Maybe File Provider Issues

Traefik Traefik v3 (latest)
,
1

Hello Everyone,

I seem to be having some issues with getting my traefik instance and proxmox to work correctly.
I have this setup up on docker on a pi5. All The docker end works without a hitch.

It's going down the dynamic file config that I have the issue.. I followed Techno Tims Video to a T and its working just fine but when I get to the file part is the issue. traefik shows tls for that service but when but then i go to that dns name it just says nope.

I can provide the config.yml if need be.

2

Do you see error message

in browser or Traefik logs?

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

Enable and check Traefik debug log and Traefik access log in JSON format.

Also check browser developer tools network tab.

3

Docker logs say nothing, I'll take a look at this when im home from work today.

4
  • traefik.yml
api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: admin@jersh.tech  #add your email
      storage: acme.json
      caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
  • config.yml
http:
#region routers
  routers:
    proxmox:
      entryPoints:
        - "https"
      rule: "Host(`proxmox.int.example.tech`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: proxmox

#endregion
#region services
  services:
    proxmox:
      loadBalancer:
        servers:
          - url: "https://10.42.xx.xxx:8006"
        passHostHeader: true
#endregion
  middlewares:
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true
    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    default-whitelist:
      ipAllowList:
        sourceRange:
        - "10.42.0.0/16"


    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers
  • compose.yml
---
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    hostname: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
      - backend
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
      - TRAEFIK_DASHBOARD_CREDENTIALS=${TRAEFIK_DASHBOARD_CREDENTIALS}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /opt/docker/traefik/data/traefik.yml:/traefik.yml:ro
      - /opt/docker/traefik/data/acme.json:/acme.json
      - /opt/docker/traefik/data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http,https"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.int.example.tech`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.int.example.tech`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=int.example.tech"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.int.example.tech"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true
  backend:
    external: true

Sorry for the late respon but as promised here is what I have atm

5

Check that your domain resolves correctly to the IP. Then requests should show up in Traefik log and access log.

Note that your Proxmox router has no certResolver assigned.

Overall your config doesn’t look very clean. Using multiple entrypoints for a router with redirect seems strange. Forward headers are set automatically, so not required.

You can simplify some config by placing it centrally on entrypoint, like certResolver and http-to-https redirect, see simple Traefik example.