Error: <my-website.com> redirected you too many times

Traefik Traefik v2
1

I'm getting too many redirect error when I try to visit dashboard or any other hosted container. This is my container.yml content:

services:
  traefik:
    image: traefik:v2.11
    restart: always
    container_name: traefik
    ports:
      - "80:80" # <== http
      - "8080:8080" # <== dashboard
      - "443:443" # <== https
    command:
      - --api.insecure=true # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION
      - --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc.
      - --api.debug=false # <== Enabling additional endpoints for debugging and profiling
      - --log.level=ERROR # <== Setting the level of the logs from traefik
      - --providers.docker=true # <== Enabling docker as the provider for traefik
      - --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik
      - --providers.docker.network=proxy # <== Operate on the docker network named web
      - --entrypoints.web.address=:80 # <== Defining an entrypoint for port :80 named web
      - "--entryPoints.web.forwardedHeaders.insecure"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik-data/config/traefik.yml:/traefik.yml:ro
      - ./traefik-data/config/acme.json:/acme.json
      - ./traefik-data/config/config.yml:/config.yml:ro
      - ./traefik-data/logs:/var/log/traefik
    environment:
      - CF_API_EMAIL=cf-email@gmail.com
      - CF_DNS_API_TOKEN=CLOUDFLARE_TOKEN
    networks:
      - proxy # <== Placing traefik on the network named proxy, to access containers on this network
    labels:
      - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to$
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`config.my-domain.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:password"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`config.my-domain.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=my-domain.com"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.my-domain.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:

This is content for traefik.yml:

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: cf-email@gmail.com
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

My config.yml file is empty.
I want to redirect http to https. What am I doing wrong here?
Also, is there any way to only expose dashboard to the local computer but not to internet?
I'm new to Traefik so I might be making some silly mistake here. Thanks for any suggestion.

2

You can not use Traefik static config in traefik.yml and command:, decide for one.

I recommend to clean up your config, only use redirect on entrypoint. And Traefik will automatically set common headers.

Compare to simple Traefik example.

3

Hi, thank you so much for pointing it out, especially the Github repo.
I modified few things and tried with this docker-compose.yml config:

services:
  traefik:
    image: traefik:v3.0
    ports:
      - 80:80
      - 443:443
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik-data/config/traefik.yml:/traefik.yml:ro
      - ./traefik-data/config/acme.json:/acme.json
      - ./traefik-data/config/config.yml:/config.yml:ro
      - ./traefik-data/logs:/var/log/traefik
    command:
      - --api.dashboard=true
      - --log.level=INFO
      - --accesslog=true
      - --log.filepath=/var/log/traefik/traefik.log
      - --accesslog.filepath=/var/log/traefik/access.log

      - --providers.docker.network=proxy
      - --providers.docker.exposedByDefault=false

      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.asDefault=true
      - --entrypoints.websecure.address=:443
      - --traefik.http.routers.websecure.tls=true
      - --traefik.http.routers.websecure.tls.certresolver=cloudflare
      - --traefik.http.routers.websecure.tls.domains[0].main=my-domain.com
      - --traefik.http.routers.websecure.tls.domains[0].sans=*.my-domain.com
    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.rule=Host(`config.my-domain.com`)
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth
      - traefik.http.middlewares.myauth.basicauth.users=user:password
    environment:
      - CF_API_EMAIL=email@gmail.com
      - CF_DNS_API_TOKEN=TOKEN_HERE

  whoami:
    image: traefik/whoami:v1.8
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.mywhoami.rule=Host(`info.my-domain.com`)
      - traefik.http.services.mywhoami.loadbalancer.server.port=80

      - traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
      - traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://$${1}
      - traefik.http.routers.mywhoami.middlewares=mywwwredirect

networks:
  proxy:

I still have traefik.yml, not sure if I still need it though (I modified the content though):

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: email@gmail.com #add your email
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

Now, I can access Traefik Dashboard and WhoAmI. But I also have another docker-compose for Ghost (blog). I still can't access that. Here is the config for that:

services:
  ghost:
    image: beevk/ghost-s3:v1.0.0
    restart: always
    ports:
      - 2368:2368
    environment:
      # all the environment variables
    labels:
      - traefik.enable=true
      - traefik.http.routers.ghost.rule=Host(`my-domain.com`) || Host(`www.my-domain.com`)
      - traefik.http.services.ghost.loadbalancer.server.port=80

      - traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
      - traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://$${1}
      - traefik.http.routers.ghost.middlewares=mywwwredirect
    volumes:
      - ./ghost-data:/var/lib/ghost/content
    networks:
      proxy:
    security_opt:
      - no-new-privileges:true

networks:
  proxy:
    external: true

I really have no idea to fix it. How can I expose these other services? Should I modify the labels in any way? Please help. :pleading_face:

4

You can not use Traefik static config in traefik.yml and command:, decide for one.

5

I disabled it, but it is still not working :cry:

6

You are not clean with your networks.

Either create a Docker network via CLI and attach both compose, or create Docker network in one compose, use attachable: true and use name: (otherwise compose will
Prefix it with the project name).