I want to use both, docker labels and the file provider, to create routes.
However the file provider loads without errors but I cannot see the routes getting shown in the dashboard, which I provided in the file dynamic.yaml.
compose.yml:
services:
docker-socket-proxy:
image: 11notes/socket-proxy:latest
container_name: docker-socket-proxy
read_only: true
user: 0:988
networks:
- proxy
ports:
- 2375:2375/tcp
environment:
TZ: Europe/Berlin
volumes:
- /run/docker.sock:/run/docker.sock:ro
- socket-proxy.run:/run/proxy
restart: always
traefik:
image: traefik:v3.5
container_name: traefik
restart: unless-stopped
depends_on:
- docker-socket-proxy
networks:
- proxy
ports:
- 80:80
- 443:443
- 10.8.0.2:8080:8080 #Restrict to wireguard interface
environment:
- CF_DNS_API_TOKEN=<redacted>
- TZ=Europe/Berlin
volumes:
- ./acme:/data/acme
- ./dynamic:/data/dynamic
- ./logs:/data/logs
- ./traefik.yml:/etc/traefik/traefik.yml
healthcheck:
test:
- CMD
- curl
- -f
- http://localhost:19999
interval: 60s
timeout: 10s
retries: 3
labels:
- traefik.http.routers.certs.entrypoints=websecure
- traefik.http.routers.certs.rule=Host(`<redacted>`)
- traefik.http.routers.certs.tls=true
- traefik.http.routers.certs.tls.certresolver=cloudflare
- traefik.http.routers.certs.service=api@internal
- traefik.http.routers.certs.tls.domains[0].main=domain.tld
- traefik.http.routers.certs.tls.domains[0].sans=*.domain.tld
- traefik.http.routers.certs.tls.domains[1].main=domain2.tld
- traefik.http.routers.certs.tls.domains[1].sans=*.domain2.tld
networks:
proxy:
external: true
volumes:
socket-proxy.run: null
traefik.yml:
log:
level: DEBUG
accessLog:
format: json
filePath: /data/logs/accesslogs.log
api:
dashboard: true
insecure: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
providers:
docker:
endpoint: "tcp://docker-socket-proxy:2375"
exposedByDefault: false
network: proxy
file:
directory: "/data/dynamic"
watch: true
certificatesResolvers:
cloudflare:
acme:
email: <redacted>
storage: /data/acme/acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
experimental:
plugins:
traefik-oidc-auth:
modulename: github.com/sevensolutions/traefik-oidc-auth
version: v0.16.0
dynamic.yml:
http:
routers:
whoami1:
rule: "Host(`whoami1.domain.tld`)"
entryPoints:
- websecure
tls:
certResolver: cloudflare
service: whoami1
whoami2:
rule: "Host(`whoami2.domain.tld`)"
entryPoints:
- websecure
tls:
certResolver: cloudflare
service: whoami2
services:
whoami1:
loadBalancer:
server:
- url: http://10.8.0.4:8080
whoami2:
loadBalancer:
server:
- url: http://10.8.0.8:8080
logs (part of):
i can see that it loads the file or at least creates a watcher on that file:
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /data/dynamic
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /data/dynamic/dynamic.yml
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:108 > Traefik version 3.5.3 built on 2025-09-26T09:20:00Z version=3.5.3
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/cmd/"file":{"directory":"/data/dynamic","watch":true},"providersThrottleDuration":"2s"},"serversTransport":{"maxIdleConnsPerHost":200},"tcpServersTransport":{"dialKeepAlive":"15s","dialTimeout":"30s"}}
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:636 >
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:241 > Loading plugins... plugins=["traefik-oidc-auth"]
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/plugins/plugins.go:30 > Installing plugin: traefik-oidc-auth: github.com/sevensolutions/traefik-oidc-auth@v0.16.0
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:251 > Plugins loaded. plugins=["traefik-oidc-auth"]
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:73 > Starting provider aggregator *aggregator.ProviderAggregator
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:237 > Starting TCP Server entryPointName=web
server/server_entrypoint_tcp.go:237 > Starting TCP Server entryPointName=websecure
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:206 > Starting provider *file.Provider
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:207 > *file.Provider provider configuration config={"directory":"/data/dynamic","watch":true}
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /data/dynamic
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /data/dynamic/dynamic.yml
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:206 > Starting provider *traefik.Provider
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:206 > Starting provider *acme.ChallengeTLSALPN
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:207 > *traefik.Provider provider configuration config={}
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:206 > Starting provider *docker.Provider
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:207 > *docker.Provider provider configuration config={"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"tcp://docker-socket-proxy:2375","network":"proxy","watch":true}
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:207 > *acme.ChallengeTLSALPN provider configuration config={}
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:206 > Starting provider *acme.Provider
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:207 > *acme.Provider provider configuration config={"HTTPChallengeProvider":{},"ResolverName":"cloudflare","TLSChallengeProvider":{},"caServer":"https://acme-v02.api.letsencrypt.org/directory","certificatesDuration":2160,"clientResponseHeaderTimeout":"30s","clientTimeout":"2m0s","dnsChallenge":{"provider":"cloudflare","resolvers":["1.1.1.1:53","8.8.8.8:53"]},"email":"<redacted>","keyType":"RSA4096","storage":"/data/acme/acme.json","store":{}}
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:245 > Attempt to renew certificates "720h0m0s" before expiry and check every "24h0m0s" acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=cloudflare.acme
traefik | 2025-10-28T08:12:18+01:00 INF github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:901 > Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=cloudflare.acme
traefik | 2025-10-28T08:12:18+01:00 DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{},"tcp":{},"tls":{},"udp":{}} providerName=file