Continuous 404 instead of dashboard and error 521 with Clouadflare

You are providing only small excerpts, but change stuff around in the meantime. Initially it was a provider.file with a file name (in the linked config), which had the wrong path. Now you supply snippets again. This does not help to get a clear full picture.

This would be my flow to find the error:

  1. static config loaded? (via command, --configFile= or /etc/traefik/traefik.*)
    level=info msg="Configuration loaded from file: /traefik.yml"
  2. dynamic config loaded? (provider.file, provider.docker and labels, etc)
    level=info msg="Starting provider *file.Provider"
    level=info msg="Starting provider *docker.Provider"
  3. ports open on container and declared with entrypoints
  4. enable debug log and access log
  5. enable dashboard
  6. ...

When trying to access the dashboard, make sure to use /dashboard/ with / at the end.

@bluepuma77, I appreciate all the help. Sorry for just the snippets, but I figured we were only looking at mount points and directories since my logs do not show that config.yml ever gets loaded. So it looks like the error is the its not actually watching the directory like it should.

I uploaded all three fresh ones again as they stand now https://pastebin.com/Etk7VELp. I have no clue what to try again. Its my understanding that if I use command I can't use static and dynamic as it can only read one either from docker-compose or from traefik.yml (which says it is being read and loaded). The logs say that it is watching /etc/traefik/config but never says config.yml is loaded.

I tried with /api
/api/
/dashboard
/dashboard/
/api/dashboard/

and all of them return a 404 not found error.

For Traefik static config you can use one of these options (you can't mix):

  1. A traefik.yml|toml in /etc/traefik (docs)
  2. Use command --configFile=/traefik.yml|toml
  3. Use command line switches for config settings

Within any of those you can define a provider.file to read dynamic config.

This is a minimum example of a docker-compose.yml for Traefik with LetsEncrypt, dashboard and a whoami service. It uses command for static config and labels for dynamic config. LE certificates are saved in a volume for persistence, you can also mount a host folder instead.

# docker-compose.yml
version: '3.9'

services:
  traefik:
    image: traefik:v2.9
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-certificates:/certificates
    command:
      --providers.docker=true
      --providers.docker.exposedByDefault=false
      --entryPoints.web.address=:80
      --entryPoints.web.http.redirections.entryPoint.to=websecure
      --entryPoints.web.http.redirections.entryPoint.scheme=https
      --entryPoints.websecure.address=:443
      --entryPoints.websecure.http.tls=true
      --api.debug=true
      --api.dashboard=true
      --log.level=DEBUG
      --accesslog=true
      --certificatesResolvers.myresolver.acme.email=mail@example.com
      --certificatesResolvers.myresolver.acme.storage=/certificates/acme.json
      --certificatesResolvers.myresolver.acme.httpchallenge.entrypoint=web
    labels:
      - traefik.enable=true
      - traefik.http.routers.mydash.entrypoints=websecure
      - traefik.http.routers.mydash.rule=Host(`traefik.example.com`)
      - traefik.http.routers.mydash.tls.certresolver=myresolver
      - traefik.http.routers.mydash.service=api@internal
      - traefik.http.routers.mydash.middlewares=myauth
      - 'traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/'

  whoami:
    image: traefik/whoami:v1.8
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.mywhoami.entrypoints=websecure
      - traefik.http.routers.mywhoami.rule=Host(`whoami.example.com`)
      - traefik.http.routers.mywhoami.tls.certresolver=myresolver
      - traefik.http.services.mywhoami.loadbalancer.server.port=80

networks:
  proxy:
    name: proxy
    external: true

volumes:
  traefik-certificates:

By the way, you can also just use a PathPrefix for your Traefik dashboard:

traefik.http.routers.mydash.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)
traefik.http.routers.mydash.priority=1024 # optional

That way the Traefik dasboard is simply available on all you sites at /dashboard/.

Two caveats

  1. You need to make sure your other services do not use /api or /dashboard.
  2. You need to have at least one service with a Host for LetsEncrypt to work

But at least you can try.

I am trying to use a static yml and not the compose method. From what I have read, my config should work. I confirm that traefik is getting everything its just not forwarding anything to where it should be. I get the traefik 404. And it appears my config is never loading my dynamic config or the directory that my config is in.

If your static and dynamic config is not read, check what's happening.

Go into Traefik container and check if the static config file is there and readable. Alternatively use command: --configFile=/path/static.yml on your Traefik container.

Same for dynamic configuration, check that the file provider path exists and the file is readable.

Enable Traefik debug log and access log in the static configuration. To easily see active routers and services, enable Traefik dashboard. Quick & dirty you can enable it insecure in static config.

I have done all of that. The logs show that the traefik.yml is read and gets loaded. I can see all web and websecure start. Then I see it say something about the dynamic config, but it never says it reads it or loads it. Just what it is searching for. If I exec into the container, I can cat the dynamic in the path. So for some reason, it just refuses to load the dynamic configuration.

Pastebin lost your config. How about using container labels instead of dynamic config file? Example.

I will be having it forward to other devices on the LAN. There really won't be but two other containers on this one except for traefik. One is tailscale which doesn't need to be done. The other is a gitlab instance that handles its own server web server, and I just need to forward it to it. So, dynamic is the best for me but it doesn't work.

Also, I had set an expiration on Pastebin. It should be fixed now, and can be seen here https://pastebin.com/5Uyn3qSD

I got it working by changing https to http in the dynamic config file. Not sure why the guide had that. I can now reach my bitwarden instance but still cannot get to the dashboard. Still getting 404 every time.

I am not sure what I did, but I have everything local working now. Next step is to protect my home server services through tailscale and use traefik to route it @bluepuma77 thanks for all the help.