hassio-addons: Portainer webui SSL problem
I have been using portainer addon for some time now and today I started getting “502: Bad Gateway” errors when trying to navigate to webui. I have tried both with and without SSL. It is most likely an SSL issue but I couldn’t pinpoint it.
I guess by default portainer SSL is enabled with the new version so it does not matter whether we enable it or not.
Here is the logs from the supervisor when trying to access the ingress webui.
21-11-22 22:11:55 ERROR (MainThread) [supervisor.api.ingress] Ingress error: Cannot connect to host 172.30.33.7:1337 ssl:default [Connect call failed ('172.30.33.7', 1337)]
This is the addon log:
[19:11:47] INFO: ... portainer launched
level=info msg="2021/11/22 19:11:47 [INFO] [main,compose] [message: binary is missing, falling-back to compose plugin] [error: docker-compose binary not found]"
level=info msg="2021/11/22 19:11:47 Instance already has defined environments. Skipping the environment defined via CLI."
level=info msg="2021/11/22 19:11:47 Instance already has an administrator user defined. Skipping admin password related flags."
2021/11/22 19:11:47 server: Reverse tunnelling enabled
2021/11/22 19:11:47 server: Fingerprint fc:b9:24:ba:3b:47:e7:9a:84:60:fa:0f:47:bd:1f:47
2021/11/22 19:11:47 server: Listening on 0.0.0.0:8000...
level=info msg="2021/11/22 19:11:47 [INFO] [cmd,main] Starting Portainer version 2.9.3"
level=info msg="2021/11/22 19:11:47 [DEBUG] [chisel, monitoring] [check_interval_seconds: 10.000000] [message: starting tunnel management process]"
level=info msg="2021/11/22 19:11:47 [DEBUG] [internal,init] [message: start initialization monitor ]"
level=info msg="2021/11/22 19:11:47 [INFO] [http,server] [message: starting HTTPS server on port :9443]"
I have also tried using the http://ip:port, https://ip:port but I got ERR_CONNECTION_REFUSED errors.
This is the configuration:
I don’t know if it is related or not but recently my certs got renewed and this might be the reason I see those errors. Currently though, it should work since the certs are valid and everything is working except portainer.
Mind giving a hand to solve this?
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 19 (10 by maintainers)
Thanks for the troubleshooting and the reactivity! Glad it worked
They changed how to handle certificates for the portainer. As far as I remember, one of the changes was to use self signed certificates by default. Disabling the passing certificates to app may simplify it but it will be a problem for people like me who use edge clients using signed certs.
yep, it loads. Thanks for the help.
What confuses me is how it works for you but not for me 😃 ? If port is not open, it should not work at all.
I am trying to restore the 2.9.2 backup to see how it will go. My settings:
Also, there is this port 1337 in the supervisor logs, that doesn’t make sense to me:
21-11-23 00:08:52 ERROR (MainThread) [supervisor.api.ingress] Ingress error: Cannot connect to host 172.30.33.7:1337 ssl:default [Connect call failed ('172.30.33.7', 1337)]Thanks very much! Reviewing my code I saw I lacked a check that ssl certs exist and are accessible (ex : correct permissions ) so I’ve pushed a new version that does that. I don’t think it’s your issue though, I’ll look at it further tommorow and try to replicate. Thanks!
@alexbelgium yep, thay are located in the default /ssl.