32:34Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 08094eb2651d80a0
2024-05-05T21:32:34Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 08094eb2651d80a0
2024-05-05T21:32:35Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 08094eb2651d80a0
2024-05-05T21:32:35Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 08094eb2651d80a0
2024-05-05T21:32:36Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 08094eb2651d80a0
2024-05-05T21:32:36Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 08094eb2651d80a0
2024-05-05T21:32:36Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: a173f240f26c7781
2024-05-05T21:32:36Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: a173f240f26c7781
2024-05-05T21:32:50Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 08094eb2651d80a0
2024-05-05T21:32:50Z DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 08094eb2651d80a0
2024-05-05T21:32:56Z DBG github.com/traefik/traefik/v3/pkg/tcp/proxy.go:41 > Handling TCP connection address=172.20.0.17:5656 remoteAddr=172.20.0.1:43881
2024-05-05T21:32:56Z ERR github.com/traefik/traefik/v3/pkg/tcp/proxy.go:75 > Error while handling TCP connection error="readfrom tcp 172.20.0.13:48538->172.20.0.17:5656: tls: client requested unsupported application protocols ([edgedb-binary])"
2024-05-05T21:32:56Z DBG github.com/traefik/traefik/v3/pkg/tcp/proxy.go:104 > Error while terminating TCP connection error="tls: CloseWrite called before handshake complete"

The text was updated successfully, but these errors were encountered:

nmengin · 2024-05-06T13:19:18Z

Hey @daniel156161.

Thanks for reaching out.
From our point of view, it's a feature proposal, but we’re unsure about the use case and the traction it will receive. We are going to leave the status as kind/proposal to give the community time to let us know if they would like this idea.

We will reevaluate as people respond.

Conversation is time-boxed to 6 months.

reeve567 · 2024-05-20T19:36:55Z

I'd be very interested in this addition. I use Traefik with the Kubernetes Operator and it's a pain to get this going without Traefik, which I use for everything else

traefiker added the status/0-needs-triage label May 5, 2024

nmengin changed the title ~~unsupported application protocols ([edgedb-binary])~~ Add support for edgedb protocol May 6, 2024

nmengin added kind/proposal a proposal that needs to be discussed. area/server and removed status/0-needs-triage labels May 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for edgedb protocol #10696

Add support for edgedb protocol #10696

daniel156161 commented May 5, 2024 •

edited by ldez

nmengin commented May 6, 2024

reeve567 commented May 20, 2024

Add support for edgedb protocol #10696

Add support for edgedb protocol #10696

Comments

daniel156161 commented May 5, 2024 • edited by ldez

Welcome!

What did you do?

What did you see instead?

What version of Traefik are you using?

What is your environment & configuration?

If applicable, please paste the log output in DEBUG level

nmengin commented May 6, 2024

reeve567 commented May 20, 2024

daniel156161 commented May 5, 2024 •

edited by ldez