Middleware from file provider does not seem to apply

Hey guys,
first time working with traefik so maybe I didn't get something stupid right, but I tried it with googleing and first put everything in the static configuration and everything in .toml, it didn't work so I rewrote everything to yaml and docker-compose, but I still have problems.

Following is the issue:
Traefik is working partly, I can access my Bitwarden container, and now even my traefik dashboard without issue (the https-redirect doesn't work, but thats a minor issue). But my nextcloud is not accessible (traefik serves the 404 page on the http and https port) (the router, service is configured in the dynamic configuration as a file provider). I don't know what the issue is exactly, according to the log it does not find the middlewares in the file provider, so I guessed maybe there might be the issue, but I can't find the solution.

Here is part of the log:

time="2021-11-05T15:10:21+01:00" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2021-11-05T15:10:21+01:00" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2021-11-05T15:10:21+01:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery
time="2021-11-05T15:10:21+01:00" level=error msg="the service \"foo@file\" does not exist" routerName=whoami-redirect@docker entryPointName=web
time="2021-11-05T15:10:21+01:00" level=debug msg="Added outgoing tracing middleware acme-http@internal" routerName=acme-http@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
time="2021-11-05T15:10:21+01:00" level=error msg="the service \"foo@file\" does not exist" entryPointName=web routerName=api-redirect@docker
time="2021-11-05T15:10:21+01:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
time="2021-11-05T15:10:21+01:00" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder entryPointName=websecure routerName=api@docker middlewareName=tracing
time="2021-11-05T15:10:21+01:00" level=error msg="middleware \"auth@file\" does not exist" entryPointName=websecure routerName=api@docker

Additionally, but no biggie, the tls challenge doesn't work for me, if someone knows a special tweak you need to make I'd be glad, but I have no issue sticking with http-challenge.

Here the docker-compose.yml (is in /srv/traefik):

version: "3.7"

services:

  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    restart: unless-stopped
    command:
      - "--log.level=DEBUG"
      - "--log.filePath=/var/log/traefik.log"
      - "--api.insecure=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.watch=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.file.directory=/etc/traefik"
      - "--providers.file.watch=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.letsencrypt.acme.email=heresmyemail"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
    expose:
      - "8080"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /srv/traefik/log:/var/log
      - /srv/traefik/etc:/etc/traefik
      - /srv/traefik/letsencrypt:/letsencrypt
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api-redirect.entrypoints=web"
      - "traefik.http.routers.api-redirect.rule=Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.api-redirect.middlewares=https-redirect@file,auth@file"
      - "traefik.http.routers.api-redirect.service=foo@file"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.api.rule=Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.api.middlewares=secHeaders@file,auth@file"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.tls=true"
      - "traefik.http.routers.api.tls.certresolver=letsencrypt"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami-redirect.entrypoints=web"
      - "traefik.http.routers.whoami-redirect.rule=Host(`rp.mydomain.tld`) && PathPrefix(`/whoami`)"
      - "traefik.http.routers.whoami-redirect.middlewares=https-redirect@file"
      - "traefik.http.routers.whoami-redirect.service=foo@file"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.rule=Host(`rp.mydomain.tld`) && PathPrefix(`/whoami`)"
      - "traefik.http.routers.whoami.middlewares=secHeaders@file"
      - "traefik.http.routers.whoami.tls=true"
      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"

  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    environment:
      - ADMIN_TOKEN=mytoken
    #  - WEBSOCKET_ENABLED=true  # Enable WebSocket notifications.
    volumes:
      - /srv/vaultwarden/data/:/data/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.vaultwarden-redirect.entrypoints=web"
      - "traefik.http.routers.vaultwarden-redirect.rule=Host(`vault.mydomain.tld`)"
      - "traefik.http.routers.vaultwarden-redirect.middlewares=https-redirect@file"
      - "traefik.http.routers.vaultwarden-redirect.service=foo@file"
      - "traefik.http.routers.vaultwarden.entrypoints=websecure"
      - "traefik.http.routers.vaultwarden.rule=Host(`vault.mydomain.tld`)"
      - "traefik.http.routers.vaultwarden.middlewares=secHeaders@file"
      - "traefik.http.routers.vaultwarden.service=vaultwarden"
      - "traefik.http.routers.vaultwarden.tls=true"
      - "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
    networks:
      - proxy
    expose:
      - "80"
networks:
  proxy:
    external: true

