I discovered that traefik adds a router for the acme challenge, but my redirection was taking precedence. So I adjusted the priority to "1" and this seems to have fixed it!
Here's my full docker-compose file:
version: '3.8'
services:
traefik:
image: traefik:latest
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik_etc:/etc/traefik
- /letsencrypt/acme.json:/letsencrypt/acme.json
healthcheck:
test: ['CMD', 'traefik', 'healthcheck', '--ping']
command:
- '--api.insecure=true'
- '--providers.docker.swarmMode=true'
- '--entrypoints.web.address=:80'
- '--entrypoints.websecure.address=:443'
- '--certificatesresolvers.letsencrypt.acme.email=email@example.com'
- '--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json'
- '--certificatesresolvers.letsencrypt.acme.httpChallenge.entryPoint=web'
- '--ping'
networks:
- traefik-public
deploy:
replicas: 1
labels:
- 'traefik.docker.network=traefik-public'
- 'traefik.http.middlewares.traefik-redirectscheme.redirectscheme.permanent=true'
- 'traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=https'
- 'traefik.http.routers.traefik-secure.entrypoints=websecure'
- 'traefik.http.routers.traefik-secure.rule=Host(`traefik.example.com`)'
- 'traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt'
- 'traefik.http.routers.traefik.entrypoints=web'
- 'traefik.http.routers.traefik.middlewares=traefik-redirectscheme'
- 'traefik.http.routers.traefik.priority=1' # allow the "/.well-known/acme-challenge/" router to take precedence
- 'traefik.http.routers.traefik.rule=Host(`traefik.example.com`)'
- 'traefik.http.services.traefik-service.loadbalancer.server.port=8080'
volumes:
traefik_etc:
networks:
traefik-public:
external: true