Docker Traefik Headers not set

deeztek · September 28, 2020, 2:05pm

I can't seem to get Traefik to set headers:

I have the following labels in my docker-compose.yml file:

services:
  nextcloud:
    image: 'nextcloud:latest'
    container_name: nextcloud
    build: .
    networks:
      - proxy
      - nextcloud

    volumes:
      - nextcloud:/var/www/html

    environment:
      - TZ=$TIMEZONE
      - MYSQL_HOST=$MYSQL_HOST
      - MYSQL_DATABASE=$MYSQL_DATABASE
      - MYSQL_USER=$MYSQL_USER
      - MYSQL_PASSWORD=$MYSQL_PASSWORD
      - REDIS_HOST=nextcloud_redis
      - REDIS_HOST_PASSWORD=$REDIS_PASSWORD
      - NEXTCLOUD_ADMIN_USER=$NEXTCLOUD_ADMIN_USER
      - NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_ADMIN_PASSWORD
      - SMTP_HOST=$SMTP_HOST
      - SMTP_SECURE=$SMTP_SECURE
      - SMTP_PORT=$SMTP_PORT
      - SMTP_AUTHTYPE=$SMTP_AUTHTYPE
      - SMTP_NAME=$SMTP_NAME
      - SMTP_PASSWORD=$SMTP_PASSWORD
      - MAIL_FROM_ADDRESS=$MAIL_FROM_ADDRESS
      - MAIL_DOMAIN=$MAIL_DOMAIN
      - APACHE_DISABLE_REWRITE_IP=1
      - TRUSTED_PROXIES=192.168.80.0/20

    depends_on:
      - nextcloud_redis
    restart: unless-stopped

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.cloud.entrypoints=http"
  - "traefik.http.routers.cloud.rule=Host(`$HOST.$DOMAIN`)"
  - "traefik.http.middlewares.cloud-https-redirect.redirectscheme.scheme=https"
  - "traefik.http.routers.cloud.middlewares=cloud-https-redirect"
  - "traefik.http.routers.cloud-secure.entrypoints=https"
  - "traefik.http.routers.cloud-secure.rule=Host(`$HOST.$DOMAIN`)"
  - "traefik.http.routers.cloud-secure.tls=true"
  - "traefik.http.routers.cloud-secure.tls.certresolver=le"
  - "traefik.http.routers.cloud-secure.service=cloud"
  - "traefik.http.services.cloud.loadbalancer.server.port=80"
  - "traefik.docker.network=proxy"
  - "traefik.http.middlewares.cloud.headers.customFrameOptionsValue=SAMEORIGIN"
  - "traefik.http.middlewares.cloud.headers.framedeny=true"
  - "traefik.http.middlewares.cloud.headers.sslredirect=true"
  - "traefik.http.middlewares.cloud.headers.STSIncludeSubdomains=true"
  - "traefik.http.middlewares.cloud.headers.STSPreload=true"
  - "traefik.http.middlewares.cloud.headers.STSSeconds=315360000"
  - "traefik.http.middlewares.cloud.headers.forceSTSHeader=true"
  - "traefik.http.middlewares.cloud.headers.sslProxyHeaders.X-Forwarded-Proto=https"
  - "traefik.http.middlewares.cloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
  - "traefik.http.middlewares.cloud-dav.replacepathregex.replacement=/remote.php/dav/"

I have also verified under Traefik HTTP Middlewares that the cloud@docker is showing the following:

STS SECONDS 315360000
STS INCLUDE SUBDOMAINS True
STS PRELOAD True
FORCE STS HEADER True
FRAME DENY True

Yet I'm not seeing those response headers. I'm sure I'm doing something stupid but I can't figure out what.

Thanks in advance

cakiwi · September 28, 2020, 2:42pm

Hi @deeztek

I only see one router with a middlewares statement.
So the middleware is defined but not referenced.

deeztek · September 28, 2020, 3:22pm

I guess I'm confused. For example, the middleware below should be like this?

- "traefik.http.middlewares.cloud-https-redirect.headers.STSSeconds=315360000"

cakiwi · September 28, 2020, 5:51pm

So you have defined the middleware correctly, you see it in the traefik dashboard.

The problem is no routers are using it. You likely want to add this label:

- "traefik.http.routers.cloud-secure.middlewares=cloud"

This line is superfluous as this is the container the route applies to.

  - "traefik.http.routers.cloud-secure.service=cloud"

deeztek · September 28, 2020, 7:28pm

Adding the below label as you suggested:

- "traefik.http.routers.cloud-secure.middlewares=cloud"

Breaks the container with the following error:

cannot create middleware: multi-types middleware not supported, consider declaring two different pieces of middleware instead

I'm guessing because the following label already exists:

- "traefik.http.routers.cloud.middlewares=cloud-https-redirect"

cakiwi · September 28, 2020, 7:45pm

That is on a different router (cloud) it doesn't look like a conflict.

This sounds like there is an additional middleware type being added on a middleware definition. There might be additional context with that error that shows which one.

Were the any other changes made? What does the full labels section look like now ?

zespri · October 1, 2020, 10:21am

If you have two labels starting with

traefik.http.middlewares.name.addprefix
traefik.http.middlewares.name.basicauth

where addprefix and basicauth are some arbitrary middlewares, and the name is the same middleware (instance) name you will get the error you are seeing. make sure that you do not have anything like that (even across different containers)

Topic		Replies	Views
Traefik2 + Nextcloud = tons of errors Traefik v2 docker	1	693	February 11, 2024
Nextcloud behind Traefik2 - how? Traefik v2 docker	2	11461	November 3, 2021
Very confused -- Traefik works for 1 container and not a 2nd one with same config? Traefik v2 docker	0	429	May 13, 2020
Middleware does not exist with nextcloud Traefik v2 docker	5	76	October 26, 2024
Problem with cyphers and HSTS Traefik v2 docker	0	1664	November 25, 2019

Docker Traefik Headers not set

Related topics