Hi All, I recently began attempting to configure traefik for some of my services. I have been able to gather my certificates from cloudflare and the certificates are valid, however when attempting to access the dashboard or any other services I am getting a 404 error. Attached below are the logs, access logs, and config. If anyone is able to help resolve it would be much appreciated.
time="2022-12-06T21:01:30-05:00" level=info msg="Traefik version 2.9.5 built on 2022-11-17T15:04:26Z"
time="2022-12-06T21:01:30-05:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true,\"sendAnonymousUsage\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{\"trustedIPs\":[\"173.245.48.0/20\",\"103.21.244.0/22\",\"103.22.200.0/22\",\"103.31.4.0/22\",\"141.101.64.0/18\",\"108.162.192.0/18\",\"190.93.240.0/20\",\"188.114.96.0/20\",\"197.234.240.0/22\",\"198.41.128.0/17\",\"162.158.0.0/15\",\"104.16.0.0/13\",\"104.24.0.0/14\",\"172.64.0.0/13\",\"131.0.72.0/22\",\"127.0.0.1/32\",\"10.0.0.0/8\",\"192.168.0.0/16\",\"172.16.0.0/12\"]},\"http\":{\"tls\":{\"options\":\"tls-opts@file\",\"certResolver\":\"dns-cloudflare\",\"domains\":[{\"main\":\"xxxxxx.com\",\"sans\":[\"*.home.xxxxxx.com\"]}]}},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"t2_proxy\",\"swarmModeRefreshSeconds\":\"15s\"},\"file\":{\"directory\":\"/rules\",\"watch\":true}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/logs/traefik.log\",\"format\":\"common\"},\"accessLog\":{\"filePath\":\"/logs/access.log\",\"format\":\"common\",\"filters\":{\"statusCodes\":[\"204-299\",\"400-499\",\"500-599\"]},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}},\"bufferingSize\":100},\"certificatesResolvers\":{\"dns-cloudflare\":{\"acme\":{\"email\":\"email here\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"dnsChallenge\":{\"provider\":\"cloudflare\",\"delayBeforeCheck\":\"1m30s\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]}}}}}"
time="2022-12-06T21:01:30-05:00" level=info msg="Stats collection is enabled."
time="2022-12-06T21:01:30-05:00" level=info msg="Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration."
time="2022-12-06T21:01:30-05:00" level=info msg="Help us improve Traefik by leaving this feature on :)"
time="2022-12-06T21:01:30-05:00" level=info msg="More details on: https://doc.traefik.io/traefik/contributing/data-collection/"
time="2022-12-06T21:01:30-05:00" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2022-12-06T21:01:30-05:00" level=debug msg="Starting TCP Server" entryPointName=http
time="2022-12-06T21:01:30-05:00" level=debug msg="Starting TCP Server" entryPointName=traefik
time="2022-12-06T21:01:30-05:00" level=debug msg="Starting TCP Server" entryPointName=https
time="2022-12-06T21:01:30-05:00" level=info msg="Starting provider *file.Provider"
time="2022-12-06T21:01:30-05:00" level=debug msg="*file.Provider provider configuration: {\"directory\":\"/rules\",\"watch\":true}"
time="2022-12-06T21:01:30-05:00" level=info msg="Starting provider *traefik.Provider"
time="2022-12-06T21:01:30-05:00" level=debug msg="*traefik.Provider provider configuration: {}"
time="2022-12-06T21:01:30-05:00" level=info msg="Starting provider *docker.Provider"
time="2022-12-06T21:01:30-05:00" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"t2_proxy\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2022-12-06T21:01:30-05:00" level=info msg="Starting provider *acme.Provider"
time="2022-12-06T21:01:30-05:00" level=debug msg="*acme.Provider provider configuration: {\"email\":\"email@email.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"dnsChallenge\":{\"provider\":\"cloudflare\",\"delayBeforeCheck\":\"1m30s\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]},\"ResolverName\":\"dns-cloudflare\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
time="2022-12-06T21:01:30-05:00" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=dns-cloudflare.acme
time="2022-12-06T21:01:30-05:00" level=info msg="Testing certificate renew..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=dns-cloudflare.acme
time="2022-12-06T21:01:30-05:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2022-12-06T21:01:30-05:00" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
