So for background I’m referencing this post which I’ve personally responded to running a global discovery server using the experimental header-transform plugin: [SOLVED] Discovery server behind traefik (2.8) - #5 by bugsyb
Fast forward to present day, and I’m getting an error within the disco server container:
stdiscosrv v1.23.4 "Fermium Flea" (go1.20.2 linux-amd64) teamcity@build.syncthing.net 2023-04-05 13:25:55 UTC [purego]
Server device ID is FRYCIDB-TKR3B57-2W52MDH-OPUG66Z-XIUTNO6-SXVQUKN-QJH52HQ-O5UEYQ5
4cb05d8ecca62cf2 POST /
4cb05d8ecca62cf2 no certificates: certificate decode result is empty
So to touch on a few topics – I’m building the disco server container from scratch via a docker file. I’m aware there is a version 1.5 out, however my docker file contains the command:
###############################
# Build #
###############################
ARG VERSION=v1.23.4
ENV DOWNLOAD_URL="https://github.com/syncthing/discosrv/releases/download/$VERSION/stdiscosrv-linux-amd64-$VERSION.tar.gz"
###############################
I’m not exactly sure where future versions of the discosrv tarballs are located since I can’t simply change the argument version to 1.50.0 or something like that. The syncthing github page isn’t helpful in locating this file or something else.
Anyway moving ahead: My traefik static configuration file is using the following rewrite headers plugin:
experimental:
plugins:
header-transform:
moduleName: "github.com/adyanth/header-transform"
version: "v1.0.0"
Within my traefik dynamic configuration file: I have the following middlewares and tls defined:
http:
middlewares:
header-transform-plugin:
plugin:
header-transform:
Rules:
- Rule:
Name: 'X-Client-Port Set'
Header: 'X-Client-Port'
Value: '^X-Forwarded-Port'
HeaderPrefix: "^"
Type: 'Set'
And my actual docker file to create the container is:
disco:
build:
context: .
dockerfile: Dockerfile
image: syncthing-discovery
container_name: disco
hostname: disco
domainname: server.com
restart: unless-stopped
tty: True
stdin_open: True
networks:
- net
#npm-net:
# ipv4_address: 10.161.0.6
ports:
- 8443:8443
labels:
- "traefik.enable=true"
- "traefik.docker.network=net"
- "traefik.http.routers.syncthing-discosrv.rule=Host(`disco.server.com`)"
- "traefik.http.routers.syncthing-discosrv.tls=true"
- "traefik.http.routers.syncthing-discosrv.tls.certresolver=le"
- "traefik.http.routers.syncthing-discosrv.tls.domains[0].main=disco.server.com"
- "traefik.http.routers.syncthing-discosrv.tls.domains[0].sans=disco.server.com"
- "traefik.http.routers.syncthing-discosrv.entrypoints=web,websecure"
- "traefik.http.routers.syncthing-discosrv.tls.options=syncthing-discosrv@file"
- "traefik.http.routers.syncthing-discosrv.middlewares=syncthing-discosrv-middleware,header-transform-plugin@file"
- "traefik.http.middlewares.syncthing-discosrv-middleware.passtlsclientcert.pem=true"
- "traefik.http.services.syncthing-discosrvr.loadbalancer.server.port=8443"
environment:
- TZ
- PUID=6000
- PGID=6000
volumes:
- /data/disco/db:/home/discosrv/db
- /data/swag/etc/letsencrypt/live/disco.server.com/privkey.pem:/home/discosrv/certs/key.pem:ro
- /data/swag/etc/letsencrypt/live/disco.server.com/fullchain.pem:/home/discosrv/certs/cert.pem:ro
So I’m not exactly sure how to examine the headers passed to the disco server container. I’m aware this was running once in the past however I’m kind of stumped now by the no certificates line.