Hello, I recently set up Traefik using docker compose on my Ubuntu Server. After a lot of trial and error I was able to start up Traefik and a BookStack instance which both worked great.
After one hour of not accessing the site this changed: I now always receive Error Code "418" (which is useless). I am pretty sure that have not changed the configuration in between and I am at a complete loss as to why this is happening...
My docker-compose.yml for Traefik looks like this:
services:
traefik:
image: traefik:latest
restart: unless-stopped
container_name: traefik
command:
# Configure logging
- "--log.level=DEBUG"
- "--accessLog=true"
# Opt out of usage statistics
- "--global.sendAnonymousUsage=false"
# Enable docker provider but do not expose containers by default
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=home-server"
# API settings
- "--api.dashboard=true"
- "--api.insecure=false"
- "--api.debug=true"
# Entrypoints port 80 (http) and port 443 (https)
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
# Trust cloudflare forwarded headers (https://www.cloudflare.com/ips-v4)
- "--entryPoints.web.forwardedHeaders.trustedIPs=103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
# Redirect http to https
- "--entryPoints.web.http.redirections.entryPoint.to=websecure"
- "--entryPoints.web.http.redirections.entryPoint.scheme=https"
# letsencrypt ACME
- "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.letsencrypt.acme.email=<my_mail>"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
# - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" # TODO remove once debugging is done
# default certificate
- "--entryPoints.websecure.http.tls.certresolver=letsencrypt"
- "--entryPoints.websecure.http.tls.domains[0].main=my-domain.com"
- "--entryPoints.websecure.http.tls.domains[0].sans=*.my-domain.com"
ports:
# The HTTP port (necessary for HTTP challenge)
- "80:80"
# The HTTPS port
- "443:443"
networks:
- frontend
volumes:
# Create a letsencrypt dir within the folder where the docker-compose file is
- ./letsencrypt:/letsencrypt
- ./logs:/logs
# So that Traefik can read the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CF_DNS_API_TOKEN=<my_token>
- CF_API_EMAIL=<my_mail>
labels:
- "traefik.enable=true"
#
# DASHBOARD CONFIGURATION
#
# route to traefik.my-domain.com
- "traefik.http.routers.dashboard.rule=Host(`traefik.my-domain.com`)"
# use internal API service
- "traefik.http.routers.dashboard.service=api@internal"
# use HTTPS entry
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
- "traefik.http.routers.dashboard.tls=true"
# route traffic to 8080
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
# - "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
# add authentication
- "traefik.http.routers.dashboard.middlewares=authtraefik"
# set dashboard user(s) (see https://stackoverflow.com/questions/47376909/traefik-authentication-failed )
- "traefik.http.middlewares.authtraefik.basicauth.users=admin:<hash>"
networks:
frontend:
external: true
name: home-server
As I also cannot access the dashboard (traefik.my-domain.com) I assume, that there is a bug or bad configuration in this file and not the compose file for BookStack.
