Hey guys,
first time working with traefik so maybe I didn't get something stupid right, but I tried it with googleing and first put everything in the static configuration and everything in .toml, it didn't work so I rewrote everything to yaml and docker-compose, but I still have problems.
Following is the issue:
Traefik is working partly, I can access my Bitwarden container, and now even my traefik dashboard without issue (the https-redirect doesn't work, but thats a minor issue). But my nextcloud is not accessible (traefik serves the 404 page on the http and https port) (the router, service is configured in the dynamic configuration as a file provider). I don't know what the issue is exactly, according to the log it does not find the middlewares in the file provider, so I guessed maybe there might be the issue, but I can't find the solution.
Here is part of the log:
time="2021-11-05T15:10:21+01:00" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2021-11-05T15:10:21+01:00" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2021-11-05T15:10:21+01:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery
time="2021-11-05T15:10:21+01:00" level=error msg="the service \"foo@file\" does not exist" routerName=whoami-redirect@docker entryPointName=web
time="2021-11-05T15:10:21+01:00" level=debug msg="Added outgoing tracing middleware acme-http@internal" routerName=acme-http@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
time="2021-11-05T15:10:21+01:00" level=error msg="the service \"foo@file\" does not exist" entryPointName=web routerName=api-redirect@docker
time="2021-11-05T15:10:21+01:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
time="2021-11-05T15:10:21+01:00" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder entryPointName=websecure routerName=api@docker middlewareName=tracing
time="2021-11-05T15:10:21+01:00" level=error msg="middleware \"auth@file\" does not exist" entryPointName=websecure routerName=api@docker
Additionally, but no biggie, the tls challenge doesn't work for me, if someone knows a special tweak you need to make I'd be glad, but I have no issue sticking with http-challenge.
Here the docker-compose.yml (is in /srv/traefik):
version: "3.7"
services:
traefik:
image: "traefik:latest"
container_name: "traefik"
restart: unless-stopped
command:
- "--log.level=DEBUG"
- "--log.filePath=/var/log/traefik.log"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.watch=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.file.directory=/etc/traefik"
- "--providers.file.watch=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.letsencrypt.acme.email=heresmyemail"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
networks:
- proxy
ports:
- "80:80"
- "443:443"
expose:
- "8080"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /srv/traefik/log:/var/log
- /srv/traefik/etc:/etc/traefik
- /srv/traefik/letsencrypt:/letsencrypt
labels:
- "traefik.enable=true"
- "traefik.http.routers.api-redirect.entrypoints=web"
- "traefik.http.routers.api-redirect.rule=Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.api-redirect.middlewares=https-redirect@file,auth@file"
- "traefik.http.routers.api-redirect.service=foo@file"
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.rule=Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.api.middlewares=secHeaders@file,auth@file"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.tls=true"
- "traefik.http.routers.api.tls.certresolver=letsencrypt"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami-redirect.entrypoints=web"
- "traefik.http.routers.whoami-redirect.rule=Host(`rp.mydomain.tld`) && PathPrefix(`/whoami`)"
- "traefik.http.routers.whoami-redirect.middlewares=https-redirect@file"
- "traefik.http.routers.whoami-redirect.service=foo@file"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.rule=Host(`rp.mydomain.tld`) && PathPrefix(`/whoami`)"
- "traefik.http.routers.whoami.middlewares=secHeaders@file"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
- ADMIN_TOKEN=mytoken
# - WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
volumes:
- /srv/vaultwarden/data/:/data/
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden-redirect.entrypoints=web"
- "traefik.http.routers.vaultwarden-redirect.rule=Host(`vault.mydomain.tld`)"
- "traefik.http.routers.vaultwarden-redirect.middlewares=https-redirect@file"
- "traefik.http.routers.vaultwarden-redirect.service=foo@file"
- "traefik.http.routers.vaultwarden.entrypoints=websecure"
- "traefik.http.routers.vaultwarden.rule=Host(`vault.mydomain.tld`)"
- "traefik.http.routers.vaultwarden.middlewares=secHeaders@file"
- "traefik.http.routers.vaultwarden.service=vaultwarden"
- "traefik.http.routers.vaultwarden.tls=true"
- "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
networks:
- proxy
expose:
- "80"
networks:
proxy:
external: true
And here is my traefik_dynamic.yml (is under /srv/traefik/etc/traefik_dynamic.yml):
tls:
options:
normal:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
http:
routers:
#api-redirect:
#entryPoints:
# - "web"
# rule: Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
# middlewares:
# - https-redirect
# service: foo
#api:
# entryPoints:
# - "websecure"
# rule: Host(`rp.mydomain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
# middlewares:
# - auth
# service: api@internal
cloud-redirect:
entryPoints:
- "web"
rule: Host(`cloud.mydomain.tld`)
middlewares:
- https-redirect
service: foo
cloud:
entryPoints:
- "websecure"
rule: Host(`cloud.mydomain.tld`)
middlewares:
- nextcloud-redirectregex
service: cloud
tls:
certResolver: letsencrypt
options: normal
middlewares:
auth:
basicAuth:
users:
- "contadmin:encryptedpw"
nextcloud-redirectregex:
redirectRegex:
permanent: true
regex: "^https://(.*)/.well-known/(card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
https-redirect:
redirectScheme:
scheme: https
port: 443
permanent: true
secHeaders:
headers:
browserXssFilter: true
contentTypeNosniff: true
frameDeny: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
services:
cloud:
loadBalancer:
healthCheck:
path: /index.php
interval: "30s"
timeout: "5s"
servers:
- url: "http://10.101.1.11/"
foo:
loadBalancer:
servers:
- url: "http://0.0.0.0/"
Thanks for any feedback, help or suggestions