Dashboard Auth - Fail - Traefik-v3.12-alpine(Docker Swarm)

Traefik Static Config :

entryPoints:
  traefik:
    address: ":9876"
providers:
  file:
    filename: /etc/traefik/dynamic.yml
  swarm:
    exposedByDefault: false
    allowEmptyServices: true
    network: test-net
api:
  insecure: false
  dashboard: true
  debug: true

Traefik Dynamic Config:

tls:
  certificates:
    - certFile: /etc/traefik/mydomain.pem
      keyFile: /etc/traefik/mydomain.key

Docker Compose:

deploy:
  labels:
    - "traefik.enable=true"
    - "traefik.http.routers.traefik.entrypoints=traefik"
    - "traefik.http.routers.traefik.rule=Host(`mydomain`)"
    - "traefik.http.routers.traefik.tls=true"
    - "traefik.http.routers.traefik.middlewares=dashboard-auth"
    - "traefik.http.routers.traefik.service=api@internal"
    - "traefik.http.middlewares.dashboard-auth.basicauth.users=test:<secrets>"

curl https://mydomain:9876/dashboard/ - 404
curl http://mydomain:9876/dashboard/ - 404
curl https://mydomain:9876/ - 404
curl http://mydomain:9876/ - 404

I want to enable Dashboard login verification in the current version.
But ,
May I ask why I am unable to access the Traefik Dashboard using the above configuration? Thanks ~

Share your full Traefik static and dynamic config, and the full Docker compose file.

Static Config & Dynamic Config is full content.
Compose file (All):

version: "3.8"
services:
  app:
    image: myregistry-server/traefik:3.1.2-alpine
    networks:
      app-net:
        aliases:
          - traefik
    ports:
      - target: 9876
        published: 9876
    volumes:
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
    configs:
      - source: app-config
        target: /etc/traefik/traefik.yml
        mode: 0444
      - source: app-dynamic
        target: /etc/traefik/dynamic.yml
        mode: 0444
    secrets:
      - source: tls-mydomain-pem
        target: /etc/traefik/mydomain.pem
        mode: 0444
      - source: tls-mydomain-key
        target: /etc/traefik/mydomain.key
        mode: 0444
    deploy:
      mode: replicated
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.traefik.entrypoints=traefik"
        - "traefik.http.routers.traefik.rule=Host(`mydomain`)"
        - "traefik.http.routers.traefik.tls=true"
        - "traefik.http.routers.traefik.middlewares=dashboard-auth"
        - "traefik.http.routers.traefik.service=api@internal"
        - "traefik.http.middlewares.dashboard-auth.basicauth.users=test:<secrets>"
      replicas: 1
      placement:
        max_replicas_per_node: 1
        constraints:
          - node.role == manager

secrets:
  tls-mesh-pem:
    external: true
    name: traefik-tls-mydomain-pem
  tls-mesh-key:
    external: true
    name: traefik-tls-mydomain-key

configs:
  app-config:
    external: true
    name: traefik-config
  app-dynamic:
    external: true
    name: traefik-dynamic

networks:
  app-net:
    name: test-net
    external: true

All secrets or configs in docker swarm is ready now.

Because I only want to use Dashboard now, I don't need any other ExitPoint configuration. But I couldn't successfully access the dashboard when adding user login. Do you have any suggestions?

Enable and check Traefik debug log and access log. Is dynamic config from Swarm and file read? Is the curl request arriving at Traefik?

Maybe compare to simple Traefik Swarm example.

Request is arriving at traefik , Log shows the request. But , the log content shows a request return of 404.
Dynamic configuration is effective. Because only adding can read the certificate, removing it will not be able to read the certificate.

The current issue is that if the request can be forwarded to labels, I speculate that the request did not reach the labels' configuration.

Enable Traefik access log in JSON format (doc) to see the response status code from your target service (OriginStatus) and from Traefik to the browser/client (DownstreamStatus).

Access log is enabled , OriginStatus is not found , Because return code is 404 , so Traefik to the browser(DownstreamStatus) is 404 status code.

I speculate that the request has arrived at Traefik, but Traefik has not found a service to handle the dashboard.

But , insecure = true ,everything is working~ Where did I configure it incorrectly ?

With insecure=true (doc), Traefik will create an entrypoint on 8080 and create a catch-all router for dashboard on it, use path /dashboard/.

All you need to do is open port 8080 with Docker.

Thanks for your suggestion. Using insecure=true can run normally, but that's not my intention. My intention is to use insecure=false so that I can use basicauth .

Maybe check simple Traefik Swarm example.

Thank you for your help , I think I have found the ultimate problem .
The key issue is that " users=test: " , This secret format is incorrect . So , when change it to correct . Everything is ok now~
But I am curious why incorrect secret formats do not receive any prompts . It's magic ~ ^*^

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.