Hello,
I'm calling for help here because I can't get rid of my traefik errors.
I've already eliminated many of them, but I still have one left.... Here is an extract of docker logs
and my configuration files
If anyone could tell me what's going wrong, that would be awesome!
Thanks a lot!
particular details,
Traefik is in a vm behind a nginx proxy, but it's not supposed to interfere.
Having said that, this forces me to use http challenge and not tcp for letsencrypt.
2024-10-21T09:38:32Z INF Starting provider aggregator aggregator.ProviderAggregator
2024-10-21T09:38:32Z INF Starting provider *file.Provider
2024-10-21T09:38:32Z INF Starting provider *traefik.Provider
2024-10-21T09:38:32Z INF Starting provider *acme.ChallengeTLSALPN
2024-10-21T09:38:32Z INF Starting provider *docker.Provider
2024-10-21T09:38:32Z INF Starting provider *acme.Provider
2024-10-21T09:38:32Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=myresolver.acme
2024-10-21T21:57:25Z ERR Cannot retrieve the ACME challenge for traefik.domain.com (token "license.php") providerName=acme
2024-10-21T21:57:26Z ERR Cannot retrieve the ACME challenge for traefik.domain.com (token "mariju.php") providerName=acme
2024-10-21T21:57:27Z ERR Cannot retrieve the ACME challenge for traefik.domain.com (token "atomlib.php") providerName=acme
2024-10-21T21:57:31Z ERR Cannot retrieve the ACME challenge for traefik.domain.com (token "index.php") providerName=acme
2024-10-21T21:57:31Z ERR Cannot retrieve the ACME challenge for traefik.domain.com (token "install.php") providerName=acme
2024-10-21T22:30:05Z ERR Cannot retrieve the ACME challenge for domain.com (token "plugins.php") providerName=acme
2024-10-21T22:30:09Z ERR Cannot retrieve the ACME challenge for domain.com (token "index.php") providerName=acme
2024-10-21T22:30:09Z ERR Cannot retrieve the ACME challenge for domain.com (token "autoload_classmap.php") providerName=acme
2024-10-21T22:30:09Z ERR Cannot retrieve the ACME challenge for domain.com (token "admin.php") providerName=acme
Here are my config files
docker_compose.yml
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: always
command:
- "--configFile=/etc/traefik/traefik.yml"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./data/letsencrypt:/letsencrypt"
- "./config/traefik.yml:/etc/traefik/traefik.yml:ro"
- "./config/dynamic.yml:/etc/traefik/dynamic.yml:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=secureHeaders@file, auth"
- "traefik.http.middlewares.auth.basicAuth.users=admin:$$apr1$$SECRET."
- "traefik.http.routers.acme-http.rule=Host(`traefik.domain.com`) && PathPrefix(`/.well-known/acme-challenge/`)"
- "traefik.http.routers.acme-http.entrypoints=websecure"
- "traefik.http.routers.acme-http.tls=true"
- "traefik.http.routers.acme-http.tls.certresolver=myresolver"
- "traefik.http.routers.acme-http.service=api@internal"
- "traefik.http.routers.acme-http.priority=100"
networks:
- traefik-net
networks:
traefik-net:
name: traefik-net
config/traefik.yml
global:
sendAnonymousUsage: false
log:
level: info
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
middlewares:
- secureHeaders@file
api:
dashboard: true
insecure: false
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
certificatesResolvers:
myresolver:
acme:
email: serveur@domain.com
storage: /letsencrypt/acme.json
#caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
httpChallenge:
entryPoint: web
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /etc/traefik/dynamic.yml
watch: true
config/dynamic.yml
http:
middlewares:
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: "strict-origin-when-cross-origin"
permissionsPolicy: "camera=(), microphone=(), geolocation=()"
customResponseHeaders:
X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
Here's an example of one service I run
services:
toto:
image: ghcr.io/lorem/website-front/ipsum:latest
container_name: toto
restart: always
networks:
- traefik-net
labels:
- "traefik.enable=true"
- "traefik.http.routers.website.rule=Host(`domain.com`) || Host(`www.domain.com`)"
- "traefik.http.routers.website.entrypoints=websecure"
- "traefik.http.routers.website.tls.certresolver=myresolver"
- "traefik.http.services.website.loadbalancer.server.port=3000"
networks:
traefik-net:
external: true