I can not open the dashboard while using server's port 8443 (Host) and I do not understand what is going on. I understand I must use a static configuration file traefik.yml to specify ports, providers (to indicate valid ssl certs), api, etc. Yet, I can no open the dashboard or login page for testing users.
My docker-compose.yml file for Traefik contains (among other stuff):
traefik:
container_name: traefik
# The official v3 Traefik docker image
image: traefik:v3.3
# Enables the web UI and tells Traefik to listen to docker
ports:
- "443:443"
- "8443:8443"
networks:
- traefik-redcap-net
labels:
- "traefik.enable=true"
- "traefik.http.routers.mydashboard.rule=Host(`${RC_TRAEFIK_HOSTNAME}`)"
- "traefik.http.routers.mydashboard.entryPoints=web8443"
- "traefik.http.routers.mydashboard.service=api@internal"
- "traefik.http.routers.mydashboard.middlewares=auth"
- "traefik.http.services.traefik.loadbalancer.server.scheme=https"
- "traefik.http.services.traefik.loadbalancer.server.port=443"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
# Mount Certs folder
- ./certs:/etc/traefik/certs
# Mount Static initial configuration
- ./traefik.yaml:/etc/traefik/traefik.yaml
my traefik.yaml is:
## Static configuration
entryPoints:
web443:
address: ":443"
http:
tls: {} # Enable TLS for this entrypoint
web8443:
address: ":8443"
http:
tls: {} # Enable TLS for this entrypoint
asDefault: true
providers:
file:
filename: /etc/traefik/certs/traefik-ssl.yaml
docker:
endpoint: "unix:///var/run/docker.sock"
network: traefik-redcap-net
exposedByDefault: false
api:
insecure: false
dashboard: true
log:
level: DEBUG
the traefik-ssl.yaml is:
tls:
stores:
default:
defaultCertificate:
certFile: /etc/traefik/certs/ssl.crt
keyFile: /etc/traefik/certs/ssl.key
I am using a .env file that contains:
RC_SAML_HOSTNAME="rc-dev.health.unm.edu"
RC_TRAEFIK_HOSTNAME = "hsc-ctsc-redcapdeva.health.unm.edu"
Some logs:
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$ docker network ls
NETWORK ID NAME DRIVER SCOPE
fd180284e984 bridge bridge local
89c970e3fa6c docker-redcap-admin-dev_default bridge local
a62a4dd81160 host host local
1d65b7ac257c minikube bridge local
304c8d5133b7 none null local
162ae60a49b1 traefik-redcap-net bridge local
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$ docker inspect traefik-redcap-net
[
{
"Name": "traefik-redcap-net",
"Id": "162ae60a49b17b46ed4daf80da7e37b3081e055d3e00c262295ba796aeab97a1",
"Created": "2025-04-24T19:07:10.31542712-06:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv4": true,
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b": {
"Name": "redcap-admin",
"EndpointID": "9bb8154e40a7a7f67717db8a4d8b6351c8abb5a4f29f1a658be5bc66c6baa5e6",
"MacAddress": "be:3b:55:a1:48:2d",
"IPv4Address": "172.18.0.4/16",
"IPv6Address": ""
},
"7467713cd42553ffa94f093c33f0b1c29ac461063452fb3ce1c0cc682140cab3": {
"Name": "traefik",
"EndpointID": "5ed3f4aeabdc9040440fd73abff1f6302ba41ecf2722f6da650803ff8327b987",
"MacAddress": "6a:c0:7e:73:52:2c",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
},
"beba2705e3c78d282ac0e2e32cf53a1a13c7ac281e46b9262a39baea7cf641e0": {
"Name": "shibboleth-sp",
"EndpointID": "cb5359b38d155d61a81cb6d23495335995f667ad6fb931afc6b80aa4ed1d6f1a",
"MacAddress": "92:9f:c7:04:e5:3c",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$ docker logs traefik
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:106 > Traefik version 3.3.6 built on 2025-04-18T09:18:47Z version=3.3.6
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/cmd/traefik/traefik.go:113 > Static configuration loaded [json] staticConfiguration={"api":{"basePath":"/","dashboard":true},"entryPoints":{"web443":{"address":":443","forwardedHeaders":{},"http":{"maxHeaderBytes":1048576,"sanitizePath":true,"tls":{}},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"web8443":{"address":":8443","asDefault":true,"forwardedHeaders":{},"http":{"maxHeaderBytes":1048576,"sanitizePath":true,"tls":{}},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}}},"global":{"checkNewVersion":true},"log":{"format":"common","level":"DEBUG"},"providers":{"docker":{"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","network":"traefik-redcap-net","watch":true},"file":{"filename":"/etc/traefik/certs/traefik-ssl.yaml","watch":true},"providersThrottleDuration":"2s"},"serversTransport":{"maxIdleConnsPerHost":200},"tcpServersTransport":{"dialKeepAlive":"15s","dialTimeout":"30s"}}
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:632 >
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:73 > Starting provider aggregator *aggregator.ProviderAggregator
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:231 > Starting TCP Server entryPointName=web443
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:231 > Starting TCP Server entryPointName=web8443
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *file.Provider
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *file.Provider provider configuration config={"filename":"/etc/traefik/certs/traefik-ssl.yaml","watch":true}
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /etc/traefik/certs
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /etc/traefik/certs/traefik-ssl.yaml
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *traefik.Provider
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *traefik.Provider provider configuration config={}
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *docker.Provider
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *acme.ChallengeTLSALPN
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *acme.ChallengeTLSALPN provider configuration config={}
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *docker.Provider provider configuration config={"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","network":"traefik-redcap-net","watch":true}
