Docker Traefik Headers not set

deeztek · September 28, 2020, 2:05pm

I can't seem to get Traefik to set headers:

I have the following labels in my docker-compose.yml file:

services:
  nextcloud:
    image: 'nextcloud:latest'
    container_name: nextcloud
    build: .
    networks:
      - proxy
      - nextcloud

    volumes:
      - nextcloud:/var/www/html

    environment:
      - TZ=$TIMEZONE
      - MYSQL_HOST=$MYSQL_HOST
      - MYSQL_DATABASE=$MYSQL_DATABASE
      - MYSQL_USER=$MYSQL_USER
      - MYSQL_PASSWORD=$MYSQL_PASSWORD
      - REDIS_HOST=nextcloud_redis
      - REDIS_HOST_PASSWORD=$REDIS_PASSWORD
      - NEXTCLOUD_ADMIN_USER=$NEXTCLOUD_ADMIN_USER
      - NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_ADMIN_PASSWORD
      - SMTP_HOST=$SMTP_HOST
      - SMTP_SECURE=$SMTP_SECURE
      - SMTP_PORT=$SMTP_PORT
      - SMTP_AUTHTYPE=$SMTP_AUTHTYPE
      - SMTP_NAME=$SMTP_NAME
      - SMTP_PASSWORD=$SMTP_PASSWORD
      - MAIL_FROM_ADDRESS=$MAIL_FROM_ADDRESS
      - MAIL_DOMAIN=$MAIL_DOMAIN
      - APACHE_DISABLE_REWRITE_IP=1
      - TRUSTED_PROXIES=192.168.80.0/20

    depends_on:
      - nextcloud_redis
    restart: unless-stopped

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.cloud.entrypoints=http"
  - "traefik.http.routers.cloud.rule=Host(`$HOST.$DOMAIN`)"
  - "traefik.http.middlewares.cloud-https-redirect.redirectscheme.scheme=https"
  - "traefik.http.routers.cloud.middlewares=cloud-https-redirect"
  - "traefik.http.routers.cloud-secure.entrypoints=https"
  - "traefik.http.routers.cloud-secure.rule=Host(`$HOST.$DOMAIN`)"
  - "traefik.http.routers.cloud-secure.tls=true"
  - "traefik.http.routers.cloud-secure.tls.certresolver=le"
  - "traefik.http.routers.cloud-secure.service=cloud"
  - "traefik.http.services.cloud.loadbalancer.server.port=80"
  - "traefik.docker.network=proxy"
  - "traefik.http.middlewares.cloud.headers.customFrameOptionsValue=SAMEORIGIN"
  - "traefik.http.middlewares.cloud.headers.framedeny=true"
  - "traefik.http.middlewares.cloud.headers.sslredirect=true"
  - "traefik.http.middlewares.cloud.headers.STSIncludeSubdomains=true"
  - "traefik.http.middlewares.cloud.headers.STSPreload=true"
  - "traefik.http.middlewares.cloud.headers.STSSeconds=315360000"
  - "traefik.http.middlewares.cloud.headers.forceSTSHeader=true"
  - "traefik.http.middlewares.cloud.headers.sslProxyHeaders.X-Forwarded-Proto=https"
  - "traefik.http.middlewares.cloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
  - "traefik.http.middlewares.cloud-dav.replacepathregex.replacement=/remote.php/dav/"

I have also verified under Traefik HTTP Middlewares that the cloud@docker is showing the following:

STS SECONDS 315360000
STS INCLUDE SUBDOMAINS True
STS PRELOAD True
FORCE STS HEADER True
FRAME DENY True

Yet I'm not seeing those response headers. I'm sure I'm doing something stupid but I can't figure out what.

Thanks in advance

cakiwi · September 28, 2020, 2:42pm

Hi @deeztek

I only see one router with a middlewares statement.
So the middleware is defined but not referenced.

deeztek · September 28, 2020, 3:22pm

I guess I'm confused. For example, the middleware below should be like this?

- "traefik.http.middlewares.cloud-https-redirect.headers.STSSeconds=315360000"

cakiwi · September 28, 2020, 5:51pm

So you have defined the middleware correctly, you see it in the traefik dashboard.

The problem is no routers are using it. You likely want to add this label:

- "traefik.http.routers.cloud-secure.middlewares=cloud"

This line is superfluous as this is the container the route applies to.

  - "traefik.http.routers.cloud-secure.service=cloud"

deeztek · September 28, 2020, 7:28pm

Adding the below label as you suggested:

- "traefik.http.routers.cloud-secure.middlewares=cloud"

Breaks the container with the following error:

cannot create middleware: multi-types middleware not supported, consider declaring two different pieces of middleware instead

I'm guessing because the following label already exists:

- "traefik.http.routers.cloud.middlewares=cloud-https-redirect"

cakiwi · September 28, 2020, 7:45pm

That is on a different router (cloud) it doesn't look like a conflict.

This sounds like there is an additional middleware type being added on a middleware definition. There might be additional context with that error that shows which one.

Were the any other changes made? What does the full labels section look like now ?

zespri · October 1, 2020, 10:21am

If you have two labels starting with

traefik.http.middlewares.name.addprefix
traefik.http.middlewares.name.basicauth

where addprefix and basicauth are some arbitrary middlewares, and the name is the same middleware (instance) name you will get the error you are seeing. make sure that you do not have anything like that (even across different containers)

Topic		Replies	Views
Can't get custom response headers middleware to work with Websocket connection Traefik v2 (latest) docker	0	496	July 13, 2022
Use X-Forwarded in Traefik v2 Traefik v2 (latest) middleware	5	18874	January 16, 2022
Traefik not setting Access-Control-Allow-Origin header Traefik v2 (latest) docker , middleware	2	9145	September 29, 2023
Host, PathPrefix, regexredirect and stripprefix Traefik v2 (latest) docker , middleware	3	414	June 23, 2023
Issues with CORS Traefik v2 (latest) middleware	4	6645	July 15, 2020

Docker Traefik Headers not set

Related Topics