Hi everyone, I am late to upgrade an (internal non-exposed) version of Traefik 2.2.11 to a current version. On using v2.3 I'm receiving the following error message:
time="2024-04-08T19:30:50Z" level=info msg="Configuration loaded from flags."
time="2024-04-08T19:30:50Z" level=info msg="Traefik version 2.3.7 built on 2021-01-11T18:03:02Z"
time="2024-04-08T19:30:50Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2024-04-08T19:30:50Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2024-04-08T19:30:50Z" level=info msg="Starting provider *file.Provider {\"directory\":\"/rules\",\"watch\":true}"
**time="2024-04-08T19:30:50Z" level=error msg="Cannot start the provider *file.Provider: /rules/middlewares.toml: field not found, node: permissionsPolicy"**
time="2024-04-08T19:30:50Z" level=info msg="Starting provider *acme.Provider {\"email\":\"email@mail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]},\"ResolverName\":\"dns-cloudflare\",\"store\":{},\"ChallengeStore\":{}}"
time="2024-04-08T19:30:50Z" level=info msg="Testing certificate renew..." providerName=dns-cloudflare.acme
time="2024-04-08T19:30:50Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ index .Labels \\\"com.docker.compose.service\\\" }}.domain.com`)\",\"network\":\"external_network\",\"swarmModeRefreshSeconds\":15000000000}"
time="2024-04-08T19:30:50Z" level=info msg="Starting provider *traefik.Provider {}"
time="2024-04-08T19:30:50Z" level=error msg="middleware \"chain-basic-auth@file\" does not exist" entryPointName=https routerName=traefik-rtr@docker
time="2024-04-08T19:30:50Z" level=error msg="middleware \"chain-no-auth@file\" does not exist" entryPointName=https routerName=landingpage-rtr@docker
docker-compose.yml of the Traefik service:
traefik:
container_name: traefik
image: traefik:2.3
restart: unless-stopped
security_opt:
- no-new-privileges:True
command:
- --global.checkNewVersion=True
- --global.sendAnonymousUsage=False
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443 # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
- --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32
- --entryPoints.traefik.address=:8080
- --api=True
- --api.dashboard=True
- --log=True
- --log.level=INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=True
- --accessLog.filePath=/traefik.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=400-499
- --providers.docker=True
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
- --providers.docker.exposedByDefault=false
- --providers.docker.network=external_network
- --providers.docker.swarmMode=False
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
- --providers.file.watch=true # Only works on top level files in the rules folder
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-cloudflare.acme.email=email@mail.com
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
networks:
- internal_network
- external_network
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
# - target: 8080
# published: 8080
# protocol: tcp
# mode: host
volumes:
- /home/provider/docker/traefik2/rules:/rules
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/provider/docker/traefik2/acme/acme.json:/acme.json
- /home/provider/docker/traefik2/traefik.log:/traefik.log
- /home/provider/docker/shared:/shared
environment:
- CF_API_EMAIL=$CLOUDFLARE_EMAIL
- CF_API_KEY=$CLOUDFLARE_API_KEY
- LOG4J_FORMAT_MSG_NO_LOOKUPS=true
labels:
- "traefik.enable=true"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
- "traefik.http.routers.traefik-rtr.tls=true"
# - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
- "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
- "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
## Services - API
- "traefik.http.routers.traefik-rtr.service=api@internal"
# Middlewares
- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file"
middleware-chains.toml:
[http.middlewares]
[http.middlewares.chain-no-auth]
[http.middlewares.chain-no-auth.chain]
middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers" ]
[http.middlewares.chain-basic-auth]
[http.middlewares.chain-basic-auth.chain]
middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers", "middlewares-basic-auth" ]
[http.middlewares.chain-no-auth-cors-all]
[http.middlewares.chain-no-auth-cors-all.chain]
middlewares = [ "middlewares-rate-limit", "middlewares-cors-allow-all-headers" ]
middlewares.toml
[http.middlewares]
[http.middlewares.middlewares-basic-auth]
[http.middlewares.middlewares-basic-auth.basicAuth]
realm = "Traefic 2 Basic Auth"
usersFile = "/shared/.htpasswd"
[http.midlewares.middlewares-rate-limit]
[http.middlewares.middlewares-rate-limit.rateLimit]
average = 100
burst = 50
[http.middlewares.middlewares-secure-headers]
[http.middlewares.middlewares-secure-headers.headers]
accessControlAllowMethods = ["GET", "HEAD", "POST", "PUT", "DELETE", "CONNECT", "OPTIONS", "PATCH"]
accessControlMaxAge = 100
hostsProxyHeaders = ["X-Forwarded-Host"]
stsSeconds = 63072000
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = true
customFrameOptionsValue = "sameorigin"
contentTypeNosniff = true
browserXssFilter = true
referrerPolicy = "same-origin"
permissionsPolicy = "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
[http.middlewares.middlewares-secure-headers.headers.customResponseHeaders]
X-Robots-Tag = "none,noarchive,nosnippet,notranslate,noimageindex,"
server = ""
[http.middlewares.middlewares-cors-allow-all-headers]
[http.middlewares.middlewares-cors-allow-all-headers.headers]
hostsProxyHeaders = ["X-Forwarded-Host"]
stsSeconds = 63072000
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = true
customFrameOptionsValue = "sameorigin"
contentTypeNosniff = true
browserXssFilter = true
referrerPolicy = "no-referrer"
permissionsPolicy = "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
I suspected the error to be in the middlewares.toml file and have been comparing the keys with those from the documentation for hours now, but I can't find my mistake. I'm hoping you'll be able to spot it right away with a fresh pair of eyes.