Unable to access Enterprise Search on a cloud VM

Hi there, only posting because I've really tried reading all documentation and googling, but found no solution. I've gotten a docker-compose consisting of 3 ES nodes, kibana, enterprise search, a React front-end (Elastic's Search UI), and traefik going on a GCP VM. Everything seems to be up and running (enterprise search connects to ES, kibana connects to ES, etc.), but my front-end cannot fetch from enterprise search, and I cannot access the enterprise search, whether it's through :3002, or from enterprise.domain.com. I got it up and running locally before installing it on a VM and slapping on traefik, so am wondering if I have missed something. I've posted my docker-compose.yml below. Thanks very much in advance!

    version: '2.2'
    services:
      es01:
        image: docker.elastic.co/elasticsearch/elasticsearch:7.13.0
        container_name: es01
        environment:
          - node.name=es01
          - cluster.name=es-docker-cluster
          - discovery.seed_hosts=es02,es03
          - cluster.initial_master_nodes=es01,es02,es03
          - bootstrap.memory_lock=true
          - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
        ulimits:
          memlock:
            soft: -1
            hard: -1
        volumes:
          - data01:/usr/share/elasticsearch/data
        ports:
          - 9200:9200
        networks:
          - elastic

      es02:
        image: docker.elastic.co/elasticsearch/elasticsearch:7.13.0
        container_name: es02
        environment:
          - node.name=es02
          - cluster.name=es-docker-cluster
          - discovery.seed_hosts=es01,es03
          - cluster.initial_master_nodes=es01,es02,es03
          - bootstrap.memory_lock=true
          - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
        ulimits:
          memlock:
            soft: -1
            hard: -1
        volumes:
          - data02:/usr/share/elasticsearch/data
        networks:
          - elastic

      es03:
        image: docker.elastic.co/elasticsearch/elasticsearch:7.13.0
        container_name: es03
        environment:
          - node.name=es03
          - cluster.name=es-docker-cluster
          - discovery.seed_hosts=es01,es02
          - cluster.initial_master_nodes=es01,es02,es03
          - bootstrap.memory_lock=true
          - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
        ulimits:
          memlock:
            soft: -1
            hard: -1
        volumes:
          - data03:/usr/share/elasticsearch/data
        networks:
          - elastic

      kib01:
        image: docker.elastic.co/kibana/kibana:7.13.0
        container_name: kib01
        ports:
          - 5601:5601
        environment:
          ELASTICSEARCH_URL: http://es01:9200
          ELASTICSEARCH_HOSTS: '["http://es01:9200","http://es02:9200","http://es03:9200"]'
        networks:
          - elastic

      enterprise:
        image: docker.elastic.co/enterprise-search/enterprise-search:7.13.0
        container_name: enterprise
        environment:
          - elasticsearch.host=http://es01:9200
          - elasticsearch.username=[username]
          - elasticsearch.password=[password]
          - allow_es_settings_modification=true
          - secret_management.encryption_keys=[keys]
          - ent_search.external_url=http://[VM IP]:3002
          - kibana.external_url=http://kib01:5601
          - log_level=debug
        ports: 
          - 3002:3002
        networks: 
          - elastic
          - frontend
        labels:
          - "traefik.http.routers.enterprise.rule=Host(`enterprise.domain.com`)"

      frontend:
        container_name: frontend
        # image: elephant:prod
        build:
          context: ./searchui
          dockerfile: Dockerfile.prod
        tty: true
        volumes:
          - '.:/app'
          - '/app/node_modules'
        environment:
          - CHOKIDAR_USEPOLLING=true
        networks:
          - frontend
        labels:
          - "traefik.http.routers.elephant.rule=Host(`frontend.domain.com`)"
          - "traefik.http.routers.elephant.tls.certresolver=le"
          - "traefik.http.routers.elephant.tls=true"

      reverse-proxy:
        container_name: traefik
        # The official v2 Traefik docker image
        image: traefik:2.4
        # Enables the web UI and tells Traefik to listen to docker
        command: 
          - --providers.docker=true
          - --entrypoints.web.address=:80
          - --entrypoints.web-secure.address=:443
          - --certificatesresolvers.le.acme.email=user@email.com
          - --certificatesresolvers.le.acme.storage=/acme.json
          - --certificatesresolvers.le.acme.tlschallenge=true
        ports:
          # The HTTP port
          - "80:80"
          - "443:443"
        volumes:
          # So that Traefik can listen to the Docker events
          - /var/run/docker.sock:/var/run/docker.sock
        networks:
          - frontend

    volumes:
      data01:
        driver: local
      data02:
        driver: local
      data03:
        driver: local

    networks:
      frontend:
      elastic:
        driver: bridge

Hi kristang91 -

Are you able to log in via your browser directly to your Enterprise Search instance at http://[VM IP]:3002 ?

If not, then one possible thing to check is to ensure that Enterprise Search is bound to the correct IP address in the VM's interfaces. This can be done via the ent_search.listen_host configuration. For example:

- ent_search.listen_host=[VM IP]

Hi Mark, thank you so much for the help. I wasn't able to log in via that address. I tried your suggestion. It didn't fix it, but inspired me to mess around with a bunch of things, including setting the host to 0.0.0.0 (since it's on a Docker internal network), and changing the TLS settings (given that Traefik negotiated SSL certs for the domains, and the frontend needs to fetch using https):

      - ent_search.external_url=https://enterprise.domain.com:443
      - ent_search.listen_host=0.0.0.0
      - ent_search.listen_port=443
      - ent_search.ssl.redirect_http_from_port=80 

I now get a 404 from Traefik - so I think there's a problem with Traefik that I now need to fix. Will update if I fix that.