Issue with basic auth middleware

Traefik Traefik v3 (latest)
1

Need some help with this issue. Recently rebuilt my docker instance and cannot seem to get the basic auth middleware http router working (getting 404 error when going to HTTPS traefik URL). Seeing the following errors in the logs. I have reviewed my docker compose and treafik.yaml file and cannot find anything wrong. Any assistance would be appreciated.

2025-08-01T18:22:31-07:00 ERR github.com/traefik/traefik/v3/pkg/server/router/router.go:155 > error="middleware "traefik-https-redirect@docker" does not exist" entryPointName=web routerName=traefiknas@docker

2025-08-01T18:22:31-07:00 ERR github.com/traefik/traefik/v3/pkg/server/router/router.go:155 > error="middleware "traefik-auth@docker" does not exist" entryPointName=websecure routerName=traefiknas-secure@docker

---
services:
  traefik:
    image: docker.io/library/traefik:latest
    container_name: traefik
    security_opt:
      - no-new-privileges:true
    ports:
      - 80:80
      - 443:443
      # --> (Optional) Enable Dashboard, don't do in production
      - 8080:8080
      # <--
    volumes:
      - /run/docker.sock:/run/docker.sock:ro
      - ./config/:/etc/traefik/:ro
      - ./certs/:/var/traefik/certs/:rw
    labels:
      - traefik.enable=true
    # Routers
      - traefik.http.routers.traefiknas.entrypoints=web
      - traefik.http.routers.traefiknas.rule=Host(`traefiknas-dashboard.xxxxxx.com`)
      - traefik.http.routers.traefiknas.middlewares=traefik-https-redirect
      - traefik.http.routers.traefiknas-secure.entrypoints=websecure
      - traefik.http.routers.traefiknas-secure.rule=Host(`traefiknas-dashboard.xxxxxx.com`)
      - traefik.http.routers.traefiknas-secure.middlewares=traefik-auth
      - traefik.http.routers.traefiknas-secure.tls=true
      - traefik.http.routers.traefiknas-secure.tls.certresolver=cloudflare
      - traefik.http.routers.traefiknas-secure.tls.domains[0].main=xxxxxx.com
      - traefik.http.routers.traefiknas-secure.tls.domains[0].sans=*.xxxxxx.com
      - traefik.http.routers.traefiknas-secure.service=api@internal
    # Middleware
      - traefik.http.middlewares.traefiknas-auth.basicauth.users=${APP_USER}:${APP_PASSWORD}
      - traefik.http.middlewares.traefiknas-https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https

    environment:
      - TRAEFIK_DASHBOARD_CREDENTIALS=${TRAEFIK_DASHBOARD_CREDENTIALS}
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
      - TZ=America/Los_Angeles
    networks:
      - frontend
    restart: unless-stopped

networks:
  frontend:
    external: true

traefik.yaml configuration:

---
global:
  checkNewVersion: false
  sendAnonymousUsage: false

# --> (Optional) Change log level and format here ...
#     - level: [TRACE, DEBUG, INFO, WARN, ERROR, FATAL]
log:
 level: DEBUG
# <--

# --> (Optional) Enable accesslog here ...
accesslog: {}
# <--

# --> (Optional) Enable API and Dashboard here, don't do in production
api:
  dashboard: true
  insecure: true
# <--

# -- Change EntryPoints here...
entryPoints:
  web:
    address: :80
    http:
       redirections:
         entryPoint:
           to: websecure
           scheme: https
  websecure:
    address: :443

serversTransport:
  insecureSkipVerify: true
certificatesResolvers:
  cloudflare:
    acme:
      email: admin@xxxxxx.com  # <-- Change this to your email
      storage: /var/traefik/certs/cloudflare-acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

# --> (Optional) Disable TLS Cert verification check
# serversTransport:
#   insecureSkipVerify: true
# <--

providers:
  docker:
    exposedByDefault: false  # <-- (Optional) Change this to true if you want to expose all services
    # Specify discovery network - This ensures correct name resolving and possible issues with containers, >
    # E.g. Database container in a separate network and a container in the frontend and database network.
    network: frontend
  file:
    directory: /etc/traefik
    watch: true
2

The names of objects you reference need to exist, it seems you changed only one:

      - traefik.http.routers.traefiknas-secure.rule=Host(`traefiknas-dashboard.xxxxxx.com`)
      - traefik.http.routers.traefiknas-secure.middlewares=traefik-auth
                                                           ^

      - traefik.http.middlewares.traefiknas-auth.basicauth.users=${APP_USER}:${APP_PASSWORD}
                                 ^

Check simple Traefik example, like how to do to-https redirect globally.

1 Like
3

You were spot on. This resolved my issue!

Much appreciated!

4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.