Help with docker tags and future troubleshooting

The result of this config: trying to access plex.mydomain.tld == 404.
The desired result: connect to my plex instance.
I can successfully wget the 192.168.1.134:32400 from inside traefik's container.

What's wrong in this config?
I'm having a similar issue when trying to add my unifi controller instance.

Note: Plex is working via direct IP access and via plex's web interface. It would be nice if I could configure plex clients to connect to my domain directly.

I had previously had this working by using a traefik toml file provider, but I am all in on using labels and don't want what amounts to two config files for one service.

[Unit]
After=traefik.service

[Container]
Image=docker.io/plexinc/pms-docker
ContainerName=plex
AutoUpdate=registry

Environment=PLEX_UID=1000
Environment=PLEX_GID=1000
Environment=ALLOWED_NETWORKS=192.168.1.0/24,192.168.2.0/24
# Secret=PLEX_CLAIM,type=env # expires in 5 minutes
AddDevice=/dev/dri:/dev/dri

# Ports to expose if not using host networking
# ExposeHostPort=32400
# ExposeHostPort=32410/udp
# ExposeHostPort=32412/udp
# ExposeHostPort=32413/udp
# ExposeHostPort=32414/udp
# ExposeHostPort=5353/udp

Volume=/media/ARCHIVE/ContainerVolumes/plex/config:/config:U
Volume=/media/ARCHIVE/ContainerVolumes/plex/transcode:/transcode:U
Volume=/media/ARCHIVE/Library:/Library:ro

Label=traefik.enable=true
Label=traefik.http.routers.plex.rule=Host(`plex.mydomain.tld`)
Label=traefik.http.services.plex.loadbalancer.servers[0].url=http://192.168.1.134:32400
Network=host

# Misc dead ends the docs have sent me down
#Label=traefik.http.routers.plex.service=plex
#Label=traefik.http.services.plex.loadbalancer.servers.port=32400
#Label=traefik.http.services.plex.loadbalancer.servers.url=192.168.1.134
#Label=traefik.http.services.plex.loadbalancer.servers.scheme=http

HealthCmd=["curl", "--connect-timeout", "15", "--max-time", "100", "--silent", "--show-error", "--fail", "--output", "/dev/null", "http://localhost:32400/identity"]
HealthInterval=5m
HealthOnFailure=kill

[Service]
Restart=always

[Install]
WantedBy=default.target

# vim: set filetype=confini :

Future troubleshooting:
When operating via docker labels, Traefik rarely outputs any errors at all. A mistake like 'service' should have been 'services' can be hard to spot. Thus troubleshooting is tedious, time consuming, tear inducing trial and error. I have grown to fear touching traefik. Is there a sane way to iterate? What am I missing?

Thanks

Enable and check Traefik debug log (doc), any "ERR" in logs?

Enable and check Traefik access log in JSON format (doc), what’s the output during requests?

When running a target service in a Docker container, Traefik is automatically using the internal container IP to access the service. So you usually just need host and port (simple Traefik example):

  whoami:
    image: traefik/whoami:v1.11
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.mywhoami.rule=Host(`whoami.example.com`)
      - traefik.http.services.mywhoami.loadbalancer.server.port=80

url is only used when your want to forward/proxy requests to an external target.

url is only used when your want to forward/proxy requests to an external target.

Which is one of the things I am trying to accomplish (see my comment about unifi above).

Traefik is automatically using the internal container IP to access the service

And, unfortunately, that function appears to not work for host networking, which is what I'm using for plex.

Pointing to a service running by host networking would presumably be functionally equivalent to an external service, although perhaps there's some other distinction or special setting I've overlooked.

Enable and check Traefik debug log (doc), any "ERR" in logs?

Enable and check Traefik access log in JSON format (doc), what’s the output during requests?

Yes, I have debug logging enabled and access logs enabled, and it has nothing to say for plex other than reporting the 404s. There's a long line with seemingly the entire config from all my traefik enabled containers, from which plex is absent- presumably because the configuration is invalid. But without specific errors, I've nothing to go on except trial and error.

you usually just need host and port

This does result in an error when traefik times out trying to access some internal IP that is connected to nothing.

thanks

Well, in access log in JSON mode you would see a potential OriginStatus to see if the error comes from target service, then it would also include the router name, or if the request wasn’t matched at all by Traefik.