I feel like hundreds of these topics exist and I've looked through them a hundred times, but I can't wrap my head around the problem. I get the following error:
middleware "chain-basic-auth@file" does not exist" entryPointName=https routerName=traefik-secure@docker
Debug logs
traefik | 2020-06-14T14:10:14.626528135Z time="2020-06-14T16:10:14+02:00" level=info msg="Configuration loaded from file: /traefik.yml"
traefik | 2020-06-14T14:10:14.626562725Z time="2020-06-14T16:10:14+02:00" level=info msg="Traefik version 2.2.1 built on 2020-04-29T18:02:09Z"
traefik | 2020-06-14T14:10:14.627307311Z time="2020-06-14T16:10:14+02:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000},\"file\":{\"directory\":\"/rules\",\"watch\":true}},\"api\":{\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"certificatesResolvers\":{\"dns\":{\"acme\":{\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"transip\"}}}}}"
traefik | 2020-06-14T14:10:14.627325401Z time="2020-06-14T16:10:14+02:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
traefik | 2020-06-14T14:10:14.628110127Z time="2020-06-14T16:10:14+02:00" level=info msg="Starting provider aggregator.ProviderAggregator {}"
traefik | 2020-06-14T14:10:14.628206328Z time="2020-06-14T16:10:14+02:00" level=debug msg="Start TCP Server" entryPointName=http
traefik | 2020-06-14T14:10:14.628273098Z time="2020-06-14T16:10:14+02:00" level=info msg="Starting provider *file.Provider {\"directory\":\"/rules\",\"watch\":true}"
traefik | 2020-06-14T14:10:14.628324589Z time="2020-06-14T16:10:14+02:00" level=debug msg="Start TCP Server" entryPointName=https
traefik | 2020-06-14T14:10:14.629475487Z time="2020-06-14T16:10:14+02:00" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}"
traefik | 2020-06-14T14:10:14.629554658Z time="2020-06-14T16:10:14+02:00" level=info msg="Starting provider *acme.Provider {\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"transip\"},\"ResolverName\":\"dns\",\"store\":{},\"ChallengeStore\":{}}"
traefik | 2020-06-14T14:10:14.629577018Z time="2020-06-14T16:10:14+02:00" level=info msg="Testing certificate renew..." providerName=dns.acme
traefik | 2020-06-14T14:10:14.629664069Z time="2020-06-14T16:10:14+02:00" level=info msg="Starting provider *traefik.Provider {}"
traefik | 2020-06-14T14:10:14.630531095Z time="2020-06-14T16:10:14+02:00" level=debug msg="Configuration received from provider file: {\"http\":{\"middlewares\":{\"basic-auth\":{},\"chain-basic-auth\":{\"chain\":{\"middlewares\":[\"rate-limit\",\"secure-headers\",\"basic-auth\"]}},\"chain-no-auth\":{\"chain\":{\"middlewares\":[\"rate-limit\",\"secure-headers\"]}},\"rate-limit\":{},\"secure-headers\":{\"headers\":{\"customResponseHeaders\":{\"X-Robots-Tag\":\"none,noarchive,nosnippet,notranslate,noimageindex,\"},\"accessControlAllowOriginList\":[\"https://domain.com\"],\"addVaryHeader\":true,\"allowedHosts\":[\"traefik.domain.com\"],\"hostsProxyHeaders\":[\"X-Forwarded-Host\"],\"sslRedirect\":true,\"sslHost\":\"traefik.domain.com\",\"sslProxyHeaders\":{\"X-Forwarded-Proto\":\"https\"},\"sslForceHost\":true,\"stsSeconds\":63072000,\"stsIncludeSubdomains\":true,\"stsPreload\":true,\"forceSTSHeader\":true,\"frameDeny\":true,\"contentTypeNosniff\":true,\"browserXssFilter\":true,\"referrerPolicy\":\"same-origin\",\"featurePolicy\":\"camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';\"}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
traefik | 2020-06-14T14:10:14.630565586Z time="2020-06-14T16:10:14+02:00" level=debug msg="Configuration received from provider dns.acme: {\"http\":{},\"tls\":{}}" providerName=dns.acme
traefik | 2020-06-14T14:10:14.630617866Z time="2020-06-14T16:10:14+02:00" level=debug msg="Configuration received from provider internal: {\"http\":{\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}}},\"tcp\":{},\"tls\":{}}" providerName=internal
traefik | 2020-06-14T14:10:14.631113540Z time="2020-06-14T16:10:14+02:00" level=debug msg="No default certificate, generating one"
traefik | 2020-06-14T14:10:14.639000899Z time="2020-06-14T16:10:14+02:00" level=debug msg="Provider connection established with docker 19.03.11 (API 1.40)" providerName=docker
traefik | 2020-06-14T14:10:14.641632679Z time="2020-06-14T16:10:14+02:00" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"traefik\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirect\"],\"service\":\"traefik-traefik\",\"rule\":\"HostRegexp(`{host:.+}`)\"},\"traefik-secure\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"chain-basic-auth@file\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.domain.com`)\",\"tls\":{\"certResolver\":\"dns\"}}},\"services\":{\"traefik-traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"https-redirect\":{\"redirectScheme\":{\"scheme\":\"https\"}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
traefik | 2020-06-14T14:10:14.762949877Z time="2020-06-14T16:10:14+02:00" level=debug msg="Adding certificate for domain(s) domain.com,*.domain.com"
traefik | 2020-06-14T14:10:14.762969927Z time="2020-06-14T16:10:14+02:00" level=debug msg="No default certificate, generating one"
traefik | 2020-06-14T14:10:14.895382459Z time="2020-06-14T16:10:14+02:00" level=debug msg="Adding certificate for domain(s) domain.com,*.domain.com"
traefik | 2020-06-14T14:10:14.895404819Z time="2020-06-14T16:10:14+02:00" level=debug msg="No default certificate, generating one"
traefik | 2020-06-14T14:10:15.166206067Z time="2020-06-14T16:10:15+02:00" level=debug msg="Adding certificate for domain(s) domain.com,*.domain.com"
traefik | 2020-06-14T14:10:15.166238897Z time="2020-06-14T16:10:15+02:00" level=debug msg="No default certificate, generating one"
traefik | 2020-06-14T14:10:15.225467681Z time="2020-06-14T16:10:15+02:00" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=http routerName=traefik@docker serviceName=traefik-traefik middlewareName=pipelining
traefik | 2020-06-14T14:10:15.225508701Z time="2020-06-14T16:10:15+02:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=traefik@docker serviceName=traefik-traefik
traefik | 2020-06-14T14:10:15.225514041Z time="2020-06-14T16:10:15+02:00" level=debug msg="Creating server 0 http://172.18.0.2:80" serviceName=traefik-traefik serverName=0 entryPointName=http routerName=traefik@docker
traefik | 2020-06-14T14:10:15.225517411Z time="2020-06-14T16:10:15+02:00" level=debug msg="Added outgoing tracing middleware traefik-traefik" middlewareType=TracingForwarder entryPointName=http routerName=traefik@docker middlewareName=tracing
traefik | 2020-06-14T14:10:15.225520551Z time="2020-06-14T16:10:15+02:00" level=debug msg="Creating middleware" middlewareName=https-redirect@docker middlewareType=RedirectScheme entryPointName=http routerName=traefik@docker
traefik | 2020-06-14T14:10:15.225523561Z time="2020-06-14T16:10:15+02:00" level=debug msg="Setting up redirection to https " middlewareName=https-redirect@docker middlewareType=RedirectScheme entryPointName=http routerName=traefik@docker
traefik | 2020-06-14T14:10:15.225527701Z time="2020-06-14T16:10:15+02:00" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=traefik@docker middlewareName=https-redirect@docker
traefik | 2020-06-14T14:10:15.228218031Z time="2020-06-14T16:10:15+02:00" level=debug msg="Creating middleware" entryPointName=http middlewareType=Recovery middlewareName=traefik-internal-recovery
traefik | 2020-06-14T14:10:15.228254512Z time="2020-06-14T16:10:15+02:00" level=debug msg="Creating Middleware (ResponseModifier)" middlewareName=chain-basic-auth@file middlewareType=Chain entryPointName=https routerName=traefik-secure@docker
traefik | 2020-06-14T14:10:15.228269332Z time="2020-06-14T16:10:15+02:00" level=debug msg="Creating Middleware (ResponseModifier)" middlewareName=secure-headers@file middlewareType=Headers entryPointName=https routerName=traefik-secure@docker
traefik | 2020-06-14T14:10:15.228277932Z time="2020-06-14T16:10:15+02:00" level=debug msg="Added outgoing tracing middleware api@internal" routerName=traefik-secure@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=https
traefik | 2020-06-14T14:10:15.228286442Z time="2020-06-14T16:10:15+02:00" level=debug msg="Creating middleware" entryPointName=https routerName=traefik-secure@docker middlewareName=chain-basic-auth@file middlewareType=Chain
traefik | 2020-06-14T14:10:15.228297942Z time="2020-06-14T16:10:15+02:00" level=error msg="invalid middleware \"basic-auth@file\" configuration: invalid middleware type or middleware does not exist" entryPointName=https routerName=traefik-secure@docker
traefik | 2020-06-14T14:10:15.228303042Z time="2020-06-14T16:10:15+02:00" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik | 2020-06-14T14:10:15.228566814Z time="2020-06-14T16:10:15+02:00" level=debug msg="Try to challenge certificate for domain [traefik.domain.com] found in HostSNI rule" providerName=dns.acme routerName=traefik-secure@docker rule="Host(`traefik.domain.com`)"
