ERR_TOO_MANY_REDIRECTS with my new and first setup

Traefik Traefik v3 (latest)
,
1

I have tried setting up a basic traefik instance with a file provider for now. I have gotten the acme dns01-challenge to work, but when trying to access my (locally hosted) service, it gives me the ERR_TOO_MANY_REDIRECTS error. Can someone check my config and tell me whether anything is wrong?

traefik.yml (static config)

api:
  dashboard: true

log:
  level: DEBUG

certificatesResolvers:
  ddnsresolver:
    acme:
      email: ${LETSENCRYPT_EMAIL}
      storage: /certs/acme/alphacraft-ddns.json
      dnschallenge:
        provider: duckdns
        delayBeforeCheck: 120

serversTransport:
  insecureSkipVerify: true

entryPoints:
  http:
    # Listen on port 80 for incoming http requests
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          permanent: true
  https:
    # Listen on port 443 for incoming https requests
    address: ":443"
#    AsDefault: true
    http:
      encodeQuerySemicolons: true
      tls:
#        options: foobar
        certResolver: ddnsresolver
        domains:
          - main: "alpha-craft.duckdns.org"
            sans: "*.alpha-craft.duckdns.org"
    http3:
      advertisedPort: 443
    forwardedHeaders:
      trustedIPs:
        - "192.168.178.1/24"
    proxyProtocol:
      trustedIPs:
        - "192.168.178.1/24"

providers:
  file:
    directory: /etc/traefik/dynamic-conf
    watch: true
#  docker: {}

dynamic-conf/pve.yaml

http:
  routers:
    pve-router:
      entryPoints:
        - "https"
      rule: "Host(`pve.alpha-craft.duckdns.org`)"
      service: pve
      tls:
        certresolver: ddnsresolver
        domains:
          - main: "alpha-craft.duckdns.org"
            sans: "*.alpha-craft.duckdns.org"

  services:
    pve:
      loadBalancer:
        servers:
          - url: "http://192.168.178.20:8006"

docker-compose.yml

version: "3"
services:
  traefik:
    # The official v2 Traefik docker image
    image: traefik:v3.0
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true# --providers.docker
    networks:
      - proxy
    ports:
      # The HTTP port
      - 80:80
      - 8083:8081
      - 443:443
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./dynamic-conf:/etc/traefik/dynamic-conf
      - ./certs:/certs
    env_file: .env
    environment:
      - DUCKDNS_TOKEN=${DUCKDNS_TOKEN}
      - TZ=Europe/Berlin
    labels:
      - diun.enable=true
#      - "traefik.enable=true"
#      - "traefik.http.routers.traefik.entrypoints=http"
#      - "traefik.http.routers.traefik.rule=Host(`traefik.alpha-craft.duckdns.org`)"
#      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
#      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
#      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
#      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
#      - "traefik.http.routers.traefik-secure.entrypoints=https"
#      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.alpha-craft.duckdns.org`)"
#      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
#      - "traefik.http.routers.traefik-secure.tls=true"
#      - "traefik.http.routers.traefik-secure.tls.certresolver=duckdns""
#      - "traefik.http.routers.traefik-secure.tls.domains[0].main=alpha-craft.duckdns.org"
#      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.alpha-craft.duckdns.org"
#      - "traefik.http.routers.traefik-secure.service=api@internal"

#  whoami:
#    image: traefik/whoami
#    labels:
#      - traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)

networks:
  proxy:
    external: true
1 Like
2

What’s the service you are running? Some (like Wordpress) will insist to redirect to the initial URL they were installed with. So if you migrated to a different domain or protocol (https), you might need to re-configure.

Enable Traefik access log in JSON format to see OriginStatus and DownstreamStatus status codes (target service vs Traefik to client).

3

It's ProxMox. It doesn't have a domain at all. With my Nginx Proxy Manager setup it worked. I gotta check the logging thing later though.

4

I tried that, but here is no such entry like OriginStatus or DownstreamStatus. Which log level does it have to be?

5

Access log in JSON (doc), not debug log.

6

Ah, alright. I am going to do that a bit later.

7

Here is my log file:

8

A single line would have been enough :laughing:

"OriginStatus":301

Your target service does not like what it is receiving and is redirecting. Check the logs of the service.

9

I figured it out.by accident. I tried removing the "http://" prefix in the url, to no avail. I did get a 404 error. And in the access log of ProxMox I also had those 301 errors. I accidentally prefixed the url of the load balancers server with "https://" and it suddenly worked. I had missed that the service was internally also using https, with a self-winding certificate. I'm sorry that you had to go through these efforts, but thank you for your help!

10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.