And here is my traefik_dynamic.yml (is under /srv/traefik/etc/traefik_dynamic.yml):

tls:
  options:
    normal:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
       - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
http:
  routers:
   #api-redirect:
     #entryPoints:
     #   - "web"
     # rule: Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
     # middlewares:
     #   - https-redirect
     # service: foo
   #api:
   #  entryPoints:
   #     - "websecure"
   #   rule: Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
   #   middlewares:
   #     - auth
   #   service: api@internal
    cloud-redirect:
      entryPoints:
        - "web"
      rule: Host(`cloud.mydomain.tld`)
      middlewares:
        - https-redirect
      service: foo
    cloud:
      entryPoints:
        - "websecure"
      rule: Host(`cloud.mydomain.tld`)
      middlewares:
        - nextcloud-redirectregex
      service: cloud
      tls:
        certResolver: letsencrypt
        options: normal
  middlewares:
    auth:
      basicAuth:
        users:
          - "contadmin:encryptedpw"
    nextcloud-redirectregex:
      redirectRegex:
        permanent: true
        regex: "^https://(.*)/.well-known/(card|cal)dav"
        replacement: "https://${1}/remote.php/dav/"
    https-redirect:
      redirectScheme:
        scheme: https
        port: 443
        permanent: true
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
  services:
    cloud:
      loadBalancer:
        healthCheck:
          path: /index.php
          interval: "30s"
          timeout: "5s"
        servers:
          - url: "http://10.101.1.11/"
    foo:
      loadBalancer:
         servers:
           - url: "http://0.0.0.0/"

Thanks for any feedback, help or suggestions

Hello @thenfischer

Thanks for sharing the configuration.

Can you please have a look at the beginning of the log file while Traefik is starting? If something is incorrect with the configurations defined in the file provider there should be log files explaining why those files were not correctly loaded.

I would also recommend starting with the minimal configuration and then adding more features. It will simplify the debugging process.

Thank you,

Hello @thenfischer

We have reviewed the issue you were facing and seems the root cause of the issue is the indentation in CipherSuites.

After adding that tiny fix the middleware from the file were correctly applied.

I hope that helps,

Hi,
thanks very much for your answer.
Even after I fixed the issue:

in the dynamic configuration the issue still persists.

If I comment out the middlewares, it seems to work in part, or at least it does not give me the 404 anymore.
Because you suggested looking at the start of the traefik log, I think I found the issue, but I don't know how to fix it. I think the file provider does not get loaded at all, and that's why nothing works, those are the important lines:

[...]
time="2021-11-10T19:15:08+01:00" level=error msg="Cannot start the provider *file.Provider: /dynamic_config/traefik_dynamic.yml: yaml: line 23: did not find expected key"
[...]
time="2021-11-10T19:15:08+01:00" level=error msg="the service \"no-where@file\" does not exist" entryPointName=web routerName=dashboard@docker
[...]
time="2021-11-10T19:15:08+01:00" level=error msg="middleware \"auth@file\" does not exist" routerName=dashboard-secure@docker entryPointName=websecure
[...]

This mentions line 23 in dynamic_config which would be (located in section http.routers.cloud-redirect):

[...]
      service: no-where
[...]