traefik | 2020-06-14T14:10:15.228615284Z time="2020-06-14T16:10:15+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"traefik.domain.com\"]..." providerName=dns.acme routerName=traefik-secure@docker rule="Host(`traefik.domain.com`)"
traefik | 2020-06-14T14:10:15.228687425Z time="2020-06-14T16:10:15+02:00" level=debug msg="No ACME certificate generation required for domains [\"traefik.domain.com\"]." providerName=dns.acme routerName=traefik-secure@docker rule="Host(`traefik.domain.com`)"
docker-compose.yml
version: '3'
services:
traefik:
container_name: traefik
image: traefik:chevrotin
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
# Static configuration
- ./data/traefik.yml:/traefik.yml:ro
# Dynamic configuration
- ./data/rules:/rules:ro
# Working files
- ./data/transip.key:/transip.key:ro
- ./data/acme.json:/acme.json
environment:
- DOMAINNAME=$DOMAINNAME
- TRANSIP_ACCOUNT_NAME=$TRANSIP_ACCOUNT_NAME
- TRANSIP_PRIVATE_KEY_PATH=$TRANSIP_PRIVATE_KEY_PATH
labels:
- "traefik.enable=true"
# HTTP router
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.traefik.middlewares=https-redirect"
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
# HTTPS router
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.$DOMAINNAME`)"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=dns"
# API service
- "traefik.http.routers.traefik-secure.service=api@internal"
# Middlewares
- "traefik.http.routers.traefik-secure.middlewares=chain-basic-auth@file"
networks:
proxy:
external:
name: proxy
default:
driver: bridge
/traefik.yml
api:
dashboard: true
global:
sendAnonymousUsage: false
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
swarmMode: false
file:
# Load dynamic configuration .yml files in this directory
directory: "/rules"
watch: true
certificatesResolvers:
dns:
acme:
dnsChallenge:
provider: transip
delayBeforeCheck: 0
log:
level: DEBUG
/rules/middlewares.yml
http:
middlewares:
# Middleware: Basic authentication
basic-auth:
basicauth:
users:
- '<removed>'
- '<removed>'
# Middleware: Traefik rate limit
rate-limit:
ratelimit:
- average: 100
- burst: 50
# Middleware: Traefik secure headers
secure-headers:
headers:
accesscontrolallowmethods:
- GET
- OPTIONS
- PUT
accessControlAllowOriginList:
- 'https://{{ env "DOMAINNAME" }}'
accesscontrolMaxAge: 100
addVaryHeader: true
allowedHosts:
- 'traefik.{{ env "DOMAINNAME" }}'
hostsProxyHeaders:
- X-Forwarded-Host
sslRedirect: true
sslHost: 'traefik.{{ env "DOMAINNAME" }}'
sslForceHost: true
sslProxyHeaders:
X-Forwarded-Proto: https
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
frameDeny: true
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: same-origin
featurePolicy: >-
camera 'none'; geolocation 'none'; microphone 'none'; payment 'none';
usb 'none'; vr 'none';
customResponseHeaders:
X-Robots-Tag: 'none,noarchive,nosnippet,notranslate,noimageindex,'
/rules/middleware-chains.yml
http:
middlewares:
chain-no-auth:
chain:
middlewares:
- "rate-limit"
- "secure-headers"
chain-basic-auth:
chain:
middlewares:
- "rate-limit"
- "secure-headers"
- "basic-auth"
Traefik version
Version: 2.2.1
Codename: chevrotin
Go version: go1.14.2
Built: 2020-04-29T18:02:09Z
OS/Arch: linux/amd64
From the way I understand it's a reference issue. But the static configuration is loaded through /traefik.yml from where I load the dynamic configuration files in /rules. So all the information is there for the link between the docker-compose label and the chain-basic-auth middleware to be made. But i'm sure I don't get it yet and it's probably something simple.
A small follow-up question: I prefer to get the configuration in seperate files as much as possible. This is the most structured to me. So is it possible to get all the labels in a configuration file as well? It is part of the static configuration? So should it be in /traefik.yml? How do I link this configuration to the traefik docker container?
http:
routers:
traefik:
entrypoints: http
rule: 'HostRegexp(`{host:.+}`)'
middlewares:
- https-redirect
traefik-secure:
entrypoints: https
rule: 'Host(`traefik.{{ env "DOMAINNAME" }}`)'
tls:
certresolver: dns
service: api@internal
middlewares:
- chain-basic-auth
middlewares:
https-redirect:
redirectscheme:
scheme: https
