How to redirect to the dashboard from a URL?

I currently access the V2 dashboard through http://traefik.my.server:8080/dashboard/ (Traefik runs in a docker container and 8080 is exposed to the host).
I would like to change that so that the dashboard is available at http://traefik.my.server/dashboard

I tried to add the following labels to configure this behavior but I get a 404 when accessing http://traefik.my.server/dashboard

- traefik.http.routers.dashboard.rule=Host(`traefik.my.server:`) && Path(`/dashboard`)
- traefik.http.services.dashboard.loadbalancer.server.port=8080
- traefik.http.routers.dashboard.entryPoints=http

(the http entrypoint is port 80)

What is the correct way to set up such redirection?

Hello,

Recommend read:

FYI it's not redirection but a routing.

Thank you for the information @ldez. https://docs.traefik.io/v2.1/operations/dashboard/#secure-mode is a particularly good read.

I modified my configuration to read

- traefik.http.routers.api.rule=Host(`traefik.mydomain.org`)
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=lan
- traefik.http.routers.api.entryPoints=http    # I tested with and without this entry, not knowing if api@internal manages it itself
- traefik.http.middlewares.lan.ipwhitelist.sourcerange=192.168.10.0/24, 192.168.20.0/24

I also modified the configuration file with

api:
  #insecure: true
  dashboard: true

Accessing http://traefik.mydomain.org/dashboard/ (or http://traefik.mydomain.org/dashboard or http://traefik.mydomain.org just to make sure I go though all the variants) still yields a 404 page not found

To get an accurate answer, you must provide all of your configurations, not just the parts.

Fair enough, sorry :slight_smile:

The docker-compose file:

services:
  traefik:
    container_name: traefik
    image: traefik
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    volumes:
      - /etc/docker/container-data/traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    labels:
      - traefik.http.routers.api.rule=Host(`traefik.mydomain.org`)
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.api.middlewares=lan
      - traefik.http.middlewares.lan.ipwhitelist.sourcerange=192.168.10.0/24, 192.168.20.0/24
      # also tried with an entryPoint
      # - traefik.http.routers.api.entryPoints=http
version: "3"

Configuration file

global:
  sendAnonymousUsage: true
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
api:
  dashboard: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\" }}.mydomain.org`)"
log:
  level: INFO
  #level: DEBUG
certificatesResolvers:
  le:
      acme:
          email: le@mydomain.org
          storage: /etc/traefik/acme.json
          tlsChallenge: {}
          #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"

Thank you for your help so far!

so you have to set traefik.enable=true on your container.

version: "3"

services:
  traefik:
    container_name: traefik
    image: traefik
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    volumes:
      - /etc/docker/container-data/traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`traefik.mydomain.org`)
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.api.middlewares=lan
      - traefik.http.middlewares.lan.ipwhitelist.sourcerange=192.168.10.0/24, 192.168.20.0/24

https://docs.traefik.io/v2.1/routing/providers/docker/#traefikenable

1 Like

Ahhh! I did not realize that Traefik itself needed to be enabled (for itself). It works perfectly - thank you very much.

I have also posted the working configuration at SO, follwing your hint (whcih I marked as the answer).

As a side question: since Traefik itself follows the rules of all services, why isn't there an entryPoint for it in the docker configuration?

I'm trying to do exactly the same thing - i.e. hide/conceal the port number in the URL when visiting the dashboard at a subdomain. It is working as expected if I put the port number in the URL and configure the host as...

- "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"

Here's my current docker YAML file...

version: "3.3"

services:

   traefik:
      image: "traefik:v2.2"
      container_name: "traefik"
      command:
         - "--log.level=INFO"
         - "--api.dashboard=true"
         - "--api.insecure=true"
         - "--providers.docker=true"
         - "--providers.docker.exposedbydefault=false"
         - "--entrypoints.web.address=:80"
         - "--entrypoints.websecure.address=:443"
         - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
         - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
         - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
         - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
         - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      ports:
         - "80:80"
         - "443:443"
      labels:
         - "traefik.enable=true"
         - "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`)"
         - "traefik.http.routers.api.entrypoints=web"
         - "traefik.http.routers.api.service=api@internal"

      volumes:
         - "./letsencrypt:/letsencrypt"
         - "/var/run/docker.sock:/var/run/docker.sock:ro"

   whoami:
      image: "containous/whoami"
      container_name: "simple-service"
      labels:
         - "traefik.enable=true"
         - "traefik.http.routers.whoami.rule=Host(`mydomain.com`)"
         - "traefik.http.routers.whoami.entrypoints=websecure"
         - "traefik.http.routers.whoami.tls.certresolver=myresolver"

With this configuration, visiting https://mydomain.com (secure) works as expected and shows the "whoami" info, but visiting http://traefik.mydomain.com (not secure) redirects to https://traefix.domain.com/dashboard (secure), and I don't understand why. I don't want/need TLS for the dashboard right now, plus I don't understand why it's redirecting to the "dashboard" URL.

Any insights would be appreciated.

I got this to work via TLS. Here's my working config YAML...

version: "3.3"

services:

   traefik:
      image: "traefik:v2.2"
      container_name: "traefik"
      command:
         - "--log.level=INFO"
         - "--api.dashboard=true"
         - "--api.insecure=true"
         - "--providers.docker=true"
         - "--providers.docker.exposedbydefault=false"
         - "--entrypoints.web.address=:80"
         - "--entrypoints.websecure.address=:443"
         - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
         - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
         - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
         - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
         - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"

      ports:
         - "80:80"
         - "443:443"

      labels:
         - "traefik.enable=true"
         - "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
         - "traefik.http.routers.api.entrypoints=web"
         - "traefik.http.routers.api.service=api@internal"
         - "traefik.http.services.traefik.loadbalancer.server.port=8080"
         - "traefik.http.routers.api.entrypoints=websecure"
         - "traefik.http.routers.api.tls=true"
         - "traefik.http.routers.api.tls.certresolver=myresolver"
         
      volumes:
         - "./letsencrypt:/letsencrypt"
         - "/var/run/docker.sock:/var/run/docker.sock:ro"

   whoami:
      image: "containous/whoami"
      container_name: "simple-service"
      labels:
         - "traefik.enable=true"
         - "traefik.http.routers.whoami.rule=Host(`mydomain.com`)"
         - "traefik.http.routers.whoami.entrypoints=websecure"
         - "traefik.http.routers.whoami.tls.certresolver=myresolver"

I don't know if this is the ideal configuration, but it does seem to work. I guess it's time to try a "real" Let's Encrypt certificate (instead of the staging one). :crossed_fingers: