404 on some Docker Containers when using Domain

I have been following the instructions available here on setting up Docker and Traefik 2 for a home media server: https://www.smarthomebeginner.com/traefik-2-docker-tutorial/

So far, the media services are working well together. SSL is self-signed since Let's Encrypt doesn't want to update when the Traefik container is rerun, but that's not a big deal. What is a big deal is that some of the subdomains return a "404 file not found" when attempting to reach the application via a domain name. Using the IP address and port of the host works fine, but I need the domain to work for things like Plex in order to connect other Plex apps to this server.

Below are the Traefik and Plex sections of my docker-compose.yml, along with a section for a container that is working properly:

Traefik Section:

# Traefik 2 - Reverse Proxy
  traefik:
    container_name: traefik
    image: traefik:2.2.1
    restart: unless-stopped
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
        # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
      - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.
0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
#      - --entryPoints.traefik.address=:8080
      - --api=true
#      - --api.insecure=true
#      - --serversTransport.insecureSkipVerify=true
      - --log=true
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=t2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
#      - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
      - --providers.file.watch=true # Only works on top level files in the rules folder
      #- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server
- uncomment when testing
      - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
    networks:
      t2_proxy:
        ipv4_address: 192.168.2.254
    security_opt:
      - no-new-privileges:true
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
#      - target: 8080
#        published: 8080
#        protocol: tcp
#        mode: host
    volumes:
      - $DOCKERDIR/traefik2/rules:/rules
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $DOCKERDIR/traefik2/acme/acme.json:/acme.json
      - $DOCKERDIR/traefik2/traefik.log:/traefik.log
      - $DOCKERDIR/shared:/shared
    environment:
      - CF_API_EMAIL=$CLOUDFLARE_EMAIL
      - CF_API_KEY=$CLOUDFLARE_API_KEY
    labels:
      - "traefik.enable=true"
      # HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
      - "traefik.http.routers.traefik-rtr.tls=true"
      - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of
wildcard certs
      - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
      - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
#      - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$SECONDDOMAINNAME" # Pulls main cert for second domain
#      - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$SECONDDOMAINNAME" # Pulls wildcard cert for second domain
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      ## Middlewares
      - "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file"

Plex Section:

# Plex - Media Server
  plexms:
    image: plexinc/pms-docker:public
    container_name: plexms
    restart: unless-stopped
    depends_on:
      - "traefik"
    networks:
      t2_proxy:
        ipv4_address: 192.168.2.20
#    devices:
#      - /dev/dri:/dev/dri # for harware transcoding
    security_opt:
      - no-new-privileges:true
    ports:
      - "32400:32400/tcp"
      - "32400:32400/udp"
      - "3005:3005/tcp"
      - "8324:8324/tcp"
      - "32469:32469/tcp"
      - "1900:1900/udp"
      - "32410:32410/udp"
      - "32412:32412/udp"
      - "32413:32413/udp"
      - "32414:32414/udp"
      - "33400:33400/tcp"
    volumes:
      - $DOCKERDIR/plexms:/config
      - $USERDIR/Downloads:/Downloads
      - /mnt/user/anime:/anime
      - /mnt/user/tv:/tv
      - /mnt/user/movies:/movies
      - /dev/shm:/transcode # Offload transcoding to RAM if you have enough RAM
    #   - $USERDIR/Downloads/plex_tmp:/transcode
    environment:
      TZ: $TZ
      HOSTNAME: "plex"
      PLEX_CLAIM: $PLEX_CLAIM
      PLEX_UID: $PUID
      PLEX_GID: $PGID
      ADVERTISE_IP: https://plex.domain.name:443/
    hostname: plex.tamarik.space
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.plexms-rtr.entrypoints=https"
      - "traefik.http.routers.plexms-rtr.rule=Host(`plex.$DOMAINNAME`)"
      - "traefik.http.routers.plexms-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.portainer-rtr.middlewares=chain-no-auth@file"
      #- "traefik.http.routers.plexms-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.plexms-rtr.service=plexms-svc"
      - "traefik.http.services.plexms-svc.loadbalancer.server.port=32400"

Working Application (Sonarr):

  # Sonarr - TV Shows management
  # Set url_base in sonarr settings if using PathPrefix
  sonarr:
    # image: aront/sonarr  #for mp4_automator support
    image: linuxserver/sonarr
    container_name: sonarr
    restart: unless-stopped
    depends_on:
      - "traefik"
    networks:
      t2_proxy:
        ipv4_address: 192.168.2.12
    security_opt:
      - no-new-privileges:true
    ports:
      - "8989:8989"
    volumes:
      - $DOCKERDIR/sonarr:/config
      - /mnt/user/torrents:/downloads
      - /mnt/user/tv:/media
      - /etc/localtime:/etc/localtime:ro
    #   - "$DOCKERDIR/shared/mp4_automator:/config_mp4_automator:rw"
    environment:
      PUID: $PUID
      PGID: $PGID
      TZ: $TZ
    labels:
      - "traefik.enable=true"
      ## HTTP Routers Auth Bypass
      - "traefik.http.routers.sonarr-rtr-bypass.entrypoints=https"
      - "traefik.http.routers.sonarr-rtr-bypass.rule=Headers(`X-Api-Key`, `$SONARR_API_KEY`) || Query(`apikey`, `$SONARR_API_KEY`)"
      - "traefik.http.routers.sonarr-rtr-bypass.priority=100"
      ## HTTP Routers Auth
      - "traefik.http.routers.sonarr-rtr.entrypoints=https"
      - "traefik.http.routers.sonarr-rtr.rule=Host(`sonarr.$DOMAINNAME`)"
      - "traefik.http.routers.sonarr-rtr.tls=true"
      - "traefik.http.routers.sonarr-rtr.priority=99"
      ## Middlewares
      - "traefik.http.routers.sonarr-rtr-bypass.middlewares=chain-no-auth@file"
      - "traefik.http.routers.sonarr-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.sonarr-rtr.service=sonarr-svc"
      - "traefik.http.routers.sonarr-rtr-bypass.service=sonarr-svc"
      - "traefik.http.services.sonarr-svc.loadbalancer.server.port=8989"

Thanks for any assistance you can provide!

Hi there, I know this was a while ago...

But I'm using the same smarthomebeginner guide and I'm having a similar issue with my Plex container. I was wondering if you found a fix?

Thanks!

No, I was never able to find a solution to the problem, so I just rolled back and used IP addresses locally.