Hey there,
I'm wondering about some errors in my traefik container:
traefik | 2023-04-28T16:24:13.898709546Z time="2023-04-28T16:24:13Z" level=error msg="middleware \"basic-auth@file\" does not exist" entryPointName=traefik-dashbaord routerName=traefik-dashbaord@docker
traefik | 2023-04-28T16:24:13.900876770Z time="2023-04-28T16:24:13Z" level=error msg="middleware \"default@file\" does not exist" entryPointName=websecure routerName=whoami@docker
traefik | 2023-04-28T16:24:13.901339924Z time="2023-04-28T16:24:13Z" level=error msg="middleware \"default-ratelimit@file\" does not exist" entryPointName=websecure routerName=wordpress@docker
traefik | 2023-04-28T16:24:13.901815322Z time="2023-04-28T16:24:13Z" level=error msg="middleware \"basic-auth@file\" does not exist" entryPointName=websecure routerName=wp-admin@docker
traefik | 2023-04-28T16:24:13.902122089Z time="2023-04-28T16:24:13Z" level=error msg="middleware \"default@file\" does not exist" entryPointName=websecure routerName=ninja-nginx@docker
When I start the traefik container for the first time, no errors are logged so far.
As soon as I save the dynamic config file, the errors mentioned above appear in the container's logs.
Traefik docker-compose.yml
version: "3.8"
services:
traefik:
# The official v2 Traefik docker image
image: traefik:latest
container_name: traefik
restart: always
env_file: .env
ports:
- "80:80"
- "443:443"
- "8080:8080"
networks:
- "traefik_ext"
volumes:
# So that Traefik can listen to the Docker events
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# Dynamic configuration files
- "./conf:/conf"
# Enable Access Log
- "./logs/:/var/log/www/"
# LetsEncrypt Configuration Storage
- "./ssl:/ssl"
command:
# Send usage statistics (or not)
- "--global.sendAnonymousUsage=false"
# By default, the level is set to ERROR. Alternative logging levels are
# DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
- "--log.level=WARN"
# Enable Access Log
- "--accesslog.filepath=/var/log/www/access.log"
# Enable Dashboard
- "--api.insecure=false"
- "--api.dashboard=true"
- "--api.debug=true"
# We are using Docker
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
# (Optional) Set default hostname if not given explicitly
- "--providers.docker.defaultRule=Host(`${CUSTOM_HOSTNAME}`)"
# Listen on port 80 (http)
- "--entrypoints.web.address=:80"
# Listen on port 443 (https)
- "--entrypoints.websecure.address=:443"
# Listen on port 8080 (traefik Dashboard)
- "--entrypoints.traefik-dashbaord.address=:8080"
# Watch dynamic configuration file
- "--providers.file.directory=/conf"
- "--providers.file.watch=true"
# Automaticly redirect from http to https
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
################ START SSL configuration ################
# ---------> Cloudflare <---------
# DNS challenge via Cloudflare
- "--certificatesresolvers.cloudflare.acme.email=${ACME_EMAIL}"
- "--certificatesresolvers.cloudflare.acme.storage=/ssl/acme.json"
- "--certificatesresolvers.cloudflare.acme.dnsChallenge.provider=cloudflare"
- "--certificatesresolvers.cloudflare.acme.dnsChallenge.delayBeforeCheck=60"
- "--certificatesresolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53"
# (Optional) Use testing server before receiving the productive ssl certificate
#- --certificatesresolvers.cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
- "--entrypoints.websecure.http.tls.domains[0].main=${CUSTOM_HOSTNAME}"
# (Optional) Use only, if you are able to receive a wildcard ssl certificate
- "--entrypoints.websecure.http.tls.domains[0].main=*.${CUSTOM_HOSTNAME}"
# --------------------------------
################ END SSL configuration ################
labels:
# Enable Traefik
- "traefik.enable=true"
# Set Network to use
- "traefik.docker.network=traefik_ext"
# Set service type
- "traefik.http.routers.traefik-dashbaord.service=api@internal"
# Load dynamic config from conf/*.yml
- "traefik.http.routers.traefik-dashbaord.middlewares=default@file,basic-auth@file"
# Define entrypint to use
- "traefik.http.routers.traefik-dashbaord.entrypoints=traefik-dashbaord"
# Define Hostname and path
- "traefik.http.routers.traefik-dashbaord.rule=Host(`traefik.${CUSTOM_HOSTNAME}`) && PathPrefix(`/api`,`/dashboard`)"
# Enable SSL/TLS
- "traefik.http.routers.traefik-dashbaord.tls=true"
- "traefik.http.routers.traefik-dashbaord.tls.certResolver=cloudflare"
# (OPTIONAL) Start a small container to check if SSL and routing works as expected
whoami:
image: traefik/whoami
container_name: whoami
restart: unless-stopped
depends_on:
- traefik
env_file: .env
labels:
# Enable Traefik
- "traefik.enable=true"
# Set Network to use
- "traefik.docker.network=traefik_ext"
# Load dynamic config
- "traefik.http.routers.whoami.middlewares=default@file"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certResolver=cloudflare"
# Use EITHER an own subdomain
# - "traefik.http.routers.whoami.rule=Host(`whoami.${CUSTOM_HOSTNAME}`)"
# OR an own domain path
- "traefik.http.routers.whoami.rule=Host(`${CUSTOM_HOSTNAME}`) && PathPrefix(`/whoami`)"
networks:
- "traefik_ext"
# Create networks manually before starting this compose
networks:
# docker network create traefik_ext
traefik_ext:
external: true
# docker network create traefik_int --internal
#traefik_int:
# external: true
dynamic-http.yml
---
http:
middlewares:
basic-auth:
basicAuth:
users:
# myusername:mysafepassword
- "myusername:$2y$05$Tx/.9qaFoZiLi41ZDvO1fOqiSohhuAr8jf9yEbQxZWlqANMKQYnYe"
gzip:
compress: {}
security-headers:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
frameDeny: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
referrerPolicy: "no-referrer"
customRequestHeaders:
X-Forwarded-Proto: "https"
strict-ratelimit:
rateLimit:
average: 10
burst: 50
default-ratelimit:
rateLimit:
average: 100
burst: 50
high-ratelimit:
rateLimit:
average: 1000
burst: 500
default:
chain:
middlewares:
- "security-headers"
- "gzip"
dynamic-tls.yml
---
tls:
options:
default:
minVersion: VersionTLS12
sniStrict: true
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
I've defined the same line for different services to activate middlewares described in dynamic-*.yml
For example:
- "traefik.http.routers.wordpress.middlewares=default@file,default-ratelimit@file"- "traefik.http.routers.wp-admin.middlewares=default@file,strict-ratelimit@file,basic-auth@file"- traefik.http.routers.ninja-nginx.middlewares=default@file
Within the Traefik dashboard, all middlewares seem to be loaded correctly:
Any idea what's wrong or why the error logs appear as soon as saving the dynamic config file?
Thanks in advance
@xenion1987