The whole log from traefik start:

time="2021-11-10T19:15:08+01:00" level=info msg="Traefik version 2.5.3 built on 2021-09-20T15:43:56Z"
time="2021-11-10T19:15:08+01:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"},\"file\":{\"directory\":\"/dynamic_config\",\"watch\":true}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/var/log/traefik.log\",\"format\":\"common\"},\"certificatesResolvers\":{\"letsencrypt\":{\"acme\":{\"email\":\"hereIsMyEmail:-)\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"}}}},\"pilot\":{\"dashboard\":true}}"
time="2021-11-10T19:15:08+01:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2021-11-10T19:15:08+01:00" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2021-11-10T19:15:08+01:00" level=debug msg="Start TCP Server" entryPointName=web
time="2021-11-10T19:15:08+01:00" level=info msg="Starting provider *file.Provider {\"directory\":\"/dynamic_config\",\"watch\":true}"
time="2021-11-10T19:15:08+01:00" level=debug msg="Start TCP Server" entryPointName=traefik
time="2021-11-10T19:15:08+01:00" level=debug msg="Start TCP Server" entryPointName=websecure
time="2021-11-10T19:15:08+01:00" level=error msg="Cannot start the provider *file.Provider: /dynamic_config/traefik_dynamic.yml: yaml: line 23: did not find expected key"
time="2021-11-10T19:15:08+01:00" level=info msg="Starting provider *traefik.Provider {}"
time="2021-11-10T19:15:08+01:00" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2021-11-10T19:15:08+01:00" level=info msg="Starting provider *acme.ChallengeTLSALPN {\"Timeout\":4000000000}"
time="2021-11-10T19:15:08+01:00" level=info msg="Starting provider *acme.Provider {\"email\":\"HeresMyEmail:-)\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"},\"ResolverName\":\"letsencrypt\",\"store\":{},\"TLSChallengeProvider\":{\"Timeout\":4000000000},\"HTTPChallengeProvider\":{}}"
time="2021-11-10T19:15:08+01:00" level=info msg="Testing certificate renew..." providerName=letsencrypt.acme
time="2021-11-10T19:15:08+01:00" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"acme-http\":{\"entryPoints\":[\"web\"],\"service\":\"acme-http@internal\",\"rule\":\"PathPrefix(`/.well-known/acme-challenge/`)\",\"priority\":2147483647},\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"acme-http\":{},\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"tls\":{}}" providerName=internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Configuration received from provider letsencrypt.acme: {\"http\":{},\"tls\":{}}" providerName=letsencrypt.acme
time="2021-11-10T19:15:08+01:00" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2021-11-10T19:15:08+01:00" level=debug msg="Provider connection established with docker 20.10.10 (API 1.41)" providerName=docker
time="2021-11-10T19:15:08+01:00" level=debug msg="Filtering unhealthy or starting container" providerName=docker container=vaultwarden-traefik-cc4bdca332190d84261ce120dcf6926efbdaecf5b706da239b236cd45056529a
time="2021-11-10T19:15:08+01:00" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"dashboard\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"https-redirect@file\"],\"service\":\"no-where@file\",\"rule\":\"Host(`rp.mydomain.tld`) \\u0026\\u0026 (PathPrefix(`/api`) || PathPrefix(`/dashboard`))\"},\"dashboard-secure\":{\"entryPoints\":[\"websecure\"],\"middlewares\":[\"secHeaders@file\",\"auth@file\"],\"service\":\"api@internal\",\"rule\":\"Host(`rp.mydomain.tld`) \\u0026\\u0026 (PathPrefix(`/api`) || PathPrefix(`/dashboard`))\",\"tls\":{\"certResolver\":\"letsencrypt\"}}},\"services\":{\"traefik-traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.23.0.3:80\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal entryPointName=traefik
time="2021-11-10T19:15:08+01:00" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal entryPointName=traefik
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware acme-http@internal" routerName=acme-http@internal entryPointName=web middlewareType=TracingForwarder middlewareName=tracing
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
time="2021-11-10T19:15:08+01:00" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding certificate for domain(s) rp.ipoac.ch"
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding certificate for domain(s) vault.ipoac.ch"
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal middlewareName=tracing
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" middlewareType=StripPrefix middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
time="2021-11-10T19:15:08+01:00" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware acme-http@internal" entryPointName=web routerName=acme-http@internal middlewareName=tracing middlewareType=TracingForwarder
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" entryPointName=web middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2021-11-10T19:15:08+01:00" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding certificate for domain(s) rp.mydomain.tld"
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding certificate for domain(s) vault.mydomain.tld"
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware acme-http@internal" entryPointName=web routerName=acme-http@internal middlewareName=tracing middlewareType=TracingForwarder
time="2021-11-10T19:15:08+01:00" level=error msg="the service \"no-where@file\" does not exist" entryPointName=web routerName=dashboard@docker
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareName=tracing entryPointName=traefik routerName=dashboard@internal middlewareType=TracingForwarder
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareType=StripPrefix middlewareName=dashboard_stripprefix@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2021-11-10T19:15:08+01:00" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-11-10T19:15:08+01:00" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder routerName=dashboard-secure@docker entryPointName=websecure
time="2021-11-10T19:15:08+01:00" level=error msg="middleware \"auth@file\" does not exist" routerName=dashboard-secure@docker entryPointName=websecure
time="2021-11-10T19:15:08+01:00" level=debug msg="Creating middleware" entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-11-10T19:15:08+01:00" level=debug msg="Adding route for rp.ipoac.ch with TLS options default" entryPointName=websecure
time="2021-11-10T19:15:08+01:00" level=debug msg="Try to challenge certificate for domain [rp.mydomain.tld] found in HostSNI rule" providerName=letsencrypt.acme routerName=dashboard-secure@docker rule="Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
time="2021-11-10T19:15:08+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"rp.mydomain.tld\"]..." providerName=letsencrypt.acme routerName=dashboard-secure@docker rule="Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
time="2021-11-10T19:15:08+01:00" level=debug msg="No ACME certificate generation required for domains [\"rp.ipoac.ch\"]." providerName=letsencrypt.acme routerName=dashboard-secure@docker rule="Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"

