Problem
Something is preventing the provider 'file' from successfully starting and I cannot understand what it is. I would really appreciate your help as I have spent 10 hours now tyring to tweak my config, restarting machines. I made a compeltely new host VM and pulled all new images/new containers/new everything but with same config, so the error is somewhere in my settings. TIA.
traefik | 2021-02-24T19:15:36.259003203Z time="2021-02-24T19:15:36Z" level=info msg="Starting provider *file.Provider {\"directory\":\"/rules\",\"watch\":true}"
traefik | 2021-02-24T19:15:36.278489614Z time="2021-02-24T19:15:36Z" level=error msg="Cannot start the provider *file.Provider: /rules/middlewares.yml: field not found, node: middlewares-secure-headers"
.......
traefik | 2021-02-24T19:16:02.888584367Z time="2021-02-24T19:16:02Z" level=error msg="middleware \"chain-authelia@file\" does not exist" entryPointName=https routerName=traefik-all@docker
traefik | 2021-02-24T19:16:02.888631108Z time="2021-02-24T19:16:02Z" level=error msg="middleware \"chain-authelia@file\" does not exist" entryPointName=http routerName=traefik-all@docker
Setup
./docker/docker-compose-core.yml
./docker/traefik/traefik.yml
./docker/traefik/rules/chains.yml
./docker/traefik/rules/middlewares.yml
docker-compose-core.yml
traefik:
image: traefik:latest
container_name: traefik
restart: always
read_only: true
networks:
- Mars
- Jupiter
ports:
- 80:80
- 443:443
security_opt:
- no-new-privileges:true
volumes:
- /etc/localtime:/etc/localtime:ro
- ./traefik/traefik.yml:/traefik.yml:ro
- ./traefik/rules:/rules:ro
- ./traefik/acme.json:/acme.json:rw
- ./traefik/logs:/logs:rw
- ./traefik/plugins-storage:/plugins-storage:rw
environment:
- TZ=$TZ
depends_on:
- redis
- authelia
labels:
- traefik.enable=true
- traefik.http.routers.traefik-all.entrypoints=https,http
- traefik.http.routers.traefik-all.rule=Host(`dash.$DOMAINNAME`)
- traefik.http.routers.traefik-all.middlewares=chain-authelia@file
- traefik.http.routers.traefik-all.service=api@internal
# - traefik.http.routers.traefik-all.tls.certresolver=zerossl # One at a time because using the same key 'traefik.http.routers.traefik-all.tls.certresolver'
- traefik.http.routers.traefik-all.tls.certresolver=dns
- traefik.http.routers.traefik-all.tls.domains[0].main=$DOMAINNAME
- traefik.http.routers.traefik-all.tls.domains[0].sans=*.$DOMAINNAME
- traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.$DOMAINNAME/
- traefik.http.middlewares.authelia.forwardauth.trustforwardheader=true
- traefik.http.middlewares.authelia.forwardauth.authresponseheaders=Remote-User, Remote-Groups
- traefik.http.routers.http-catchall.entrypoints=http
- traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)
- traefik.http.routers.http-catchall.middlewares=redirect-to-https
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
traefik.yml
api:
dashboard: true
entryPoints:
http:
address: ":80"
forwardedHeaders:
trustedIPs:
- "bunch.of.ip.addresses"
https:
address: ":443"
http:
tls: {}
forwardedHeaders:
trustedIPs:
- "bunch.of.ip.addresses"
proxyProtocol:
trustedIPs:
- "bunch.of.ip.addresses"
providers:
docker:
endpoint: "tcp://jupiter:2375"
exposedByDefault: false
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.tomlawson.io`)"
network:
- Mars
file:
directory: "/rules"
watch: true
chains.yml
http:
middlewares:
chain-no-auth:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-secure-headers
chain-basic-auth:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-secure-headers
- middlewares-basic-auth
chain-authelia:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-secure-headers
- cfp@file
- authelia@docker
middlewares.yml
http:
middlewares:
middlewares-rate-limit:
rateLimit:
average: 100
burst: 50
middlewares-secure-headers:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlMaxAge: 100
hostsProxyHeaders:
- "X-Forwarded-Host"
- "Cf-Connecting-Ip"
sslRedirect: true
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
# frameDeny: true #overwritten by customFrameOptionsValue
#customFrameOptionsValue: "allow-from https:ares.systems" #CSP takes care of this but may be needed for organizr.
contentTypeNosniff: true
browserXssFilter: true
# sslForceHost: true # add sslHost to all of the services
# sslHost: "ares.systems"
referrerPolicy: "same-origin"
# Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
# the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
# contentSecurityPolicy: "frame-ancestors *.ares.systems:*;require-trusted-types-for 'script';"
featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
server: ""