Dashbord Secure Mode - 404 page not found

Hi, I'm trying unsuccessfully to configure the traefik dashboard in secure mode. I tried to follow the doc and a tutorial on the traefik blog, but I still couldn't solve it.

the page appears with ssl certificate active, but has the message: "404 page not found"

Any tips?

reverse-proxy:
    image: traefik:v2.4
    restart: always
    command: 
      - "--api.dashboard=true"  
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      - "--certificatesresolvers.ssl.acme.email=email@mail"
      - "--certificatesresolvers.ssl.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.ssl.acme.httpchallenge=true"
      - "--certificatesresolvers.ssl.acme.httpchallenge.entrypoint=web"
      - "--providers.docker.exposedByDefault=false"
    labels:
      - "traefik.enable=true"
      # global redirect to https 
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      ## api-secure
      - "traefik.http.routers.dashboard.rule=Host(`sub.dominio.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.routers.dashboard.tls.certresolver=ssl"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.middlewares.auth.basicauth.users=test:xxx"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro" 
      - "./letsencrypt:/letsencrypt"

• https://traefik.io/blog/traefik-2-0-docker-101-fc2893944b9d/
• Dashboard - Traefik

best

Hi @rafaelrdealmeida

Are you just missing the training / after https://sub.dominio.com/dashboard/ ?

Hey there!

I'm facing the same problem and from what I have found on the forum so far, I'd say that it's because the labels in the docker-compose.yml are not part of the dynamic configuration, but of the static configuration.

The dashboard router configuration needs to be part of the dynamic configuration, though. So you'd probably have to configure it via a traefik.toml or traefik.yml by activating the file provider and adding the correct volume.

This needs confirmation, though!

It'd be really convenient if one could configure the dashboard router via the labels in the docker-compose.yml.

Actually, service labels in docker-compose are a way to provide a dynamic configuration to traefik.
The static configuration can be expressed using arguments to traefik or by using a traefik.toml of traefik.yml file.

Routers configuration are part of the dynamic configuration, thus you need to provide (via the use of a provider) some kind of dynamic configuration to traefik.

For example, you'll find in my own traefik configuration that uses command to provide a static configuration, and a set of labels and a file provider with a folder to provide the dynamic configuration needed to build middlewares and the traefik dashboard with Secure mode.

Hope it helps

That's it, thanks!

Despite the fact that the trailing slash is mandatory in the examples given in the documentation, they have not been included. This can cause confusion and increase questions on the forum.

I made a pull request about adjusting this in the documentation

/dashboard/ works here, but /api/ still no. Is any adjustment still needed and I missed it?
config docker-compose:

reverse-proxy:
    image: traefik:v2.4
    restart: always
    command: 
      - "--api.dashboard=true"  
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      - "--certificatesresolvers.ssl.acme.email=email@mail"
      - "--certificatesresolvers.ssl.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.ssl.acme.httpchallenge=true"
      - "--certificatesresolvers.ssl.acme.httpchallenge.entrypoint=web"
      - "--providers.docker.exposedByDefault=false"
    labels:
      - "traefik.enable=true"
      # global redirect to https 
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      ## api-secure
      - "traefik.http.routers.dashboard.rule=Host(`sub.dominio.com`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.routers.dashboard.tls.certresolver=ssl"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.middlewares.auth.basicauth.users=test:xxx"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro" 
      - "./letsencrypt:/letsencrypt"

Is the dashboard loading? Or are you trying to hit the /api/ endpoint directly ?

I'm using your config(letsencrypt disabled) fine.

The endpoints for api are documented here:
https://doc.traefik.io/traefik/operations/api/#endpoints

I got confused here, sorry. I thought that the api and dashboard pointed to the same place and from there I saw the endpoints, but the api in this case is itself "# /http/services", for example, correct?