Error msg="middleware \"authelia@docker\" does not exist" entryPointName=websecure routerName=nextcloud@file

Traefik Traefik v3 (latest)
, ,
1

i've been using docker labels so far with great success, but i have hit a hornest nest of a container that wants to be a special butterfly, i cannot use labels for it,
so i have to use dynamic configuration, and i don't want to move everything over.
so far im getting that error, im guessing the dynamic config is loading before authelia is discovered? how do i fix this issue.
if you could include a small example that would be great.

dynamic config.

http:
  routers:
    nextcloud:
      rule: "Host(`nextcloud.mydomain.something`)"
      entrypoints:
        - "websecure"
      service: nextcloud
      middlewares:
        - nextcloud-chain
      tls:
        certresolver: "production"

  services:
    nextcloud:
      loadBalancer:
        servers:
          - url: "http://localhost:11000" # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below

  middlewares:
    nextcloud-secure-headers:
      headers:
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        referrerPolicy: "same-origin"

    nextcloud-chain:
      chain:
        middlewares:
          # - ... (e.g. rate limiting middleware)
          - nextcloud-secure-headers

traefik config.

global:
  checkNewVersion: false
  sendAnonymousUsage: false



# -- (Optional) Enable API and Dashboard here, don't do in production
api:
  dashboard: true
  insecure: true

# -- Change EntryPoints here...
entryPoints:
  web:
    address: :81
    # -- (Optional) Redirect all HTTP to HTTPS
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: :444
    http:
      middlewares:
        - authelia@docker

# -- Configure your CertificateResolver here...
certificatesResolvers:
  staging:
    acme:
      email: my email
      storage: /etc/traefik/certs/acme.json
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
#       -- (Optional) Remove this section, when using DNS Challenge
      httpChallenge:
        entryPoint: web

  production:
    acme:
      email: my email
      storage: /etc/traefik/certs/acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
#       -- (Optional) Remove this section, when using DNS Challenge
      httpChallenge:
        entryPoint: web

providers:
  docker:
    exposedByDefault: false
  file:
    directory: /etc/traefik/conf/
    watch: true


serversTransport:
  insecureSkipVerify: true

accessLog: {}
log:
  level: ERROR

NOTE: ONLY this one route is not working, my many label routes works fine.

2

Add the authelia middleware to a dynamic config file. This is especially useful as not only the Docker provider might load slower, but what happens if the container crashes, then the middleware definition would not be available.

From labels reference it as authelia@file.

3

im adding

http:
  routers:
    authelia:
      rule: Host(`auth..mydomain.domain`)
      entrypoints:
        - websecure
      tls:
        certresolver: production
      middlewares:
        - authelia-mw
  middlewares:
    authelia-mw:
      headers:
        STSSeconds: 315360000
        STSIncludeSubdomains: true
        STSPreload: true
        forceSTSHeader: true
    authelia:
      forwardAuth:
        address: http://localhost:9091/api/verify?rd=https://auth.mydomain.domain
        trustForwardHeader: true
        authResponseHeaders:
          - Remote-User
          - Remote-Groups
          - Remote-Name
          - Remote-Email
  services:
    authelia:
      loadBalancer:
        servers:
          - url: "http://localhost:9091"

its not working, not sure why.
i find it weird since

  services:
    nextcloud:
      loadBalancer:
        servers:
          - url: "http://localhost:11000"

from nextcloud seems to work just fine.

image
image1920×774 56.9 KB

image
image1920×853 25.5 KB

i dont see a spelling mistake?

4

Enable and check Traefik debug log (doc), are routers with middleware created?

Enable and check Traefik access log in JSON format (doc), what’s the output during requests?

5

took me a while to get logs working, i got confused since it seems that

log:
  level: DEBUG
  format: json
  filePath: "/opt/traefik/traefik.log"
  maxSize: 1   #this causes node field errors
  maxAge: 3   #this also causes node field errors

does not seem to work no matter how i format it.

anyways, here's some logs.

6

When using dynamic config files, you need to assign a service to a router, like you assign middlewares.

Docker labels will handle that automatically, when only one service exists.