Everytime I enable the api/dashboard, everything stops working

Does anyone have any idea why I'm experiencing this symptom? Appreciate any help you can offer. Thanks much, in advance.

Complete newbie here. I have finally gotten a simple test page to work with Traefik. I have been trying, for about 4 hours now, to just grok it all, get simple things running, and get the dashboard loaded. Its' this latter that I'm currently struggling with. Not only does the dashboard not come up, but my single page test site stops working.

I'm running a separate console just for tail on the log file. When I uncomment the api lines in the traefik.yml file, I can tell it's not going to work as soon as the docker compose up finishes. I'll get this line in the logs (going to very much shorten it):

time="2024-04-26T04:06:25Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"custom\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"readTimeout\":\"1m0s\",\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\".....

... and then I get nothing else. With the api config entries commented out, I get a whole bunch of stuff (I have debug logging turned on, obviously), this is just a portion. (You can see the last part of the JSON content log entry there.

(Please note: There's a different domain name, just using "myserver.com" in config and images.)

Here's the good:

Here's the docker-compose:

services:
  reverse-proxy:
    image: traefik:v2.11

    # Commented this out, seems like it can find it just fine.
    #command: --configFile=/etc/traefik/traefik.yml
    # Tried to add here as command flags vs. being in the config file.
    #command: --configFile=/etc/traefik/traefik.yml --api.dashboard=true --api.insecure=true --providers.docker
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config/traefik.yml:/etc/traefik/traefik.yml:ro
      - ./config/certs/:/etc/traefik/certs/
      - ./log/traefik/:/var/log/traefik/
      - ./data/acme.json:/acme/acme.json
    networks:
      - traefik

  nginx_test:
    image: nginx
    # ports:
    #   - 80:80
    networks:
      - traefik
    volumes:
      - ./html:/usr/share/nginx/html:ro
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"

      - "traefik.http.routers.nginx-http.rule=Host(`test1.myserver.com`)"
      #- "traefik.http.routers.web.rule=Host(`host1.example.com`) || Host(`host2.example.com`) || Host(`host3.random.com`)"
      - "traefik.http.routers.nginx-http.entrypoints=web"
      - "traefik.http.routers.nginx-http.service=nginx-http-service"
      - "traefik.http.services.nginx-http-service.loadbalancer.server.port=80"

      # Have tried with and without this section
      # - "traefik.http.routers.traefik-dashboard.rule=Host(`test2.myserver.com`)"
      # - "traefik.http.routers.traefik-dashboard.entrypoints=web"
      # - "traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080"
      # - "traefik.http.routers.traefik-dashboard.service=traefik-dashboard"

    depends_on:
      - reverse-proxy

networks:
  traefik:
    external: true

Here's the traefik.yml:

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
  custom:
    address: ":8080"

# --------------------------------------------------
# If I uncomment these, it completely stops working
# --------------------------------------------------
# api:
#   dashboard: true
#   insecure: true
# --------------------------------------------------

log:
  level: DEBUG
  format: common
  filePath: /var/log/traefik/traefik.log

certificatesResolvers:
  dwo-resolver:
    acme:
      email: nobody@example.com
      storage: acme.json
      httpChallenge:
        entryPoint: web

providers:
  docker:
    exposedByDefault: false
  file:
    directory: /etc/traefik/
    watch: true

As a side note, I likely won't have Traefik's docker-compose merged with other containers, long-term, right now I'm just trying to do a simple config to get my head around the tool.

Also, I have stopped every other docker container. There is nothing but this docker-compose file powering anything. I know web ports can be easy to have conflicts in. (I'm not a programming rookie, 30 years of that, but just... new'ish to docker, and most certainly to Traefik.)

It takes some time to get used to Traefik static and dynamic config.

providers.file is only need for additional dynamic config files, not for traefik.yml. You use additional dynamic config files not shown?

Maybe compare to simple Traefik example.

No, I don't. Let me remove that block. I did start with the simple example, but (for whatever reason, maybe other stuff of my own) it didn't seem to work well, or it didn't fit what I was looking to do.

# providers:
#   docker:
#     exposedByDefault: false
#   file:
#     directory: /etc/traefik/
#     watch: true

Disabled that section, same result. Any other ideas? I will try, again, to set up the basic example under another stack.

@bluepuma77 Started to post this in the Issues on the repo, but the realized, it's YOUR repo, so... here might be better than to clog up the repo issues... Also, had a "4 link max" so modified some of the outputs... .com is now |com and https:// is now xttps|

I was able to use your example to get the Dashboard running. I set it up on test1.myserver|com. ("myserver|com" obviously being something else). I replaced the two "whoami.example|com" values with my test3.myserver|com (so one with "www." and one without. And I changed the email address.

