hassio-addons: Portainer webui SSL problem

I have been using portainer addon for some time now and today I started getting “502: Bad Gateway” errors when trying to navigate to webui. I have tried both with and without SSL. It is most likely an SSL issue but I couldn’t pinpoint it.

I guess by default portainer SSL is enabled with the new version so it does not matter whether we enable it or not. Here is the logs from the supervisor when trying to access the ingress webui. 21-11-22 22:11:55 ERROR (MainThread) [supervisor.api.ingress] Ingress error: Cannot connect to host 172.30.33.7:1337 ssl:default [Connect call failed ('172.30.33.7', 1337)]

This is the addon log:

[19:11:47] INFO: ... portainer launched
level=info msg="2021/11/22 19:11:47 [INFO] [main,compose] [message: binary is missing, falling-back to compose plugin] [error: docker-compose binary not found]"
level=info msg="2021/11/22 19:11:47 Instance already has defined environments. Skipping the environment defined via CLI."
level=info msg="2021/11/22 19:11:47 Instance already has an administrator user defined. Skipping admin password related flags."
2021/11/22 19:11:47 server: Reverse tunnelling enabled
2021/11/22 19:11:47 server: Fingerprint fc:b9:24:ba:3b:47:e7:9a:84:60:fa:0f:47:bd:1f:47
2021/11/22 19:11:47 server: Listening on 0.0.0.0:8000...
level=info msg="2021/11/22 19:11:47 [INFO] [cmd,main] Starting Portainer version 2.9.3"
level=info msg="2021/11/22 19:11:47 [DEBUG] [chisel, monitoring] [check_interval_seconds: 10.000000] [message: starting tunnel management process]"
level=info msg="2021/11/22 19:11:47 [DEBUG] [internal,init] [message: start initialization monitor ]"
level=info msg="2021/11/22 19:11:47 [INFO] [http,server] [message: starting HTTPS server on port :9443]"

I have also tried using the http://ip:port, https://ip:port but I got ERR_CONNECTION_REFUSED errors. This is the configuration: image I don’t know if it is related or not but recently my certs got renewed and this might be the reason I see those errors. Currently though, it should work since the certs are valid and everything is working except portainer. Mind giving a hand to solve this?

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 19 (10 by maintainers)

Most upvoted comments

Thanks for the troubleshooting and the reactivity! Glad it worked

Mmh strange… Yet it loads? I’ll investigate tomorrow on those. I think it’s because ssl is handled at nginx level not app, so certificates are not passed to the app… So actually I think I’ll completely disable ssl at app level, but not sure how that will affect config such as yours that seem to have a closed http port…

They changed how to handle certificates for the portainer. As far as I remember, one of the changes was to use self signed certificates by default. Disabling the passing certificates to app may simplify it but it will be a problem for people like me who use edge clients using signed certs.

Mmh strange… Yet it loads? I’ll investigate tomorrow on those 😃

yep, it loads. Thanks for the help.

What confuses me is how it works for you but not for me 😃 ? If port is not open, it should not work at all.

I am trying to restore the 2.9.2 backup to see how it will go. My settings: image

Also, there is this port 1337 in the supervisor logs, that doesn’t make sense to me: 21-11-23 00:08:52 ERROR (MainThread) [supervisor.api.ingress] Ingress error: Cannot connect to host 172.30.33.7:1337 ssl:default [Connect call failed ('172.30.33.7', 1337)]

Thanks very much! Reviewing my code I saw I lacked a check that ssl certs exist and are accessible (ex : correct permissions ) so I’ve pushed a new version that does that. I don’t think it’s your issue though, I’ll look at it further tommorow and try to replicate. Thanks!