time="2022-12-06T21:01:30-05:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"models\":{\"https\":{\"tls\":{\"options\":\"tls-opts@file\",\"certResolver\":\"dns-cloudflare\",\"domains\":[{\"main\":\"xxxxxx.com\",\"sans\":[\"*.home.xxxxxx.com\"]}]}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2022-12-06T21:01:30-05:00" level=debug msg="Configuration received: {\"http\":{\"middlewares\":{\"middlewares-basic-auth\":{\"basicAuth\":{\"usersFile\":\"/shared/.htpasswd\",\"realm\":\"Traefik 2 Basic Auth\"}},\"middlewares-https-redirectscheme\":{\"redirectScheme\":{\"scheme\":\"https\",\"permanent\":true}},\"middlewares-rate-limit\":{\"rateLimit\":{\"average\":100,\"period\":\"1s\",\"burst\":50}}}},\"tcp\":{},\"udp\":{},\"tls\":{\"options\":{\"tls-opts\":{\"minVersion\":\"VersionTLS12\",\"cipherSuites\":[\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305\",\"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305\",\"TLS_AES_128_GCM_SHA256\",\"TLS_AES_256_GCM_SHA384\",\"TLS_CHACHA20_POLY1305_SHA256\",\"TLS_FALLBACK_SCSV\"],\"curvePreferences\":[\"CurveP521\",\"CurveP384\"],\"clientAuth\":{},\"sniStrict\":true,\"alpnProtocols\":[\"h2\",\"http/1.1\",\"acme-tls/1\"]}}}}" providerName=file
time="2022-12-06T21:01:30-05:00" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=dns-cloudflare.acme
time="2022-12-06T21:01:30-05:00" level=debug msg="Provider connection established with docker 20.10.21 (API 1.41)" providerName=docker
time="2022-12-06T21:01:30-05:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"http-catchall\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"redirect-to-https\"],\"service\":\"traefik-docker\",\"rule\":\"HostRegexp(`{host:.+}`)\"},\"portainer-rtr\":{\"entryPoints\":[\"https\"],\"service\":\"portainer-svc\",\"rule\":\"Host(`portainer.xxxxxx.com`)\"},\"traefik-rtr\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"chain-basic-auth@file\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.xxxxxx.com`)\",\"tls\":{\"domains\":[{\"main\":\"xxxxxx.com\",\"sans\":[\"*.home.xxxxxx.com\"]}]}}},\"services\":{\"portainer-svc\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.90.2:9000\"}],\"passHostHeader\":true}},\"traefik-docker\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.90.254:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"redirect-to-https\":{\"redirectScheme\":{\"scheme\":\"https\"}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2022-12-06T21:01:30-05:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2022-12-06T21:01:30-05:00" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2022-12-06T21:01:30-05:00" level=debug msg="Added outgoing tracing middleware dashboard@internal" routerName=dashboard@internal entryPointName=traefik middlewareName=tracing middlewareType=TracingForwarder
time="2022-12-06T21:01:30-05:00" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik
time="2022-12-06T21:01:30-05:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2022-12-06T21:01:30-05:00" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2022-12-06T21:01:30-05:00" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2022-12-06T21:01:30-05:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2022-12-06T21:01:30-05:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2022-12-06T21:01:30-05:00" level=debug msg="Adding certificate for domain(s) *.home.xxxxxx.com,xxxxxx.com"
time="2022-12-06T21:01:31-05:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2022-12-06T21:01:31-05:00" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2022-12-06T21:01:31-05:00" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareType=StripPrefix middlewareName=dashboard_stripprefix@internal
time="2022-12-06T21:01:31-05:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2022-12-06T21:01:31-05:00" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2022-12-06T21:01:31-05:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating middleware" routerName=http-catchall@docker serviceName=traefik-docker middlewareName=pipelining middlewareType=Pipelining entryPointName=http
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating load-balancer" routerName=http-catchall@docker serviceName=traefik-docker entryPointName=http
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating server 0 http://192.168.90.254:80" routerName=http-catchall@docker serviceName=traefik-docker serverName=0 entryPointName=http
time="2022-12-06T21:01:31-05:00" level=debug msg="child http://192.168.90.254:80 now UP"
time="2022-12-06T21:01:31-05:00" level=debug msg="Propagating new UP status"
time="2022-12-06T21:01:31-05:00" level=debug msg="Added outgoing tracing middleware traefik-docker" middlewareName=tracing middlewareType=TracingForwarder entryPointName=http routerName=http-catchall@docker
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating middleware" routerName=http-catchall@docker middlewareName=redirect-to-https@docker middlewareType=RedirectScheme entryPointName=http
time="2022-12-06T21:01:31-05:00" level=debug msg="Setting up redirection to https " entryPointName=http routerName=http-catchall@docker middlewareName=redirect-to-https@docker middlewareType=RedirectScheme
