Dashboard is not showing up 404 not found

Ok a day wasted and i am very new to to Traefik, here is my configuration

version: '3.8'
services:
  traefik:
    image: traefik:latest
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=false"
      - "--api.dashboard=true"
      - "--accesslog=true"

      - "--providers.file.filename=/etc/traefik/tls.yml"
      
      # Entry points (HTTP and HTTPS)
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"

      # Enable Docker Swarm provider
      - "--providers.docker.network=management_network"
      - "--providers.swarm.exposedByDefault=false"
      - "--providers.swarm=true"

    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: ingress        # Use ingress routing mesh for published ports
      - target: 443
        published: 443
        protocol: tcp
        mode: ingress

    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/certs/homenet.lan.crt:/etc/certs/homenet.lan.crt:ro"
      - "/etc/certs/homenet.lan.key:/etc/certs/homenet.lan.key:ro"
      - "/etc/traefik/tls.yml:/etc/traefik/tls.yml:ro"

    networks:
      - management_network

    deploy:
      mode: replicated
      restart_policy:
        condition: any
      #placement:
      #  constraints:
      #    - node.role == manager
      replicas: 1
      labels:
        #- "traefik.enable=false"
        #- "traefik.http.routers.api.rule=Host(`traefik.homenet.lan`)"
        - "traefik.http.routers.api.rule=HostRegexp(`{host:.+}`)"
        - "traefik.http.routers.api.service=api@internal"
        - "traefik.http.routers.api.entrypoints=websecure"
        - "traefik.http.routers.api.tls=true"
        - "traefik.http.middlewares.auth.basicauth.users=admin:$apr1$kXrZuhzF$w3a0K/Uyq38KlhW/bEw6y0"  # admin:admin
        - "traefik.http.routers.api.middlewares=auth"

  portainer:
    image: portainer/portainer-ce
    networks:
      - management_network
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.portainer.rule=Host(`portainer.homenet.lan`)"
        - "traefik.http.routers.portainer.entrypoints=websecure"
        - "traefik.http.routers.portainer.tls=true"
        - "traefik.http.services.portainer.loadbalancer.server.port=9000"
        
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data

volumes:
  portainer_data:

networks:
  management_network:
    external: true

Certificates all correctly configured, running in a docker swarm 3 nodes
Node 01: 10.1.5.6
Node 02: 10.1.5.7
Node 03: 10.1.5.8
A floating IP address: 10.1.5.3 (that can hope to any node if one goes dark)
Trying to access the dashboard it says 404 not found

Assuming you are talking about the Traefik /dashboard/.

needs label

Check simple Traefik Swarm example for best practice.

Note this should probably be swarm, too:

I feel I am getting closer to the solution but still out of my reach here is my current configuration file based on the github template
Please note proxy.homenet.lan points to a floating IP address that can migrate to any of the three nodes (keepalived), I have done the same to whoami.homenet.lan (points to the floating node), currently the ip is on node 01 (docker01.homenet.lan)

version: '3'

services:
  traefik:
    image: traefik:v3.1
    hostname: '{{.Node.Hostname}}'
    ports:
      # listen on host ports without ingress network
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - "/etc/certs/homenet.lan.crt:/etc/certs/homenet.lan.crt:ro"
      - "/etc/certs/homenet.lan.key:/etc/certs/homenet.lan.key:ro"
      - "/etc/traefik/tls.yml:/etc/traefik/tls.yml:ro"
      - /var/log:/var/log
    command:
      - --api.dashboard=true
      - --log.level=DEBUG
      - --log.filepath=/var/log/traefik.log
      - --accesslog=true
      - --providers.file.filename=/etc/traefik/tls.yml
      - --accesslog.filepath=/var/log/traefik-access.log
      - --providers.swarm.exposedByDefault=false
      - --providers.swarm.network=proxy
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.asDefault=true
      #- --entrypoints.websecure.http.tls.domains[0].main=homenet.lan
      #- --entrypoints.websecure.http.tls.domains[0].sans=*.homenet.lan
      
