Docker Compose: '500 Internal Server Error' caused by: unsupported protocol scheme \"\"

Hey everyone, I'm just getting started in the world of home servers and wanted to setup Traefik as my reverse proxy. I'm currently running everything on Proxmox using different vm's and containers to group like services. Due to this, I'm trying to add external services using a dynamic config file, but everything I add just resolves to a '500 Internal Server Error' caused by: unsupported protocol scheme \"\". Even services running on the same machine in the same network. I'm sure I'm missing something in my config somewhere, but I can't see it for the life of me.

If I exec into the traefik container, I can reach the services over the network, so I know the container is able to see the other services. Any suggestions would be greatfully appreciated. I am still new to this stuff, so please be patient with me. Thanks in advance.

Docker Compose

version: "3.5"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      proxy:
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=email@email.com
      - CF_DNS_API_TOKEN=[TOKEN]
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /mnt/docker/configs/traefik.yml:/traefik.yml:ro
      - /acme_config/acme.json:/acme.json
      - /mnt/docker/configs/config.yml:/config.yml:ro
      - /mnt/docker/logs:/var/log/traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.example.ca`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=[USER:PASSWORD]"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.example.ca`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=example.ca"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.example.ca"
      - "traefik.http.routers.traefik-secure.service=api@internal"

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    networks:
      proxy:
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "81:80/tcp"
    environment:
      TZ: 'America/Toronto'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    volumes:
      - '/mnt/docker/piholeConfig/pihole:/etc/pihole'
      - '/mnt/docker/piholeConfig/dnsmasq.d:/etc/dnsmasq.d'
    restart: unless-stopped

networks:
  proxy:
    name: proxy
    external: true

Traefik.yml

log:
  level: DEBUG
  filePath: '/var/log/traefik/traefik.log'
accesslog: {}
api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ':80'
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ':443'
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: 'unix:///var/run/docker.sock'
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: email@email.com
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - '1.1.1.1:53'
          - '1.0.0.1:53'

Config.yml

http:
  routers:
    jellyfin:
      entryPoints:
        - 'https'
        - 'http'
      rule: 'Host(`jellyfin.example.ca`)'
      middlewares:
        - default-headers
        - https-redirect
      service: jellyfin
      tls: {}
    pihole:
      entryPoints:
        - 'https'
        - 'http'
      rule: 'Host(`pihole.example.ca`)'
      middlewares:
        - default-headers
        - https-redirect
      service: pihole
      tls: {}
  services:
    jellyfin:
      loadBalancer:
        servers:
          -url: '10.0.0.203:8096'
        passHostHeader: true
    pihole:
      loadBalancer:
        servers:
          -url: 'https://10.0.0.254:81'
        passHostHeader: true
  serversTransports:
    sonarr:
      insecureSkipVerify: true
  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    secured:
      chain:
        middlewares:
          - default-headers

Start by simplifying the middlewares in labels and config.yml: you don't need traefik-https-redirect and sslheader. You have the redirect declared on entrypoint and Traefik adds the header by itself.

That's a good point. I had noticed that before and I plan on cleaning it up after I get the reverse proxy working. It's more of a minor thing as far as I know. I might as well do it now though, while I'm stuck and waiting.

What are you waiting for? Start debugging and testing. Remove everything, then add it back, piece by piece, to find the piece that creates the error.

Good point. I guess I was avoiding doing that because of my unfamilarity with this stuff and I was hoping it was just something simple that someone else would be able to point out. I guess my evening will be spent re-doing my setup. I should also consider reading up on the docs a lot more too.

Try without config.yml, then add router/service pairs back to it.

I spent the morning starting over and I've finally got it working. Not sure what the original issue was, but I've got things working now. Turns out the solution in this case was to just start over again. I used a combination of the official docks and some documentation found on Ibracorp. Thanks for suggesting that I don't wait and just do.