I've come across problems upgrading from the latest 3.3 Traefik docker image to the latest 3.4 image. After upgrade, certain containers are no longer accessible. This is confirmed by comparing the dump of curl --connect-timeout 2 -sf https://traefik.mydomain.com/api/rawdata | jq before and after the upgrade:
This setup has been running for over a year without problems, and since May 6th, I've had to pin the image to traefik:v3.3 instead of traefik:latest.
Here is the configuration of one of the affected containers:
restart: unless-stopped
labels:
traefik.enable: true
traefik.http.middlewares.paperless-doc-limit.buffering.maxRequestBodyBytes: 30000000
traefik.http.routers.paperless.rule: Host(`docs.mydomain.com`)
traefik.http.routers.paperless.entrypoints: websecure
traefik.http.routers.paperless.middlewares: rate-limit@file
traefik.http.routers.paperless.tls: true
traefik.http.routers.paperless-mtls.rule: Host(`docs.mydomain.com`)
traefik.http.routers.paperless-mtls.entrypoints: websecure-external
traefik.http.routers.paperless-mtls.middlewares: mtls_check_plugin-docs@file,paperless-doc-limit,rate-limit@file
traefik.http.routers.paperless-mtls.tls: true
traefik.http.routers.paperless-mtls.tls.options: require-mtls-docs@file
traefik.http.services.paperless.loadbalancer.server.port: 8000
traefik.http.services.paperless.loadbalancer.server.url: "http://docs_webserver:8000"
x-tls13-settings: &tls13-settings
minVersion: VersionTLS13
cipherSuites:
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
sniStrict: true
tls:
...
options:
default:
<<: *tls13-settings
##########################
# Client certificates
require-mtls-docs:
<<: *tls13-settings
clientAuth:
caFiles:
- /etc/traefik/client-certs/docs/ca-docs.mydomain.com.crt
clientAuthType: RequestClientCert # The actual verification needs to be done by the mtls_check_plugin-docs middleware
I've tried to keep up with migration guides. Any ideas why certain containers do not appear on the /api/rawdata output when on 3.4?
