Can i add a middleware using docker labels and then reference it from a different stack?

dinth · August 11, 2025, 9:08am

Hi. Basically what im trying to do is a stateless traefik, where a dynamic configuration would be defined in Traefiks own docker compose file. Im not 100% sure if its possible, but been googling around and found mixed responses.This is from my Traefik docker compose:

 \# Docker Provider       
TRAEFIK_PROVIDERS_DOCKER: "true"       
TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "tcp://traefik-socket-proxy:2375"       TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"      
TRAEFIK_PROVIDERS_DOCKER_NETWORK: "traefik"

    # Middleware: Security Headers (secHeaders)
      traefik.http.middlewares.securityHeaders.headers.browserXssFilter: "true"
      traefik.http.middlewares.securityHeaders.headers.contentTypeNosniff: "true"
      traefik.http.middlewares.securityHeaders.headers.forceSTSHeader: "true"
      traefik.http.middlewares.securityHeaders.headers.stsIncludeSubdomains: "true"
      traefik.http.middlewares.securityHeaders.headers.stsPreload: "true"
      traefik.http.middlewares.securityHeaders.headers.stsSeconds: "31536000"
      traefik.http.middlewares.securityHeaders.headers.customFrameOptionsValue: "SAMEORIGIN"
      traefik.http.middlewares.securityHeaders.headers.customResponseHeaders.Content-Security-Policy: 'default-src ''self''; media-src ''self'' blob:; script-src ''self'' ''unsafe-inline'' ''unsafe-eval''; style-src ''self'' ''unsafe-inline''; img-src ''self'' data: cdn.jsdelivr.net; font-src ''self'' data:; object-src ''none''; frame-ancestors ''self''; connect-src ''self'';'
      traefik.http.middlewares.securityHeaders.headers.customResponseHeaders.Referrer-Policy: 'strict-origin-when-cross-origin'
      traefik.http.middlewares.securityHeaders.headers.customResponseHeaders.Permissions-Policy: 'microphone=(), geolocation=(), payment=(), usb=(), vr=(), camera=(), display-capture=(), accelerometer=(), gyroscope=(), magnetometer=(), midi=(), xr-spatial-tracking=(), screen-wake-lock=()'
      traefik.http.middlewares.securityHeaders.headers.customResponseHeaders.X-Robots-Tag: 'noindex, nofollow, noarchive, nosnippet'
      traefik.http.middlewares.securityHeaders.headers.customResponseHeaders.X-Frame-Options: 'SAMEORIGIN'

and now in the container ive got this:

      traefik.http.routers.frigate.entrypoints: websecure
      traefik.http.routers.frigate.rule: Host(`cctv.${DOMAIN_NAME}`)
      traefik.http.routers.frigate.tls: "true"
      traefik.http.routers.frigate.tls.certresolver: letsencrypt
      traefik.http.routers.frigate.tls.domains[0].main: "${DOMAIN_NAME}"
      traefik.http.routers.frigate.tls.domains[0].sans: "*.${DOMAIN_NAME}"
      traefik.http.routers.frigate.middlewares: "securityHeaders@docker"
      traefik.http.services.frigate.loadbalancer.server.port: "8971"
      traefik.docker.network: "traefik"

Whenever i try to access that service via Traefik im getting 404 error. The middleware itself is fine, if i put exactly same middleware configuration in a dynamic configuration file and change securityHeaders@docker to securityHeaders@file, it works fine.

So my question really is - is it possible to reference a middleware defined in the Traefiks own stack from a different stack, and if so - what am i doing wrong?

bluepuma77 · August 11, 2025, 9:50am

Yes. Taking Traefik stack from simple Traefik example, a new compose project can use the auth middleware defined in the Traefik stack:

services:

  whoami-2:
    image: traefik/whoami:v1.11.0
    hostname: whoami-2
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.mywhoami-2.rule=Host(`whoami-2.example.com`)
      - traefik.http.services.mywhoami-2.loadbalancer.server.port=80
      - traefik.http.routers.mywhoami-2.middlewares=myauth

networks:
  proxy:
    name: proxy
    external: true

dinth · August 11, 2025, 1:29pm

Then i dont understand what am i doing wrong. Im not seeing anything relevant in Traefik logs, but in the example above, i am getting “middleware "securityHeaders@docker" does not exist” error message in Traefik UI

bluepuma77 · August 11, 2025, 1:47pm

No idea, can't infer any issues from the short snippets you provided.

Have you tried without the docker-socket-proxy?

Topic		Replies	Views
Traefik v2.2 + Docker - define a middleware to be re-used across multiple routers Traefik v2 docker	2	3047	May 27, 2020
Create middleware with docker labels on traefik own container Traefik v2 docker	0	1125	October 22, 2020
Middleware via environment variable Traefik v2 docker	1	1027	January 21, 2020
Traefik does not recognize middleware in docker labels Traefik v2 docker , middleware	3	493	September 28, 2020
.toml file versus docker labels Traefik v2 docker , middleware	1	555	September 23, 2020

Can i add a middleware using docker labels and then reference it from a different stack?

Related topics