Can not access Dashboard via traefik.Mydomain.com

Traefik Traefik v2
1

Can not access Dashboard via traefik.Mydomain.com
Cloudflare Invalid SSL

version: "3.3"

services:

  traefik:
    image: "traefik:v2.10"
    container_name: "traefik"

    labels:
      - "traefik.http.middlewares.test-auth.basicauth.users=user1:$$2b$$05$$e6VrNv.t8F4C5CAeztQNkeO9Y5CjzTgCZKcWdF3CBmy/tZs20mkpS,user2:$$2b$$05$$e6VrNv.t8F4C5CAeztQNkeO9Y5CjzTgCZKcWdF3CBmy/tZs20mkpS"
      - "traefik.http.routers.api.rule=Host(`traefik.Mydomain.com`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.routers.api.entrypoints=websecure"

    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=postmaster@MyDomain.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - CLOUDFLARE_EMAIL=MyEmail@gmail.com
      - CLOUDFLARE_DNS_API_TOKEN=MyToken
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  web1:
    image: nginx:latest
    container_name: "web1"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.web1.rule=Host(`web1.MyDomain.com`)"
      - "traefik.http.routers.web1.entrypoints=websecure"
      - "traefik.http.routers.web1.tls.certresolver=myresolver"
    volumes:
      -  ./index1.html:/var/www/websites/index.html
      -  ./default.conf:/etc/nginx/conf.d/default.conf
2

Did you read my comment in your other post?

Also enable Traefik debug log to see what’s happening.

3

Thanks for the reply.

docker logs traefik | grep traefik.MyDomain.com
time="2023-05-27T19:23:00Z" level=debug msg="Adding certificate for domain(s) traefik.MyDomain.com"

https://traefik.wwwmri.com/
404 page not found

I do not have a static config file. Do I need one?

4

Static config can be traefik.yml file or command in docker-compose.yml.

5

Thanks for the Static vs Dynamic clarification.

I am still lost your git hub has all sorts of other things in it that is not in the documentation and Is making me more confused.

You are also using mydashboard where I am using api... I am lost here

6

I really do not get why web1.Mydomain.com works
MyIP:8080 works for the dashboard
Yet traefik.Mydomain.com does not and is so difficult to configure.

7

Yes, Traefik is not plug&play.

You need to enable Traefik dashboard, either in secure or insecure mode (which uses port 8080), read the doc.

To understand Traefik, it is recommended to read the whole documentation, at least start at the beginning to understand the concepts (static/dynamic, entrypoints, providers, routers/services, TLS).

Then you will understand that api and mydashboard are just names, they can differ per setup, but need to be consistent throughout your setup.

8

When the dashboard is not functional via domain name what concept are we talking about here?
I can only assume poor documentation as to the examples are not working.

9

As stated before, please read the Dashboard doc.

Dashboard is not enabled and when you use it with insecure, then the dashboard will be "hardcoded" to port 8080. Labels won’t change that. And the middleware assignment is wrong.

10

Thanks for the reply
Per documentation:

Insecure Mode

This mode is not recommended because it does not allow the use of security features.

To enable the "insecure mode", use the following options from Traefik's API:
File (YAML)

api:
  dashboard: true
  insecure: true

File (TOML)
CLI

You can now access the dashboard on the port 8080 of the Traefik instance, at the following URL: http://<Traefik IP>:8080/dashboard/ (trailing slash is mandatory).

My code already works with
http://:8080/dashboard/

I have no idea where I am supposed to insert the api: or why?

api:
  dashboard: true
  insecure: true`

I would like to access the dashboard @ https://traefik.Mydomain.com which is not what they are not showing.

Ultimately I would like to access the dashboard @ https://traefik.MyDomain.com

Which is the same way that I access web1.MyDomain.com, web2.MyDomain.com and whoami.Mydomain.com

The doc does not seem to mention the middleware. Sounds like yet another rabbit hole?

Some security would be good too.
This is getting really crazy

11

The insecure mode is a hack to quickly check dashboard on port 8080, just disable it, remove the line.

12

I got it.
This was not in any of the dashboard docs
I needed to add an additional label:

     - "traefik.http.routers.traefik.tls.certresolver=myresolver"