You are providing only small excerpts, but change stuff around in the meantime. Initially it was a provider.file
with a file name (in the linked config), which had the wrong path. Now you supply snippets again. This does not help to get a clear full picture.
This would be my flow to find the error:
- static config loaded? (via
command
, --configFile=
or /etc/traefik/traefik.*
)
level=info msg="Configuration loaded from file: /traefik.yml"
- dynamic config loaded? (
provider.file
, provider.docker
and labels, etc)
level=info msg="Starting provider *file.Provider"
level=info msg="Starting provider *docker.Provider"
- ports open on container and declared with entrypoints
- enable debug log and access log
- enable dashboard
- ...
When trying to access the dashboard, make sure to use /dashboard/
with /
at the end.
@bluepuma77, I appreciate all the help. Sorry for just the snippets, but I figured we were only looking at mount points and directories since my logs do not show that config.yml ever gets loaded. So it looks like the error is the its not actually watching the directory like it should.
I uploaded all three fresh ones again as they stand now https://pastebin.com/Etk7VELp. I have no clue what to try again. Its my understanding that if I use command I can't use static and dynamic as it can only read one either from docker-compose or from traefik.yml (which says it is being read and loaded). The logs say that it is watching /etc/traefik/config but never says config.yml is loaded.
I tried with /api
/api/
/dashboard
/dashboard/
/api/dashboard/
and all of them return a 404 not found error.
For Traefik static config you can use one of these options (you can't mix):
- A traefik.yml|toml in /etc/traefik (docs)
- Use command
--configFile=/traefik.yml|toml
- Use
command
line switches for config settings
Within any of those you can define a provider.file
to read dynamic config.
This is a minimum example of a docker-compose.yml
for Traefik with LetsEncrypt, dashboard and a whoami service. It uses command
for static config and labels
for dynamic config. LE certificates are saved in a volume for persistence, you can also mount a host folder instead.
# docker-compose.yml
version: '3.9'
services:
traefik:
image: traefik:v2.9
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-certificates:/certificates
command:
--providers.docker=true
--providers.docker.exposedByDefault=false
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entryPoint.to=websecure
--entryPoints.web.http.redirections.entryPoint.scheme=https
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls=true
--api.debug=true
--api.dashboard=true
--log.level=DEBUG
--accesslog=true
--certificatesResolvers.myresolver.acme.email=mail@example.com
--certificatesResolvers.myresolver.acme.storage=/certificates/acme.json
--certificatesResolvers.myresolver.acme.httpchallenge.entrypoint=web
labels:
- traefik.enable=true
- traefik.http.routers.mydash.entrypoints=websecure
- traefik.http.routers.mydash.rule=Host(`traefik.example.com`)
- traefik.http.routers.mydash.tls.certresolver=myresolver
- traefik.http.routers.mydash.service=api@internal
- traefik.http.routers.mydash.middlewares=myauth
- 'traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/'
whoami:
image: traefik/whoami:v1.8
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.mywhoami.entrypoints=websecure
- traefik.http.routers.mywhoami.rule=Host(`whoami.example.com`)
- traefik.http.routers.mywhoami.tls.certresolver=myresolver
- traefik.http.services.mywhoami.loadbalancer.server.port=80
networks:
proxy:
name: proxy
external: true
volumes:
traefik-certificates:
By the way, you can also just use a PathPrefix for your Traefik dashboard:
traefik.http.routers.mydash.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)
traefik.http.routers.mydash.priority=1024 # optional
That way the Traefik dasboard is simply available on all you sites at /dashboard/
.
Two caveats
- You need to make sure your other services do not use
/api
or /dashboard
.
- You need to have at least one service with a
Host
for LetsEncrypt to work
But at least you can try.
I am trying to use a static yml and not the compose method. From what I have read, my config should work. I confirm that traefik is getting everything its just not forwarding anything to where it should be. I get the traefik 404. And it appears my config is never loading my dynamic config or the directory that my config is in.
If your static and dynamic config is not read, check what's happening.
Go into Traefik container and check if the static config file is there and readable. Alternatively use command: --configFile=/path/static.yml
on your Traefik container.
Same for dynamic configuration, check that the file provider path exists and the file is readable.
Enable Traefik debug log and access log in the static configuration. To easily see active routers and services, enable Traefik dashboard. Quick & dirty you can enable it insecure in static config.
I have done all of that. The logs show that the traefik.yml is read and gets loaded. I can see all web and websecure start. Then I see it say something about the dynamic config, but it never says it reads it or loads it. Just what it is searching for. If I exec into the container, I can cat the dynamic in the path. So for some reason, it just refuses to load the dynamic configuration.
Pastebin lost your config. How about using container labels instead of dynamic config file? Example.
I will be having it forward to other devices on the LAN. There really won't be but two other containers on this one except for traefik. One is tailscale which doesn't need to be done. The other is a gitlab instance that handles its own server web server, and I just need to forward it to it. So, dynamic is the best for me but it doesn't work.
Also, I had set an expiration on Pastebin. It should be fixed now, and can be seen here https://pastebin.com/5Uyn3qSD
I got it working by changing https to http in the dynamic config file. Not sure why the guide had that. I can now reach my bitwarden instance but still cannot get to the dashboard. Still getting 404 every time.
I am not sure what I did, but I have everything local working now. Next step is to protect my home server services through tailscale and use traefik to route it @bluepuma77 thanks for all the help.