MIME type issue

I'm new to Traefik (coming from NPM) and I'm facing an issue that I can't find elsewhere on this forum or the internet. I'm able to access a few of my services using the wildcard certificate I set up, absolutely no issues. However, I recently set up a Radarr instance to be routed via Traefik and I get this logged to my browser console after login:

Refused to apply style from 'https://radarr.domain.com/Content/Fonts/fonts.css?h=ZYP7+3tB+/eme7MGOlDOLg' because its MIME type ('text/plain') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
radarr.domain.com/:1 Refused to apply style from 'https://radarr.domain.com/Content/styles.css?h=VAwjWra8YBWH8JiyE7JFDA' because its MIME type ('text/plain') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
radarr.domain.com/:15 Refused to apply style from 'https://radarr.domain.com/Content/styles.css?h=VAwjWra8YBWH8JiyE7JFDA' because its MIME type ('text/plain') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

For some reason the MIME type is being changed from text/css to text/plain for these 3 files. When accessing it directly via http://ip:port, I do not see this issue at all. The reason this is a serious problem is because it is cutting off most of the application, see below:


This makes the application completely unusable and I don't understand why this would be happening. I'm not running any middlewares or plugins, this is a very simple configuration.

static config:

global:
  sendAnonymousUsage: false
log:
  level: DEBUG
api:
  dashboard: true
  insecure: true
entryPoints:
  https:
    address: :443
    http:
      tls:
        certResolver: cloudflare
        domains:
          - main: "domain.com"
            sans:
              - "*.domain.com"
certificatesResolvers:
  cloudflare:
    acme:
      email: "email@gmail.com"
      storage: /var/traefik/certs/cloudflare-acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      keyType: EC384
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
providers:
  docker:
    exposedByDefault: false

Radarr compose:

services:
  radarr:
    image: linuxserver/radarr:latest
    container_name: radarr
    restart: unless-stopped
    ports:
      - 7878:7878
    environment:
      - PUID=1000
      - PGID=1001
      - UMASK=022
    volumes:
      - /mnt/appdata/radarr:/config
      - /mnt/downloads:/downloads
      - /mnt/media/movies:/movies
    labels:
      - traefik.enable=true
      - traefik.http.routers.radarr.rule=Host(`radarr.domain.com`)
      - traefik.http.services.radarr.loadbalancer.server.port=7878

Again, this works exactly as expected locally, so I'm pretty confident that Traefik is to blame, I just can't figure out how. I don't see anything in the Traefik debug logs that suggest any issues.

EDIT: I just tried this again with a completely fresh installation and still see the exact same problem.

EDIT2: I eventually see this error log, but it takes a long time to show up after I try loading the page so it's hard to tell if it's definitely related

DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:45 > Request has been aborted [172.70.115.216:44036 - /api/hosts/75f8bb84-9211-483a-a195-ec9603aa0d63/containers/e97a5229dfcb/logs/stream?stdout=1&stderr=1&filter=radarr&levels=info&levels=debug&levels=warn&levels=error&levels=fatal&levels=trace&levels=unknown]: net/http: abort Handler middlewareName=traefik-internal-recovery middlewareType=Recovery

Traefik usually doesn’t change any headers like mime-type by itself.

The mine-type is usually supplied by the web server, that’s included in the target service image.

Use curl -v to request font.css, it will show the headers. Then run the service with own port published and check again if headers change.

If both have the wrong nime-type, then the image creator needs to update the settings.

At the end it’s the browser which seems a bit picky and doesn’t like to apply the file.

That's what chatGPT and other sources I found online said, that Traefik generally doesn't change the mime-type. However, my current results seem to contradict that. Here are my results from using curl -v

connecting directly via ip:

*   Trying 192.168.0.11:7878...
* Connected to 192.168.0.11 (192.168.0.11) port 7878
> GET /Content/Fonts/fonts.css?h=ZYP7+3tB+/eme7MGOlDOLg HTTP/1.1
> Host: 192.168.0.11:7878
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< Content-Length: 1049
< Content-Type: text/css
< Date: Sat, 11 Jan 2025 18:46:31 GMT
< Server: Kestrel
< Cache-Control: max-age=31536000, public
< Last-Modified: Sun, 05 Jan 2025 11:24:58 GMT
...

connecting via radarr.domain.com:

... <TLS info> ...
> GET /Content/Fonts/fonts.css?h=ZYP7+3tB+/eme7MGOlDOLg HTTP/2
> Host: radarr.domain.com
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/2 404 
< date: Sat, 11 Jan 2025 18:45:19 GMT
< content-type: text/plain; charset=utf-8
< cache-control: max-age=31536000
< vary: Accept-Encoding
< x-content-type-options: nosniff
< cf-cache-status: HIT
< age: 48787
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SUQkdfG1jLLujWy2bifAolX8TU8MtWv9s38G4sFkfg9DEaWmUU%2FnhKM%2Bk7%2Feh%2FHn6tQe7DwvOeOTD1CHQOEAey7iJq2qCCE69Qua6NFvf1St3f1xVu3LVgNJfL2gEaQI3SFNBp7g"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< strict-transport-security: max-age=7776000; includeSubDomains; preload
< server: cloudflare
< cf-ray: 9007102cff347cb2-EWR
< alt-svc: h3=":443"; ma=86400
< server-timing: cfL4;desc="?proto=TCP&rtt=11664&min_rtt=9923&rtt_var=3747&sent=5&recv=10&lost=0&retrans=0&sent_bytes=2891&recv_bytes=615&delivery_rate=291847&cwnd=249&unsent_bytes=0&cid=1dc8b2dcd4118b94&ts=34&x=0"
< 
404 page not found

I will note that this installation used to be behind an Authentik instance, and I plan to change it back to that, but I would really like to understand why this is happening to get a better feel for how Traefik works.

Ok, but this is really a different issue: it’s not about from mime-type, but about the page not being found (status 404), so the path seems not to be working.

Do you know what might cause those specific paths to not be found when connecting via Traefik? Is there any other debug info I can share here to help figure out why this might be happening?

I've successfully put the service behind a domain-wide forward auth, but I still get this MIME type issue after logging into Authentik.

Enable and check Traefik debug log (doc) and Traefik access log in JSON format (doc).

I'm not exactly sure what happened, I only changed Traefik to start logging to a JSON file in the static config and now radarr seems to work. Thanks for your help!