No access logs being written

services:
  traefik:
    image: traefik:v3.2
    container_name: traefik
    restart: unless-stopped
    depends_on:
      - traefikproxy
    ports:
      #- 80:80
      - 2053:443
      # - 443:443/tcp # Uncomment if you want HTTP3
      # - 443:443/udp # Uncomment if you want HTTP3
    environment:
      TZ: Europe/blank  # Set the timezone, adjust this as needed
      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets
      TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    secrets:
      - cf_api_token
    env_file: .env # use .env
    volumes:
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/config.yml:/config.yml:ro
      - ./data/log/:/var/log/
    labels:
      # Enable traefik for this container
      - "traefik.enable=true"
      # Routers
      #- "traefik.http.routers.traefik.entrypoints=http"
      #- "traefik.http.routers.traefik.rule=Host(`blank`)"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.rule=Host(`blank`)"
      #Enabling api for traefik dashboard
      - "traefik.http.routers.traefik.service=api@internal"
      # Middlewares 
      - "traefik.http.routers.traefik.middlewares=traefik-auth,internal-ip@file,secure-headers@file,crowdsec@file,"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      #- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      # Enable ca
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik.tls.domains[0].main=blank"
      - "traefik.http.routers.traefik.tls.domains[0].sans=*.blank"
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: "0.5"
    networks:
      proxy:
        ipv4_address: 192.170.100.2
      traefikproxy:
        ipv4_address: 192.171.1.3

  traefikproxy:
    image: wollomatic/socket-proxy:1 # choose most recent image
    container_name: traefikproxy
    restart: unless-stopped
    user: "65535:988"
    mem_limit: 64M
    read_only: true
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges
    labels:
      - "traefik.enable=false"
    command:
      - '-loglevel=info'
      - '-listenip=0.0.0.0'
      - '-allowfrom=traefik' # allow only hostname "traefik" to connect
      - '-allowGET=/v1\..{1,2}/(version|containers/.*|events.*)' # this regexp allows readonly access only for requests that traefik needs
      - '-watchdoginterval=3600' # check once per hour for socket availability
      - '-stoponwatchdog' # halt program on error and let compose restart it
      - '-shutdowngracetime=5' # wait 5 seconds before shutting down
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      traefikproxy:
        ipv4_address: 192.171.1.2

  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    restart: unless-stopped
    depends_on:
      - traefik
    environment:
      GID: "${GID-1000}"
      TZ: Europe/Athens
      COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/linux crowdsecurity/base-http-scenarios crowdsecurity/sshd"
    labels:
      - "traefik.enable=false"
    volumes:
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
      - ./data/log/:/var/log/traefik/:ro
      - /var/log/auth.log:/var/log/auth.log:ro
      - ./crowdsec/data:/var/lib/crowdsec/data/
      - ./crowdsec/config:/etc/crowdsec/
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: "0.5"
    networks:
      proxy:
        ipv4_address: 192.170.100.3


secrets:
  cf_api_token:
    file: ./cf_api_token.txt

networks:
      proxy:
        external: true
      traefikproxy:
        external: true

http:
  serversTransports:
    securetransport:
      insecureSkipVerify: false
    insecuretransport:
      insecureSkipVerify: true

  middlewares:
    internal-ip:
      ipAllowList:
        sourceRange:
          - "127.0.0.1/32"
          - "192.168.0.0/24"
          - "10.11.18.0/24"
    secure-headers:
      headers:
        accessControlAllowMethods:
          - GET
          - OPTIONS
          - PUT
        accessControlMaxAge: 100
        addvaryheader: true
        sslproxyheaders:
           X-Forwarded-Proto: https
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        frameDeny: true
        contentTypeNosniff: true
        browserXssFilter: true
        referrerPolicy: "same-origin"
        #permissionPolicy: "camera=(),geolocation=(),microphone=(),payment=(),usb=(),vr=()"
        customRequestHeaders:
           X-Forwarded-Proto: https
        customResponseHeaders:
           X-Robots-Tag: none,noarchive,nosnippet,notranslate,noimageindex

    crowdsec:
      plugin:
        crowdsec-bouncer-traefik-plugin:
          enabled: true
          logLevel: INFO
          updateIntervalSeconds: 60
          updateMaxFailure: 0
          defaultDecisionSeconds: 60
          httpTimeoutSeconds: 10
          crowdsecMode: live
          crowdsecAppsecEnabled: false
          crowdsecLapiKey: blankedforsecurity
          crowdsecLapiHost: crowdsec:8080
          crowdsecLapiScheme: http
          crowdsecLapiTLSInsecureVerify: false
          clientTrustedIPs:
            - 192.168.0.0/24
          remediationHeadersCustomName: cs-remediation
          redisCacheEnabled: false

    warp:
      plugin:
       cloudflarewarp:
          disableDefault: false
          #trustip:
            #-"" 

tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
       - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
       - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
       - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
       - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
       - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
       - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"

api:
  dashboard: true
  debug: false

entryPoints:
#left for no reason http is not used
#  http:
#    address: ":80"
#    http:
#      redirections:
#        entryPoint:
#          to: https
#          scheme: https
  https:
    address: ":443"
    asDefault: true
    http:
     tls: {}

serversTransport:
  insecureSkipVerify: false


providers:
  docker:
    endpoint: "tcp://traefikproxy:2375"
    exposedByDefault: false
    network: "traefikproxy"
  file:
   filename: /config.yml
   watch: true

experimental:
  plugins:
    crowdsec-bouncer-traefik-plugin:
      moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
      version: "v1.3.5"
    cloudflarewarp:
      moduleName: "github.com/BetterCorp/cloudflarewarp"
      version: "v1.3.3"

certificatesResolvers:
  cloudflare:
    acme:
      email: blank
      storage: acme.json
      # caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
        resolvers:
          - "blank"
          - "blank"

log:
  level: INFO
  filePath: "/var/log/traefik.log"
  format: json
accessLog:
  filePath: "/var/log/access.log"
  format: json