Results:

1. Dashboard at test1.myserver|com works, but get a warning that the cert is invalid, but at least comes up.
2. Site test3... (the whoami setup) hhmmm, okay, was going to say it didn't come up, but a hard refresh (CTRL+F5) brought it up. (Must not have been ready the first time I tried it.) But it also has a cert issue.

Log shows:

traefik-1  | 2024-04-26T14:52:13Z ERR Unable to obtain ACME certificate for domains error="cannot get ACME client get directory at 'xttps|acme-v02.api.letsencrypt.org/directory': Get \"xttps|acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:36851->127.0.0.11:53: i/o timeout" ACME CA=xttps|acme-v02.api.letsencrypt.org/directory acmeCA=xttps|acme-v02.api.letsencrypt.org/directory domains=["test1.myserver|com"] providerName=myresolver.acme routerName=mydashboard@docker rule=Host(`test1.myserver|com`)

(Two of these, ports 36851 on one and 58165 on another.)

Your question above to the OP was "did you create the necessary DNS entries?", however, .... the readme at: traefik-best-practice/docker-traefik-dashboard-letsencrypt/README.md at main · bluepuma77/traefik-best-practice · GitHub doesn't indicate what, if any, DNS entries to be created. Using my imagination, I have test1, test2 and test created and pinging. Are there OTHER DNS entries I should be creating?

Appreciate any additional insight, not just for me, but for the future lookers here!

I was able to use this example to get the Dashboard running. I set it up on test1.myserver|com. ("myserver|com" obviously being something else). I replaced the two "whoami.example|com" values with my test3.myserver|com (so one with "www." and one without. And I changed the email address.

Results:

1. Dashboard at test1.myserver|com works, but get a warning that the cert is invalid, but at least comes up.
2. Site test3... (the whoami setup) hhmmm, okay, was going to say it didn't come up, but a hard refresh (CTRL+F5) brought it up. (Must not have been ready the first time I tried it.) But it also has a cert issue.

Log shows:

traefik-1  | 2024-04-26T14:52:13Z ERR Unable to obtain ACME certificate for domains error="cannot get ACME client get directory at 'xttps|acme-v02.api.letsencrypt.org/directory': Get \"xttps|acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:36851->127.0.0.11:53: i/o timeout" ACME CA=xttps|acme-v02.api.letsencrypt.org/directory acmeCA=xttps|acme-v02.api.letsencrypt.org/directory domains=["test1.myserver|com"] providerName=myresolver.acme routerName=mydashboard@docker rule=Host(`test1.dwoserver|com`)

(Two of these, ports 36851 on one and 58165 on another.)

Your question to the OP in the repo Issues was "did you create the necessary DNS entries?", however, .... the readme doesn't indicate what, if any, DNS entries should be created. Using my imagination, I have test1, test2 and test created and pinging. Are there OTHER DNS entries I should be creating?

Appreciate any additional insight, not just for me, but for the future lookers here!

Couple other errors I'm getting in log output / stdout:

traefik-1  | 2024-04-26T14:54:36Z ERR Error while Peeking first byte error="read tcp 192.168.128.2:80->192.168.128.1:48484: i/o timeout"`  *(More than one of these, port number fluctuates, 34088, 48484)*

traefik-1  | 2024-04-26T15:02:09Z WRN Error checking new version error="Get \"xttps|update.traefik.io/repos/traefik/traefik/releases\": dial tcp: lookup update.traefik.io on 127.0.0.11:53: read udp 127.0.0.1:58289->127.0.0.11:53: i/o timeout"

If you disable all providers, then there are no routers and no services. So only 404.

Just FYI, I have another big ol post with some good, some bad results. But the system has disabled it until staff reviews it. Grrr.

The big post I worked on finally cleared, it's above your "disable all providers" entry.

You need DNS entries for the domains you want to use, and they need to point to your Traefik server IP.

Error with port 53 indicates you have an issue with your DNS server. Any special network setup or firewalls?

I'll discontinue posting in this thread. I have TWO working docker stack setup now from various sources around the web. Part of my problem might be partly how I build things in tech: I do one thing and I test it. I add another thing, and test it. Relying on others fully-built examples removes that ability from me. With working examples, though, I'm able to snapshot them and tear them apart, and learn what each line or group of lines in a config does and how it affects the runtime.

I need to find a nice YouTube video that says "let's do (A), here's what happens, now let's add (B) and this is how it's different". Or do my own for others once I grasp it all.

Appreciate the help, everyone. Especially you, @bluepuma77 , you are a frequent contributor here!

The simple Traefik example is a working minimum setup with best practices, so I usually recommend people to start from there and add their additional config piece by piece.