time="2022-12-06T21:01:31-05:00" level=debug msg="Adding tracing to middleware" routerName=http-catchall@docker middlewareName=redirect-to-https@docker entryPointName=http
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2022-12-06T21:01:31-05:00" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing entryPointName=https routerName=traefik-rtr@docker middlewareType=TracingForwarder
time="2022-12-06T21:01:31-05:00" level=error msg="middleware \"chain-basic-auth@file\" does not exist" entryPointName=https routerName=traefik-rtr@docker
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=https routerName=portainer-rtr@docker serviceName=portainer-svc
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating load-balancer" routerName=portainer-rtr@docker serviceName=portainer-svc entryPointName=https
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating server 0 http://192.168.90.2:9000" entryPointName=https routerName=portainer-rtr@docker serviceName=portainer-svc serverName=0
time="2022-12-06T21:01:31-05:00" level=debug msg="child http://192.168.90.2:9000 now UP"
time="2022-12-06T21:01:31-05:00" level=debug msg="Propagating new UP status"
time="2022-12-06T21:01:31-05:00" level=debug msg="Added outgoing tracing middleware portainer-svc" routerName=portainer-rtr@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=https
time="2022-12-06T21:01:31-05:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=https
time="2022-12-06T21:01:31-05:00" level=debug msg="Adding route for traefik.xxxxxx.com with TLS options default" entryPointName=https
time="2022-12-06T21:01:31-05:00" level=debug msg="Adding route for portainer.xxxxxx.com with TLS options tls-opts@file" entryPointName=https
time="2022-12-06T21:01:31-05:00" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxxx.com\" \"*.home.xxxxxx.com\"]..." providerName=dns-cloudflare.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2022-12-06T21:01:31-05:00" level=debug msg="No ACME certificate generation required for domains [\"xxxxxx.com\" \"*.home.xxxxxx.com\"]." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=dns-cloudflare.acme
time="2022-12-06T21:08:45-05:00" level=debug msg="Serving default certificate for request: \"\""
I am not seeing anything in the loading logs to point me in the direction of the error. Below is the access log.
192.168.3.1 - - [07/Dec/2022:01:23:01 +0000] "GET /favicon.ico HTTP/2.0" 404 19 "-" "-" 1 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:23:03 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 2 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:23:17 +0000] "GET / HTTP/1.1" 302 5 "-" "-" 3 "http-catchall@docker" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:23:17 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 4 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:23:23 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 5 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:23:23 +0000] "GET /favicon.ico HTTP/2.0" 404 19 "-" "-" 6 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:23:48 +0000] "GET /dashboard HTTP/2.0" 404 19 "-" "-" 7 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:23:58 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 8 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:38:51 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 1 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:46:03 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 1 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:01:46:15 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 2 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:02:01:34 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 1 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:02:01:35 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 2 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:02:01:45 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 3 "-" "-" 0ms
192.168.3.1 - - [07/Dec/2022:02:01:55 +0000] "GET / HTTP/2.0" 404 19 "-" "-" 4 "-" "-" 0ms
133.242.174.119 - - [07/Dec/2022:02:17:37 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 6 "-" "-" 0ms
133.242.140.127 - - [07/Dec/2022:02:17:41 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 7 "-" "-" 0ms
133.242.140.127 - - [07/Dec/2022:02:17:46 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 8 "-" "-" 0ms
133.242.174.119 - - [07/Dec/2022:02:17:46 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 9 "-" "-" 0ms
As seen above every request is getting a 404 error. Attached below is my docker-compose file.
