So this is my first experiment with Traefik proxying something and it didn't go so well...anyways as it states I'm getting the dreaded "404 page not found" error when I navigate to the address I used.
I'm not sure whats wrong I can get to the Traefik dashboard and see that it shows up there. I have a DNS entry for it on my DNS server.
I'm trying to use this walk through: Put Wildcard Certificates and SSL on EVERYTHING | Techno Tim Documentation
Here are the configs I used. I changed out the example stuff shown here to my domain and user/password is the only changes between mine and this config.
The wildcard Let's Encrypt" certs work. Even on the 404 page of portainer...so SSL is functional just for some reason can't get to portainer page.
traefik docker-compose
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=user@example.com
- CF_DNS_API_TOKEN=YOU_API_TOKEN
# - CF_API_KEY=YOU_API_KEY
# be sure to use the correct one depending on if you are using a token or key
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/username/traefik/data/traefik.yml:/traefik.yml:ro
- /home/username/traefik/data/acme.json:/acme.json
- /home/username/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.example.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.example.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=local.example.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.example.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: true
Traefik.yml:
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: you@example.com
storage: acme.json
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
Portainer docker-compose file:
version: '3'
services:
portainer:
image: portainer/portainer-ce
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/username/portainer/data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`portainer.local.example.com`)"
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
- "traefik.http.routers.portainer-secure.entrypoints=https"
- "traefik.http.routers.portainer-secure.rule=Host(`portainer.local.example.com`)"
- "traefik.http.routers.portainer-secure.tls=true"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true
Portainer logs:
portainer | time="2022-10-26T22:02:58Z" level=info msg="Encryption key file `portainer` not present"
portainer | time="2022-10-26T22:02:58Z" level=info msg="Proceeding without encryption key"
portainer | time="2022-10-26T22:02:58Z" level=info msg="Loading PortainerDB: portainer.db"
portainer | time="2022-10-26T22:02:58Z" level=info msg="Opened existing store" version=61
portainer | 2022/10/26 22:02:58 server: Reverse tunnelling enabled
portainer | 2022/10/26 22:02:58 server: Fingerprint 3b:65:fd:7d:fe:b0:8f:75:f5:73:6c:4b:b5:3d:d1:52
portainer | 2022/10/26 22:02:58 server: Listening on 0.0.0.0:8000...
portainer | time="2022-10-26T22:02:58Z" level=info msg="[INFO] [cmd,main] Starting Portainer" BuildNumber=22936 GoVersion=1.18.3 ImageTag=linux-amd64-2.15.1 NodejsVersion=14.20.0 Version=2.15.1 WebpackVersion=5.68.0 YarnVersion=1.22.19
portainer | time="2022-10-26T22:02:58Z" level=info msg="2022/10/26 22:02:58 [DEBUG] [chisel, monitoring] [check_interval_seconds: 10.000000] [message: starting tunnel management process]"
portainer | time="2022-10-26T22:02:58Z" level=info msg="2022/10/26 22:02:58 [DEBUG] [internal,init] [message: start initialization monitor ]"
portainer | time="2022-10-26T22:02:58Z" level=info msg="2022/10/26 22:02:58 [INFO] [http,server] [message: starting HTTPS server on port :9443]"
portainer | time="2022-10-26T22:02:58Z" level=info msg="2022/10/26 22:02:58 [INFO] [http,server] [message: starting HTTP server on port :9000]"
Anyone have an idea why I'm getting a 404 error?