  • does not work without SSL
  • Yeah, I noticed that it has been updated today. So, it might be possible that the update is the reason.
  • before it was 2.9.2 but now it is 2.9.3
  • here you go:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing... 
-----------------------------------------------------------
 Add-on: Portainer
 Manage your Docker environment with ease
-----------------------------------------------------------
 Add-on version: 2.9.3
 You are running the latest version of this add-on.
 System: Home Assistant OS 6.6  (aarch64 / raspberrypi4-64)
 Home Assistant Core: 2021.11.5
 Home Assistant Supervisor: 2021.10.8
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums
 https://github.com/alexbelgium/hassio-addons
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing... 
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] 30-nginx.sh: executing... 
[cont-init.d] 30-nginx.sh: exited 0.
[cont-init.d] portainer.sh: executing... 
[cont-init.d] portainer.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[20:54:09] INFO: Starting Portainer...
[services.d] done.
[20:54:11] INFO: ... password set to Fg44#rA5556JydFY
[20:54:11] INFO: ... portainer launched
level=info msg="2021/11/22 20:54:11 [INFO] [main,compose] [message: binary is missing, falling-back to compose plugin] [error: docker-compose binary not found]"
level=info msg="2021/11/22 20:54:11 Instance already has defined environments. Skipping the environment defined via CLI."
level=info msg="2021/11/22 20:54:11 Instance already has an administrator user defined. Skipping admin password related flags."
2021/11/22 20:54:11 server: Reverse tunnelling enabled
2021/11/22 20:54:11 server: Fingerprint fc:b9:24:ba:3b:47:e7:9a:84:60:fa:0f:47:bd:1f:47
2021/11/22 20:54:11 server: Listening on 0.0.0.0:8000...
level=info msg="2021/11/22 20:54:11 [INFO] [cmd,main] Starting Portainer version 2.9.3"
level=info msg="2021/11/22 20:54:11 [DEBUG] [chisel, monitoring] [check_interval_seconds: 10.000000] [message: starting tunnel management process]"
level=info msg="2021/11/22 20:54:11 [DEBUG] [internal,init] [message: start initialization monitor ]"
  • Home Assistant OS 6.6, supervisor-2021.10.8, core-2021.11.5
  • Rebuilded but the same 502: Bad Gateway error (tried with and without ssl)
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing... 
-----------------------------------------------------------
 Add-on: Portainer
 Manage your Docker environment with ease
-----------------------------------------------------------
 Add-on version: 2.9.3
 You are running the latest version of this add-on.
 System: Home Assistant OS 6.6  (aarch64 / raspberrypi4-64)
 Home Assistant Core: 2021.11.5
 Home Assistant Supervisor: 2021.10.8
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums
 https://github.com/alexbelgium/hassio-addons
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing... 
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] 30-nginx.sh: executing... 
[23:59:48] INFO: Ssl enabled, please use https for connection
[cont-init.d] 30-nginx.sh: exited 0.
[cont-init.d] portainer.sh: executing... 
[cont-init.d] portainer.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[20:59:49] INFO: Starting Portainer...
[20:59:50] INFO: ssl enabled. If webui don't work, disable ssl or check your certificate paths
[20:59:50] INFO: ... ssl activated
[20:59:50] INFO: ... password set to Fg44#rA5556JydFY
[20:59:50] INFO: ... portainer launched
2021/11/22 20:59:50 Warning: SSL is enabled by default and there is no need for the --ssl flag. It has been kept to allow migration of instances running a previous version of Portainer with this flag enabled
level=info msg="2021/11/22 20:59:51 [INFO] [main,compose] [message: binary is missing, falling-back to compose plugin] [error: docker-compose binary not found]"
level=info msg="2021/11/22 20:59:51 Instance already has defined environments. Skipping the environment defined via CLI."
level=info msg="2021/11/22 20:59:51 Instance already has an administrator user defined. Skipping admin password related flags."
2021/11/22 20:59:51 server: Reverse tunnelling enabled
2021/11/22 20:59:51 server: Fingerprint fc:b9:24:ba:3b:47:e7:9a:84:60:fa:0f:47:bd:1f:47
level=info msg="2021/11/22 20:59:51 [DEBUG] [chisel, monitoring] [check_interval_seconds: 10.000000] [message: starting tunnel management process]"
2021/11/22 20:59:51 server: Listening on 0.0.0.0:8000...
level=info msg="2021/11/22 20:59:51 [INFO] [cmd,main] Starting Portainer version 2.9.3"
level=info msg="2021/11/22 20:59:51 [DEBUG] [internal,init] [message: start initialization monitor ]"
level=info msg="2021/11/22 20:59:51 [INFO] [http,server] [message: starting HTTPS server on port :9443]"

@alexbelgium yep, thay are located in the default /ssl.