Here is the whole config:

tls:
  options:
    normal:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
http:
  routers:
   cloud-redirect:
      entryPoints:
        - "web"
      rule: Host(`cloud.mydomain.tld`)
      middlewares:
        - https-redirect
      service: no-where
    cloud:
      entryPoints:
        - "websecure"
      rule: Host(`cloud.mydomain.tld`)
      middlewares:
        - nextcloud-redirectregex
      service: cloud
      tls:
        certResolver: letsencrypt
        #options: normal
  middlewares:
    auth:
      basicAuth:
        users:
          - "contadmin:encryptedPW"
    nextcloud-redirectregex:
      redirectRegex:
        permanent: true
        regex: "^https://(.*)/.well-known/(card|cal)dav"
        replacement: "https://${1}/remote.php/dav/"
    https-redirect:
      redirectScheme:
        scheme: https
        permanent: true
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
  services:
    cloud:
      loadBalancer:
        healthCheck:
          path: /index.php
          interval: "30s"
          timeout: "5s"
        servers:
          - url: "http://10.101.1.11/"
    no-where:
      loadBalancer:
         servers:
           - url: "http://0.0.0.0/"

Small note:
I changed some things in my config, but did not help. For example changing service foo to no-where (thought might be reserved)

Thanks for your time

Ps: sorry for all the edits, not used to this syntax

Can you please fix the indentation for the router cloud and cloud-redirect?

Referring to your initial post I would also double-check the volume mapping in docker-compose.

1 Like

I am so sorry, I just saw that as well. :roll_eyes:
Such a stupid mistake, but thank you for your patience and help.
Everything works fine now :+1:

No worries, glad to hear to it works fine now :wink:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.