Another "Can’t Access Dashboard on HTTPS"

I read almost all threads in this forum and outside about accessing dashboard on HTTPS.

Note: I'm using Kamal, so the setup below may be slightly different than the standard Traefik, but I believe the concepts remain the same.

I successfully configured Traefik as a dynamic, transparent/TLS pass-through reverse proxy and load balancer on Linode. Behind the load balancer (IP 1x9.1y4.1z1.121) there are a couple of backend servers (including one with IP 1x2.1y4.2x4.79) that seem to properly work as expected (redirection, SSL certificate generation, etc.).

However, I cannot access the Traefik dashboard in secure mode.

Here is the configuration:

# deploy.yml

# ...

# Configure custom arguments for Traefik
      - "443:443"
      - "8080:8080"
      - "/letsencrypt/acme.json:/letsencrypt/acme.json"
    entryPoints.web.address: ":80"
    entryPoints.websecure.address: ":443"

    entryPoints.web.forwardedHeaders.trustedIPs: "1x9.1y4.1z1.121,,1x2.1y8.2z5.0/24"
    entryPoints.web.proxyProtocol.trustedIPs: "1x9.1y4.1z1.121,,1x2.1y8.2z5.0/24"
    entryPoints.websecure.forwardedHeaders.trustedIPs: "1x9.1y4.1z1.121,,1x2.1y8.2z5.0/24"
    entryPoints.websecure.proxyProtocol.trustedIPs: "1x9.1y4.1z1.121,,1x2.1y8.2z5.0/24" "" "/letsencrypt/acme.json"
    certificatesresolvers.letsencrypt.acme.dnschallenge: true
    certificatesresolvers.letsencrypt.acme.dnschallenge.provider: linode

    api.dashboard: true
    api.insecure: false

    # Dashboard configuration (not working)
    traefik.enable: "true"
    traefik.http.routers.dashboard.tls: true
    traefik.http.routers.dashboard.rule: Host(``) # (Host(``) || Host(``)) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)) 
    traefik.http.routers.dashboard.service: "api@internal"
    traefik.http.routers.dashboard.middlewares: "auth"
    traefik.http.middlewares.auth.basicauth.users: test:$2y$05$H2o72tMaO.TwY1wNQUV1K.fhjRgLHRDWohFvUZOJHBEtUXNKrqUKi

      LINODE_EMAIL: ""

# Deploy to these servers.
      - 1x2.1y4.2z4.79
      "add-host": host.docker.internal:
      traefik.http.routers.www_mywebsite_com.rule: Host(``) || Host(``)
      traefik.http.routers.www_mywebsite_com.middlewares: addhttpswww

      traefik.http.routers.www_mywebsite_com_secure.rule: Host(``) || Host(``)
      traefik.http.routers.www_mywebsite_com_secure.middlewares: addhttpswww

      traefik.http.routers.www_mywebsite_com_secure.tls: true
      traefik.http.routers.www_mywebsite_com_secure.tls.certresolver: letsencrypt[0].main: ""[0].sans: "*" 

      traefik.http.middlewares.addhttpswww.redirectregex.regex: ^(?:http|https)://(?:www\.)?(.*)
      traefik.http.middlewares.addhttpswww.redirectregex.replacement: "https://www.$1"
# ...

Using the above configuration, I tried accessing the dashboard without success at URLs like:

  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • > This site can’t be reached
  • http://1x2.1y4.2z4.79:8080/dashboard/ > This site can’t be reached
  • https://1x2.1y4.2z4.79:8080/dashboard/ > This site can’t be reached

When I use api.insecure: true then the only URLs that work for accessing the dashboard are:

  • http://1x2.1y4.2z4.79:8080/ > Works but in insecure mode
  • http://1x2.1y4.2x4.79:8080/dashboard/ Works but in insecure mode

Here is the dashboard in insecure mode:

Here is the routers detail:

What am I missing? Do I need another piece of middleware to perform some sort of redirect/mapping?

Is the DNS for your domain pointing to the right IP of the Traefik service?

Check and compare to simple Traefik example.

I think it's so, but I'm new to Traefik and not so experienced in networking. How can I ensure that the DNS for the domain is pointing to the right IP of the Traefik service?

Maybe, this DNS Zone File content (note: 1x9.1y4.1z1.121 is the IP of the node balancer and reverse proxy) compared to the configuration in my previous message can help:

; [1913505]
$TTL 86400
@  IN  SOA my\ 2021000011 14400 14400 1209600 86400
@  NS
@  NS
@  NS
@  NS
@  NS
@  MX  10
@     A  1x9.1y4.1z1.121
mail  A  1x9.1y4.1z1.121
www   A  1x9.1y4.1z1.121
@     AAAA  2xx1:7yy1:1::8zz0:a179
mail  AAAA  2xx1:7yy1:1::8zz0:a179
www   AAAA  2xx1:7yy1:1::8zz0:a179

I seen the linked configuration file and, a part

  • the private network proxy (that in my understanding I'm resolving to the container's host IP with the use of "add-host": host.docker.internal:, which allows accessing services like database, Redis, etc. that run on the host),
  • the remotion of entrypoints.websecure.asDefault=true (because I'm using Traefik v2), and
  • a different way to handle redirection from http to https (really, in my case, to https://www),

it seems to be functionally the same as mine.

I added the following to the DNS settings

traefik      CNAME

And updated the dashboard-related configuration to:

    # Dashboard configuration (working only with, not with http)
    traefik.http.routers.dashboard.rule: Host(``) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
    traefik.http.routers.dashboard.service: api@internal
    traefik.http.routers.dashboard.middlewares: redirect-to-https, auth
    traefik.http.middlewares.auth.basicauth.users: admin:$apr1$9I9yC5hW$dVDLOJHBYsvBne9jn.4Kk1
    traefik.http.routers.dashboard.tls: true
    traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https # <<< Added this

Now the Traefik dashboard seems to work over HTTPS by accessing

However, if I access then the browser displays a my website page (not the basic login to the Traefik dashboard). I think it's normal as of settings, but I'd like to force the use of/redirect to https for accessing the Traefik dashboard. How to do that?