      #- --entrypoints.websecure.http.tls.certresolver=myresolver
      #- --certificatesresolvers.myresolver.acme.email=mail@example.com
      #- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
      #- --certificatesresolvers.myresolver.acme.tlschallenge=true
    deploy:
      mode: global
      placement:
        constraints:
          - node.role==manager
      labels:
        - traefik.enable=true
        - traefik.http.routers.mydashboard.rule=Host(`proxy.homenet.lan`)
        - traefik.http.routers.mydashboard.service=api@internal
        - traefik.http.routers.mydashboard.middlewares=myauth
        - traefik.http.services.mydashboard.loadbalancer.server.port=1337
        - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

  whoami:
    image: traefik/whoami:v1.10
    hostname: '{{.Node.Hostname}}'
    networks:
      - proxy
    deploy:
      mode: global
      labels:
        - traefik.enable=true
        - traefik.http.routers.whoami.rule=Host(`whoami.homenet.lan`)
        - traefik.http.services.whoami.loadbalancer.server.port=80

networks:
  proxy:
    name: proxy
    driver: overlay
    attachable: true

when i try to access
https://proxy.homenet.lan i still get 404 if I run the command on either node01, node02, node03 if I run the command elsewhere it can resolve the ip address but doesn't connect

Enable and check Traefik debug log (doc) and also Traefik access log in JSON format (doc).

Are all nodes Docker Swarm managers? Traefik configuration discovery only works on Swarm managers.

Your approach with multiple Traefik replicas and tlsChallenge does not work. Traefik LetsEncrypt is not cluster-enabled. When you have multiple instances, you should probably use dnsChallenge (example).

One Traefik instance with floating IP will probably get a LetsEncrypt TLS cert with tlsChallnege, but the others won't. Even if you place acme.json on a shared folder, Traefik won't automatically reload it. So as soon as the floating IP moves, the new target Traefik will be without TLS cert.

1. All Nodes are managers and I can see that its running on all nodes.
2. I have completed disabled LetsEncrypt I am using my own static SSL certs with

• --providers.file.filename=/etc/traefik/tls.yml
  and inside tls.yml I have

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/certs/homenet.lan.crt
        keyFile: /etc/certs/homenet.lan.key

i have verified that with openssl s_client -connect the SSL certificate is properly configured, the issue is my routers both the dashboard and whoami are returning 404 not found

Enable and check Traefik debug log (doc), are labels read and routers created?

Enable and check Traefik access log in JSON format (doc), what’s the output during requests?

Well I disabled the authentication I was getting Unauthorized response,
running the curl command I am getting the following:

* Connected to proxy.homenet.lan (10.1.5.3) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://proxy.homenet.lan/dashboard/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: proxy.homenet.lan]
* [HTTP/2] [1] [:path: /dashboard/]
* [HTTP/2] [1] [user-agent: curl/8.12.1]
* [HTTP/2] [1] [accept: */*]
> GET /dashboard/ HTTP/2
> Host: proxy.homenet.lan
> User-Agent: curl/8.12.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Request completely sent off
< HTTP/2 200
< accept-ranges: bytes
< content-security-policy: frame-src 'self' https://traefik.io https://*.traefik.io;
< content-type: text/html; charset=utf-8
< content-length: 1153
< date: Fri, 04 Jul 2025 13:38:58 GMT
<
<!DOCTYPE html><html><head><title>Traefik</title><meta charset=utf-8><meta name=description content="Traefik UI"><meta name=format-detection content="telephone=no"><meta name=msapplication-tap-highlight content=no><meta name=viewport content="user-scalable=no,initial-scale=1,maximum-scale=1,minimum-scale=1,width=device-width"><link rel=icon type=image/png href=./app-logo-128x128.png><link rel=icon type=image/png sizes=16x16 href=./icons/favicon-16x16.png><link rel=icon type=image/png sizes=32x32 href=./icons/favicon-32x32.png><link rel=icon type=image/png sizes=96x96 href=./icons/favicon-96x96.png><link rel=icon type=image/ico href=./icons/favicon.ico><link rel=apple-touch-icon href=./icons/apple-icon-152x152.png><link rel=apple-touch-icon sizes=152x152 href=./icons/apple-icon-152x152.png><link rel=apple-touch-icon sizes=167x167 href=./icons/apple-icon-167x167.png><link rel=apple-touch-icon sizes=180x180 href=./icons/apple-icon-180x180.png>  <script type="module" crossorigin src="./assets/index-C5fSJgMa.js"></script>
  <link rel="stylesheet" crossorigin href="./assets/index-jjiyEA_O.css">
* Connection #0 to host proxy.homenet.lan left intact
</head><body><div id=q-app></div></body></html>

This is clearly a dashboard page, but when i open using a browser... nothing a time out.
I then decided to use a regex so i can do proxy.homenet.lan(floating ip) or proxy01.homenet.lan, proxy02.homenet.lan and proxy03.homenet.lan, using the following HostRegexp(proxy(0[1-3])?.homenet.lan)
connecting directly to the docker proxy01,proxy02 or proxy03 I can get the dashboard to open, I really really want to use the following IP address