Exposing Traefik dashboard on a different port

Traefik Traefik v2
,
1

Was trying to expose traefik dashboard on a non standard port. Here is my docker-compose.yml

version: "3.9"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 2083:2083
      - 8080:8080
      - 443:443
    environment:
      - CF_API_EMAIL={$email}
      - CF_DNS_API_TOKEN={$token}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /run/user/1000/docker.sock:/var/run/docker.sock:ro
      - ~/traefik/traefik.yml:/traefik.yml:ro
      - ~/traefik/acme.json:/acme.json
      - ~/traefik/dynamic.yml:/dynamic.yml:ro

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=dashboard"
      - "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.api.entrypoints=dashboard"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik.tls.domains[0].main=*.example.com"
      - "traefik.http.routers.traefik.tls.domains[0].sans=example.com"
      - "traefik.http.routers.traefik.service=api@internal"

networks:
  proxy:
    external: true
    name: proxy
    driver: bridge
  default:
    driver: bridge

traefik.yml has the following lines:

api:
  dashboard: true
  debug: true

log:
  level: INFO

entryPoints:
  http:
    address: ":80"

  dashboard:
    address: ":2083"

  https:
    address: ":443"

serversTransport:
  insecureSkipVerify: true

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

  file:
    filename: /dynamic.yml
    watch: true

certificatesResolvers:
  cloudflare:
    acme:
      email: email@example.com
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

and the last is the content of dynamic.yml:

# dynamic.yml
http:
  routers:
    dashboard:
      entrypoints:
        - dashboard
      rule: PathPrefix(`/api`) || PathPrefix(`/dashboard`)
      service: api@internal
      middlewares:
        - user-auth

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
        permanent: false
        port: 443

    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 155520011
        referrerPolicy: no-referrer
        featurePolicy: true
        SSLHost: example.com

    user-auth:
      basicAuth:
        users:
          - "user:$pass"

Everything works once I switch to a standard 443 port. Once the port is different I obtain "page not found 404". Any help is appreciated. My goal was to forward HTTPS traffic also to another port if it is possible. I run rootless Docker under Fedora Server 37.

2

How do you "switch" ports? Just by changing the entrypoint to https?

Maybe its just capitalization (entryPoints):

http:
  routers:
    dashboard:
      entryPoints:
      rule: PathPrefix(`/api`) || PathPrefix(`/dashboard`) || PathPrefix(`/debug`)
      service: api@internal
      middlewares:
        - auth
  middlewares:
    auth:
      basicAuth:
        users:
          - "user:pass"
3

Yes, using entrypoints as below:

- "traefik.http.routers.traefik.entrypoints=dashboard"

I just noticed that I have access to the dashboard but I have to enter full address https://traefik.example.com:2083/dashboard/. With the short link https://traefik.example.com:2083 I get error 404.

4

Yes, dashboard is (only) available at /dashboard/, as the docs state multiple times.

5

It seems I figured out where was the source of the problem. I had this line in my config:

- "traefik.http.routers.traefik.middlewares=auth@file,https-redirect@file"

I think https-redirect instruction was not able to redirect traffic correctly on "non-https" port (dashboard entry). Moreover, I found it possible to forward any port on the host to "standard" https port 443 on the docker. My main goal was to spin several services with each of them requiring a secure connection on my server. I can consider my problem solved so far. @bluepuma77 thank you for assistance.

6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.