Dashboard returns 404 after switching to HTTPS

Traefik Traefik v2
1

Hello,

Thanks in advance for your help.

I run traefik in a docker swarm on manager node.

With insecure api everything works fine, but when I switch to HTTPS I get a 404 when accessing traefik.mydomain.com/dashboard.

On the other hand authentication middleware and certificate generation work as expected.

traefik.yml


log:

  level: DEBUG

api:

  dashboard: true

 # insecure: true

entryPoints:

  web:

    address: ":80"

    http:

      redirections:

        entrypoint:

          to: websecure

          scheme: https

  websecure:

    address: ":443"

providers:

  docker:

    endpoint: "unix:///var/run/docker.sock"

    network: traefik_default

    exposedByDefault: false

    swarmMode: true

    watch: true

docker-compose


    labels:

        - "traefik.enable=true"

        

        - "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"

        - "traefik.http.routers.api.entrypoints=websecure"

        - "traefik.http.routers.api.tls=true"

        - "traefik.http.routers.api.tls.certResolver=myresolver"

        - "traefik.http.routers.api.service=api@internal"

        - "traefik.http.routers.api.middlewares=traefik-auth"

        - "traefik.http.services.noop.loadbalancer.server.port=888" 

        - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$2y$$10$$b...."
2

I don’t see myresolver defined anywhere, what is you cert resolver definition?

3

Remove this from your yml for now, it shouldn’t be needed unless you are trying to constrain.

4

My cert resolver is located in traefik.yml and looks like this (neccesary auth info is provided via docker-compose)

certificatesresolvers:
  myresolver:
    acme:
      email: myemail@provider.com
      storage: /letsencrypt/acme.json
      dnschallenge:
        provider: netcup

Cert generation is working though...

1 Like
5

I'm running a small dev/testing stack with services available through traefik and some directly accessible. My idea was to seperate them on network level but I'll remove it for testing purposes. Thanks!

6

cool, here are mine, not sure how else to help, this is working.

api:
  dashboard: true
  debug: true

log:
  level: FATAL

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
    http:
      tls:
        certResolver: letsencrypt

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    swarmMode: true
    exposedByDefault: false
  file:
    directory: /data/sites-enabled
    watch: true

certificatesResolvers:
  letsencrypt:
    acme:    
      email: user@mydomain.com
      storage: /data/acme.json
      certificatesDuration: 72
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
          - "9.9.9.9:53"

and here are my labels (i will assume you have the volume all correct and ports published (you are explicitly publishing ports in the docker compose file / stack right?)

      labels:
        - "traefik.enable=true"
        #Traefik Router Setup
        - "traefik.http.routers.traefik.rule=Host(`traefik.mydomain.com`)"
        - "traefik.http.routers.traefik.service=api@internal"
        - "traefik.http.routers.traefik.entrypoints=https"
        - "traefik.http.routers.traefik.middlewares=basic-auth@file"
        
        # Dashboard Service Setup
        - "traefik.http.services.dashboard.loadbalancer.server.port=8081"

all of these labels seem to be required in swarm when dashboard is secure mode and https acme is used - removal of anyone of these labels and it will fail. BTW you don't need the && path - IIRC that might have broken mine when i tried it (i found ZERO blogs, articles etc that showed how to get this right in swarm despite what said articles claimed)

7

i did reply, akismet blocked it, no idea why, hopefully my detailed reply will show up :slight_smile:
my post includes my working setup - took me about 6 hours to figure it out :frowning: none of the blogs / articles / or docs were entirely correct..... very annoying. If i my other post doesn't work you may have to share the whole of your compose/stack. (i can share mine, i don't be default as my use of configs and gluster file system plugin confuses people, lol)

8

I can hardly believe it but that was exactly the solution.

traefik documentation states:

We recommend to use a "Host Based rule" as Host(traefik.example.com) to match everything on the host domain, or to make sure that the defined rule captures both prefixes:

but serves a combination of both as configuration example.

# The dashboard can be accessed on http://traefik.example.com/dashboard/
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"

Thanks a lot!

1 Like
9

Glad it helped.

I can believe it. I found while learning that the documents are inconsistent and wrong in multiple places. Not to mention confusing. Yes they are pretty - but i would go for accuracy over pretty any day. Plus why some directives have examples in file, docker, comman, env var and some don't have all examples - very annoying. Oh and sometimes the key pairs is the 'dotted' docker label notation match the json file directive names, and some times they dont. total mess

nginx CE docs might be fugly as hell, but they are darn accurate and usable..... (yeah thrown down :slight_smile: lol)

2 Likes
10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.