Labels not being picked up in the docker compose

Traefik Traefik v2
,
1

Hi All,

Has anyone come across the follow. This setup has been running for well over a year so not I sure what changed.

I created a mediainfo docker as part of my debug and what I found is the rules, as shown inside of the docker-compose.yml, do not work inside of this YAML. In fact I can not access the Traefik dashboard either at traefik.DASHBOARD.XXX. Local access to the Traefik dashboard at 8080 works fine.

  traefik:
    image: traefik:2.11.33
    container_name: traefik
    networks:
      rev_proxy:
      local_net:
    security_opt:
      - no-new-privileges:true
    secrets:
      - basic_auth_credentials
      - cf_dns_api_token
    environment:
      DOCKER_HOST: dockersocket
      TZ: $TZ
    volumes:
      - $DOCKERDIR/appdata/traefik/acme/acme.json:/acme.json
      - $DOCKERDIR/appdata/traefik/rules:/rules
      - $DOCKERDIR/appdata/traefik/logs:/logs
      - $DOCKERDIR/appdata/traefik/:/etc/traefik
    ports:
      - 80:80
      - 443:443
    # - 853:853
      - 8080:8080 # Dashboard port
    restart: unless-stopped
    depends_on:
      - dockersocket
    labels:
      traefik.enable: true
      traefik.http.routers.traefik-rtr.entryPoints: websecure
      traefik.http.routers.traefik-rtr.rule: Host(`traefik.$DOMAINNAME`)
      traefik.http.routers.traefik-rtr.service: api@internal
      traefik.http.routers.traefik-rtr.middlewares: chain-oauth@file

  # -------------------------------------------------------------------------
  mediainfo:
    image: jlesage/mediainfo
    container_name: mediainfo
    networks:
      rev_proxy:
      local_net:
    ports:
      - "5800:5800"
    volumes:
      - "$DOCKERDIR/services/mediainfo/config:/config:rw"
      - "$DOCKERDIR/services/mediainfo/storage:/storage:ro"
    restart: unless-stopped
    labels:
      traefik.enable: true
      traefik.http.routers.mediainfo-rtr.tls: true
      traefik.http.routers.mediainfo-rtr.entryPoints: websecure
      traefik.http.routers.mediainfo-rtr.rule: Host(`mediainfo.$DOMAINNAME`)
      traefik.http.routers.mediainfo-rtr.middlewares: chain-oauth@file
      traefik.http.routers.mediainfo-rtr.service: mediainfo-svc
      traefik.http.services.mediainfo-svc.loadbalancer.server.port: 5800

BUT, if I comment out the labels in the docker-compose.yml and create a file called app-mediainfo-auth.yml with the following rules (below) and put in the Traefik rules folders then I can access mediainfo.DOMAINNAME.XXX. In the past this all worked (both ways).

http:
  routers:
    mediainfo-rtr:
      service: mediainfo-svc
      rule: "Host(`mediainfo.DOMAINNAME.XXX`)"
      entryPoints:
        - websecure
      middlewares:
        - chain-oauth
      tls:
        certResolver: cloudflare
  services:
    mediainfo-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.1.11:5800"

I have rolled back Traefik to 2.11.25 (which is well before this issue) and that did not fix things. I had updated my machine and did a reboot so maybe docker got rebuilt but not sure how that impacts just Traefik labels. I have spent a number of hours to get to this point but I am a bit at a loss on what to look at next.

2

Share your Traefik static config (entrypoints, providers).

Note that dynamic config in file has certResolver, the config in labels does not.

3

Duh, sorry….I was at this for a quite some time all day and totally forgot the traefik.yml. Thanks for the reply.

global:
  checkNewVersion: true
  sendAnonymousUsage: false

serversTransport:
  insecureSkipVerify: true
 
entryPoints:
  web:
    address: :80
    forwardedHeaders:
      trustedIPs: &trustedIps
        - 173.245.48.0/20
        - 103.21.244.0/22
        - 103.22.200.0/22
        - 103.31.4.0/22
        - 141.101.64.0/18
        - 108.162.192.0/18
        - 190.93.240.0/20
        - 188.114.96.0/20
        - 197.234.240.0/22
        - 198.41.128.0/17
        - 162.158.0.0/15
        - 104.16.0.0/12
        - 172.64.0.0/13
        - 131.0.72.0/22
        - 2400:cb00::/32
        - 2606:4700::/32
        - 2803:f800::/32
        - 2405:b500::/32
        - 2405:8100::/32
        - 2a06:98c0::/29
        - 2c0f:f248::/32
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: :443
    forwardedHeaders:
      trustedIPs: *trustedIps
    http:
      tls:
        certResolver: cloudflare
        domains:
          - main: DOMAINNAME.XXX
            sans:
              - '*.DOMAINNAME.XXX'
 
providers:
  providersThrottleDuration: 10s
  
  docker:
    watch: true
    endpoint: "tcp://dockersocket:2375"
    exposedByDefault: false
    network: rev_proxy
 
  file:
    directory: /rules
    watch: true

api:
  dashboard: true
  insecure: true
  debug: true

# Traefik Log Level INFO|DEBUG|ERROR|FATAL|PANIC|WARN
log:
  level: DEBUG
  filePath: "/logs/traefik.log"

accessLog:
  filePath: "/logs/access.log"
  bufferingSize: 100

certificatesResolvers:
  cloudflare:
    acme:
      email: <REMOVED>
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
4

Did you check your debug log?

Docker recently changed its API version requirement and the whole eco-system fell apart. Make sure to use the latest Traefik and Docker socket proxy images.