Cannot access Traefik dashboard

Hello all,
I got started into Traefik while choosing a reverse proxy to go with Portainer.
The portainer website offers the following docker-composer.yml that I updated to match my needs, but no matter what I tried, I was unable to access the dashboard. After many attempts, I decided to create a subdomain to access the dashboard.

What I am missing in the composer file below?

Additional info:

  • I tried to follow all the subdomain/dashboard questions from the forum and stackoverflow, but did not manage to solve this issue!
  • Portainer is working fine under https://portainer.MYDOMAIN.com
  • I see the HTTPS certificates in acme.json
  • traefik.log is empty
  • All my attempts led to 404 Error
version: "3.3"

services:
  traefik:
    container_name: traefik
    image: "traefik:latest"
    command:
      - --api=true #added by me
      - --api.dashboard=true #added by me
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --log.level=ERROR
      - --certificatesresolvers.leresolver.acme.httpchallenge=true
      - --certificatesresolvers.leresolver.acme.email=MY-EMAIL
      - --certificatesresolvers.leresolver.acme.storage=/var/acme.json
      - --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./acme.json:/acme.json"
    labels:
      - "traefik.enable=true" #added by me
      # - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.rule=Host(`traefik.MYDOMAIN.com`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

  portainer:
    image: portainer/portainer-ce:latest
    command: -H unix:///var/run/docker.sock
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
    labels:
      # Frontend
      - "traefik.enable=true"
      - "traefik.http.routers.frontend.rule=Host(`portainer.MYDOMAIN.com`)"
      - "traefik.http.routers.frontend.entrypoints=websecure"
      - "traefik.http.services.frontend.loadbalancer.server.port=9000"
      - "traefik.http.routers.frontend.service=frontend"
      - "traefik.http.routers.frontend.tls.certresolver=leresolver"

      # Edge
      - "traefik.http.routers.edge.rule=Host(`edge.MYDOMAIN.com`)"
      - "traefik.http.routers.edge.entrypoints=websecure"
      - "traefik.http.services.edge.loadbalancer.server.port=8000"
      - "traefik.http.routers.edge.service=edge"
      - "traefik.http.routers.edge.tls.certresolver=leresolver"


volumes:
  portainer_data:

Thanks in advance!
Best,

First you should enable providers.docker according to doc:

command:
  --providers.docker=true

Without a Traefik router to the dashboard service it won’t work. Add the according labels to Traefik service/container (doc):


# Dynamic Configuration
labels:
  - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
  - "traefik.http.routers.dashboard.service=api@internal"
  - "traefik.http.routers.dashboard.middlewares=auth"
  - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"

Note that the labels always need to go on the target service/container.

Maybe check simple Traefik example.

1 Like

Thanks for the support @bluepuma77.
I tried implementing the changes you mentioned but still got the same 404 page not found error.

I have now the following docker-compose.yml file:

version: "3.3"

services:
  traefik:
    container_name: traefik
    image: "traefik:latest"
    command:
      - --api=true #added by me
      - --api.dashboard=true #added by me
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker=true #2nd try: added "=true"
      - --log.level=ERROR
      - --certificatesresolvers.leresolver.acme.httpchallenge=true
      - --certificatesresolvers.leresolver.acme.email=MY-EMAIL
      - --certificatesresolvers.leresolver.acme.storage=/var/acme.json
      - --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./acme.json:/acme.json"
    labels:
      - "traefik.enable=true" #added by me
      - "traefik.http.routers.dashboard.rule=Host(`traefik.MYDOMAIN.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" #2nd try: added
      - "traefik.http.routers.dashboard.service=api@internal" #2nd try: added
      - "traefik.http.routers.dashboard.middlewares=auth" #2nd try: added
      - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" #2nd try: added
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"  #2nd try: Uncommented row
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

  portainer:
    image: portainer/portainer-ce:latest
    command: -H unix:///var/run/docker.sock
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
    labels:
      # Frontend
      - "traefik.enable=true"
      - "traefik.http.routers.frontend.rule=Host(`portainer.MYDOMAIN.com`)"
      - "traefik.http.routers.frontend.entrypoints=websecure"
      - "traefik.http.services.frontend.loadbalancer.server.port=9000"
      - "traefik.http.routers.frontend.service=frontend"
      - "traefik.http.routers.frontend.tls.certresolver=leresolver"

      # Edge
      - "traefik.http.routers.edge.rule=Host(`edge.MYDOMAIN.com`)"
      - "traefik.http.routers.edge.entrypoints=websecure"
      - "traefik.http.services.edge.loadbalancer.server.port=8000"
      - "traefik.http.routers.edge.service=edge"
      - "traefik.http.routers.edge.tls.certresolver=leresolver"


volumes:
  portainer_data:

.

New questions:

  • Do I need to add "8080:8080" to ports? I have seen people mentioning dashboard access via traefik.domain.com:8080/dashboard?
  • Should I add "traefik.http.routers.dashboard" labels and keep the "traefik.http.routers.http-catchall" labels as above? Having both groups?
  • What else I am doing wrong and how could I troubleshoot this?

Only if you set

--api.dashboard=true 
--api.insecure=true

then dashboard will be available at port 8080, circumventing all routers and middlewares (doc).

Note you need to use /dashboard/ in the URL when trying to access via browser.

You don’t need the catch-all, you can simply place the http-to-https redirect globally on web entrypoint, see simple Traefik example.

1 Like

Thanks again for the help, @bluepuma77
I tried all the suggestions and nothing worked.

At the end, I gave up and used the simple Traefik example.
Dashboard and WhoAmI are working as expected.

The new issue now is how to get Portainer and other docker containers running.
I tried to follow the documentation from Traefik Docker Routing Documentation - Traefik, specially the part under "Specify a Custom Port for the Container":

version: "3"
services:
  my-container:
    # ...
    labels:
      - traefik.http.routers.my-container.rule=Host(`example.com`)
      # Tell Traefik to use the port 12345 to connect to `my-container`
      - traefik.http.services.my-service.loadbalancer.server.port=12345

.
Until now I was not successful. My current docker-compose.yml for Portainer:

 portainer:
    image: portainer/portainer-ce:latest
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
    labels:
      # Frontend
      - traefik.enable=true"
      - traefik.http.routers.frontend.rule=Host(`portainer.MYDOMAIN.com`)
      - traefik.http.routers.frontend.entrypoints=websecure #Is this needed?
      - traefik.http.services.frontend.loadbalancer.server.port=9000
      - traefik.http.routers.frontend.service=frontend
      - traefik.docker.network=proxy #"proxy" is my network name from traefik

      # Edge
      - traefik.http.routers.edge.rule=Host(`edge.MYDOMAIN.com`)
      - traefik.http.routers.edge.entrypoints=websecure #Is this needed?
      - traefik.http.services.edge.loadbalancer.server.port=8000
      - traefik.http.routers.edge.service=edge

volumes:
  portainer_data:

The error I am getting is Gateway Timeout. Which I found on forums to be related to the used network. I tried to overcome this by using the Traefik Docker Routing Documentation - Traefik.

Any ideas on what can be possibly wrong?

You have not assigned the network proxy to the portainer service.

1 Like

Shame on me! =)
For the record, I have added:

services:
  my-container:
    networks:
      - proxy

networks:
   proxy:
      name: proxy
      external: true

Thanks a lot for the support!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.