Issues with accessing traefik proxy via URL

Traefik Traefik v2 (latest)
1

Sorry in advance - I'm pretty new to this!

I'm using traefik (on Docker + Ubuntu Server) as a reverse proxy for my home server - following along with this amazing guide).

I've successfully built a traefik container in Docker - and can access the dashboard via LAN IP:8080/dashboard/ (when authentication is off, i.e. --api.insecure=true).

Unfortunately I've been unable to access the traefik dashboard via traefik.example.com/dashboard/

I've followed the domain-relevant steps closely, including:

  • Setting up DNS records with Cloudflare ('A' Type to point example.com -> WAN IP; 'CNAME' Type for *.example.com)
  • Port forwarding of 80 and 443 on my router

I'm not sure if this is an issue with how I've configured traefik, or something else... possibly domain/router settings.

Thanks in advance for your help!

See my docker-compose.yml file below. Please note that $DOMAINNAME and other variables are correctly inputting - I have confirmed in the logs.

version: "3.7"

### NETWORKS
networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

### SERVICES
services:
# Traefik 2 - Reverse Proxy
  traefik:
    container_name: traefik
    image: traefik:2.2.1
    restart: unless-stopped
    command:
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,1> # Cloudflare IPs: https://www.cloudflare.com/ips/
      - --entryPoints.traefik.address=:8080
      - --api=true
#      - --api.insecure=true
#      - --serversTransport.insecureSkipVerify=true
      - --log=true
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock     
 - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=t2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
#      - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
      - --providers.file.watch=true
      - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - for testing
      - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
    networks:
      - t2_proxy
    security_opt:
      - no-new-privileges:true
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
    volumes:
      - $DOCKERDIR/traefik2/rules:/rules
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $DOCKERDIR/traefik2/acme/acme.json:/acme.json
      - $DOCKERDIR/traefik2/traefik.log:/traefik.log
      - $DOCKERDIR/shared:/shared
    environment:
      - CF_API_EMAIL=$CLOUDFLARE_EMAIL
      - CF_API_KEY=$CLOUDFLARE_API_KEY
    labels:
      - "traefik.enable=true"
      # HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
      - "traefik.http.routers.traefik-rtr.tls=true"
      - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
      - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
      - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
#      - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$SECONDDOMAINNAME" # Pulls main cert for second domain
#      - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$SECONDDOMAINNAME" # Pulls wildcard cert for second domain
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      ## Middlewares
      - "traefik.http.routers.traefik-rtr.middlewares=middlewares-basic-auth@file"
2

Hey @MaesterDaemon

Thanks for using Traefik.

My suggestion is to always start with basic examples and then adding more advanced features step by step in order to understand what can be impacted by setting the specific parameter.
If you are struggling with having access to Traefik Dashboard I would start with the following example

Then I would add more advanced features that you already use in your compose file.

Additionally, please note that the latest Traefik version is 2.5.3 and I highly recommend you to use the latest version. In your stack, you use 2.2.1that is quite out of date.

Thanks, Jakub

3

Hi Jakub, thanks so much for the reply.

I've just figured out that the issue was not with the traefik configuration - but that the WAN IP in my DNS records was wrong (a carrier-grade NAT was to blame :weary:).

On your point about the traefik version - I've used 2.2.1 as I was following the guide and didn't want to do differently in case it didn't work and I wouldn't know why :joy:

Would you anticipate any issues with me using 2.5.3 instead? And if not - would simply changing the image version number be how to do it?

Thanks!

4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.