version: "3.9"
########################### NETWORKS
networks:
t2_proxy:
name: t2_proxy
driver: bridge
ipam:
config:
- subnet: 192.168.90.0/24
default:
driver: bridge
socket_proxy:
name: socket_proxy
driver: bridge
ipam:
config:
- subnet: 192.168.91.0/24
########################### EXTENSION FIELDS
# Common environment values
x-environment: &default-tz-puid-pgid
TZ: $TZ
PUID: $PUID
PGID: $PGID
x-common-keys-core: &common-keys-core
networks:
- t2_proxy
security_opt:
- no-new-privileges:true
restart: always
# profiles:
# - core
########################### SERVICES
services:
############################# FRONTENDS
# Traefik 2 - Reverse Proxy
traefik:
<<: *common-keys-core # See EXTENSION FIELDS at the top
container_name: traefik
image: traefik:2.9.5
command: # CLI arguments
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=true
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
- --entrypoints.https.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
- --entryPoints.traefik.address=:8080
# - --entryPoints.ping.address=:8081
- --api=true
- --api.insecure=true
- --api.dashboard=true
# - --ping=true
# - --serversTransport.insecureSkipVerify=true
- --log=true
- --log.filePath=/logs/traefik.log
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/logs/access.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=204-299,400-499,500-599
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
# - --providers.docker.endpoint=tcp://socket-proxy:2375
# Automatically set Host rule for services
# - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME_CLOUD_SERVER`)
- --providers.docker.exposedByDefault=false
# - --entrypoints.https.http.middlewares=chain-oauth@file
- --entrypoints.https.http.tls.options=tls-opts@file
# Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services
- --entrypoints.https.http.tls.certresolver=dns-cloudflare
- --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER
- --entrypoints.https.http.tls.domains[0].sans=*.home.$DOMAINNAME_CLOUD_SERVER
# - --entrypoints.https.http.tls.domains[1].main=$DOMAINNAME2 # Pulls main cert for second domain
# - --entrypoints.https.http.tls.domains[1].sans=*.$DOMAINNAME2 # Pulls wildcard cert for second domain
- --providers.docker.network=t2_proxy
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
# - --providers.file.filename=/path/to/file # Load dynamic configuration from a file
- --providers.file.watch=true # Only works on top level files in the rules folder
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
# - --metrics.prometheus=true
# - --metrics.prometheus.buckets=0.1,0.3,1.2,5.0
networks:
t2_proxy:
ipv4_address: 192.168.90.254 # You can specify a static IP
socket_proxy:
#healthcheck:
# test: ["CMD", "traefik", "healthcheck", "--ping"]
# interval: 5s
# retries: 3
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
# - target: 8080 # insecure api wont work
# published: 8080
# protocol: tcp
# mode: host
volumes:
- $DOCKERDIR/appdata/traefik2/rules:/rules # file provider directory
- /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security
- $DOCKERDIR/appdata/traefik2/acme/acme.json:/acme.json # cert location - you must create this emtpy file and change permissions to 600
- $DOCKERDIR/logs/cloudserver/traefik:/logs # for fail2ban or crowdsec
- $DOCKERDIR/shared:/shared
environment:
- TZ=$TZ
- CF_API_EMAIL=$CLOUDFLARE_EMAIL
- CF_API_KEY=$CLOUDFLARE_API_KEY
- DOMAINNAME_CLOUD_SERVER # Passing the domain name to the traefik container to be able to use the variable in rules.
#secrets:
# - cf_email
# - cf_api_key
# - htpasswd
labels:
#- "autoheal=true"
- "traefik.enable=true"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_CLOUD_SERVER`)"
- "traefik.http.routers.traefik-rtr.tls=true" # Some people had 404s without this
# - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
- "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER"
- "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.home.$DOMAINNAME_CLOUD_SERVER"
# - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$DOMAINNAME2" # Pulls main cert for second domain
# - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$DOMAINNAME2" # Pulls wildcard cert for second domain
## Services - API
- "traefik.http.routers.traefik-rtr.service=api@internal"
## Healthcheck/ping
#- "traefik.http.routers.ping.rule=Host(`traefik.$DOMAINNAME_CLOUD_SERVER`) && Path(`/ping`)"
#- "traefik.http.routers.ping.tls=true"
#- "traefik.http.routers.ping.service=ping@internal"
## Middlewares
# - "traefik.http.routers.traefik-rtr.middlewares=chain-no-auth@file" # For No Authentication
- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file" # For Basic HTTP Authentication
# - "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file" # For Google OAuth
# - "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file" # For Authelia Authentication
# - "traefik.http.routers.traefik-rtr.middlewares=middlewares-rate-limit@file,middlewares-https-redirectscheme@file,middlewares-basic-auth@file"
If anyone is able to help with this, it would be much appreciated. I have been banging my head on the wall for the last week trying to figure out the issue.