Middleware does not exist (but it is defined)

Traefik Traefik v2
1

I get this error in the logs:

time="2023-07-17T08:12:53+01:00" level=error msg="middleware \"compress-with-gzip@docker\" does not exist" entryPointName=websecure routerName=portainer@docker
time="2023-07-17T08:12:53+01:00" level=error msg="middleware \"compress-with-gzip@docker\" does not exist" entryPointName=websecure routerName=gitea@docker

It doesn't know what is the compress-with-gzip middleware. But it recognises the secure-headers middleware.

My traefik docker-compose.yml:

services:
  traefik:
    # ...
    command:
      - --entrypoints.websecure.http.middlewares=secure-headers@file,compress-with-gzip@docker
      # ...
    labels:
      traefik.http.middlewares.compress-with-gzip.compress: true
      # ...
2

Please post your full configs

3

docker-compose.yml

volumes:
  traefik:

services:
  traefik:
    image: traefik:v2.10.1
    container_name: traefik
    restart: unless-stopped
    security_opt: [ 'no-new-privileges:true' ]
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./dynamic-config/:/etc/traefik/dynamic-config/:ro
      - traefik:/data/
    ports:
      - 80:80
      - 443:443
    healthcheck:
      start_period: 10s
      interval: 30s
      timeout: 10s
      retries: 3
      test: traefik healthcheck --ping
    environment:
      - LEGO_DISABLE_CNAME_SUPPORT=true
    command:
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --providers.docker.watch=true
      - --providers.file.directory=/etc/traefik/dynamic-config/
      - --providers.file.watch=true
     #- --certificatesresolvers.myresolver ...
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.options=default
      - --entrypoints.websecure.http.middlewares=secure-headers@file,compress-with-gzip@docker
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --entrypoints.websecure.http.tls.certResolver=myresolver
      - --entrypoints.websecure.http.tls.domains[0].main=${DOMAIN}
      - --entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}
      - --api=true
      - --ping=true
    labels:
      traefik.enable: true
      traefik.http.middlewares.redirect-naked-to-www.redirectregex.regex: ^https?://(?:www\\.)?(.+)
      traefik.http.middlewares.redirect-naked-to-www.redirectregex.replacement: https://www.$${1}
      traefik.http.middlewares.redirect-naked-to-www.redirectregex.permanent: true
      traefik.http.middlewares.compress-with-gzip.compress: true

./dynamic-config/security.yml

tls:
  options:
    default:
      sniStrict: true
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
http:
  middlewares:
    secure-headers:
      headers:
        customFrameOptionsValue: DENY
        contentTypeNosniff:      true
        referrerPolicy:          strict-origin-when-cross-origin
        stsSeconds:              0
4

I enabled debug logging and now I get this:

time="2023-07-17T12:08:57+01:00" level=debug msg="mime: no media type" middlewareName=compress-with-gzip@docker middlewareType=Compress

Related?

5

Hm, it seems "-" in name is okay (doc):

# As a Docker Label
whoami:
  #  A container that exposes an API to show its IP address
  image: traefik/whoami
  labels:
    # Create a middleware named `foo-add-prefix`
    - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
    # Apply the middleware named `foo-add-prefix` to the router named `router1`
    - "traefik.http.routers.router1.middlewares=foo-add-prefix@docker"
6

It seems to be possible to assign to a static entrypoint a dynamic middleware (doc):

entryPoints:
  websecure:
    address: ':443'
    http:
      middlewares:
        - auth@file
        - strip@file
7

I also wondered about the hyphen, but it seems ok as it works in the secure-headers and redirect-naked-to-www middlewares.

I assume the issue is something really simple, and stupid, and I just can't see it! :slight_smile:

The first logs (above) complain about unknown middleware, but when I enable debug logging, the second logs (above) complain about MIME types. That's weird because:

  • there's a connection between mime type and compression
  • it doesn't show the info AND debug logs, only the debug logs (I expected it would show both)

...so maybe the core issue is MIME types.

Should I post this as a repo issue? They get upset if it's invalid. But this one is really weird! :thinking:

8

I posted an issue.

9

Answered by @Idez on repo!

Solution:

Change docker-compose.yml:

command:
  - --entrypoints.websecure.http.middlewares=secure-headers@file,compress-with-gzip@docker
labels:
  traefik.http.middlewares.compress-with-gzip.compress: true

To:

command:
  - --entrypoints.websecure.http.middlewares=secure-headers@file,compress-with-gzip@file   # @file
labels:
  # ...

And add another dynamic config file ./dynamic-config/compress.yml:

http:
  middlewares:
    compress-with-gzip:
      compress: {}

Thanks @Idez! This was one complicated issue.

2 Likes
10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.