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{},"tcp":{},"tls":{"stores":{"default":{}}},"udp":{}} providerName=file
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"models":{"web443":{"observability":{},"tls":{}},"web8443":{"observability":{},"tls":{}}},"serversTransports":{"default":{"maxIdleConnsPerHost":200}},"services":{"api":{},"dashboard":{},"noop":{}}},"tcp":{"serversTransports":{"default":{"dialKeepAlive":"15s","dialTimeout":"30s"}}},"tls":{},"udp":{}} providerName=internal
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/pdocker.go:90 > Provider connection established with docker 28.1.1 (API 1.49) providerName=docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:185 > Filtering disabled container container=minikube-5994ee7d102f1208d8048ccbc303c6ce395fc9862ba768d30cac4281d5815ad0 providerName=docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"auth":{"basicAuth":{"users":["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/","test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]}}},"routers":{"mydashboard":{"entryPoints":["web8443"],"middlewares":["auth"],"rule":"Host(`hsc-ctsc-redcapdeva.health.unm.edu`)","service":"api@internal"},"shibboleth-sp":{"entryPoints":["web443"],"rule":"Host(`rc-dev.health.unm.edu`)","service":"shibboleth-sp"}},"services":{"shibboleth-sp":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.3:443"}]}},"traefik":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.2:443"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/basic_auth.go:37 > Creating middleware entryPointName=web8443 middlewareName=auth@docker middlewareType=BasicAuth routerName=mydashboard@docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=web8443 middlewareName=auth@docker routerName=mydashboard@docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:25 > Creating middleware entryPointName=web8443 middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:312 > Creating load-balancer entryPointName=web443 routerName=shibboleth-sp@docker serviceName=shibboleth-sp@docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:344 > Creating server URL=https://172.18.0.3:443 entryPointName=web443 routerName=shibboleth-sp@docker serverIndex=0 serviceName=shibboleth-sp@docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:25 > Creating middleware entryPointName=web443 middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for rc-dev.health.unm.edu with TLS options default entryPointName=web443
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for hsc-ctsc-redcapdeva.health.unm.edu with TLS options default entryPointName=web8443
2025-04-30T17:43:11Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/pdocker.go:112 > Provider event received {Status:start ID:3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b From:local_docker_redcap:14.5.42-rc4 Type:container Action:start Actor:{ID:3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b Attributes:map[com.docker.compose.config-hash:3300688a7394b4df4ecb70a2ca56c9eccea937e580e0718ec57261c6313cf518 com.docker.compose.container-number:1 com.docker.compose.depends_on:shibboleth-sp:service_started:false com.docker.compose.image:sha256:4895b8ec6ea1356631d6f5eabda8124792e69c5b951ff9b42d94f826fa6a5f15 com.docker.compose.oneoff:False com.docker.compose.project:docker-redcap-admin-dev com.docker.compose.project.config_files:/opt/docker/docker-redcap-admin-dev/docker-compose.yml com.docker.compose.project.working_dir:/opt/docker/docker-redcap-admin-dev com.docker.compose.service:redcap-admin com.docker.compose.version:2.35.1 image:local_docker_redcap:14.5.42-rc4 name:redcap-admin traefik.enable:true]} Scope:local Time:1746034991 TimeNano:1746034991262497841} providerName=docker
2025-04-30T17:43:11Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:200 > Filtering unhealthy or starting container container=redcap-admin-docker-redcap-admin-dev-3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b providerName=docker
2025-04-30T17:43:11Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:185 > Filtering disabled container container=minikube-5994ee7d102f1208d8048ccbc303c6ce395fc9862ba768d30cac4281d5815ad0 providerName=docker
2025-04-30T17:43:12Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"auth":{"basicAuth":{"users":["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/","test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]}}},"routers":{"mydashboard":{"entryPoints":["web8443"],"middlewares":["auth"],"rule":"Host(`hsc-ctsc-redcapdeva.health.unm.edu`)","service":"api@internal"},"shibboleth-sp":{"entryPoints":["web443"],"rule":"Host(`rc-dev.health.unm.edu`)","service":"shibboleth-sp"}},"services":{"shibboleth-sp":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.3:443"}]}},"traefik":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.2:443"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=docker
2025-04-30T17:43:12Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:127 > Skipping unchanged configuration providerName=docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/pdocker.go:112 > Provider event received {Status:health_status: healthy ID:3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b From:local_docker_redcap:14.5.42-rc4 Type:container Action:health_status: healthy Actor:{ID:3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b Attributes:map[com.docker.compose.config-hash:3300688a7394b4df4ecb70a2ca56c9eccea937e580e0718ec57261c6313cf518 com.docker.compose.container-number:1 com.docker.compose.depends_on:shibboleth-sp:service_started:false com.docker.compose.image:sha256:4895b8ec6ea1356631d6f5eabda8124792e69c5b951ff9b42d94f826fa6a5f15 com.docker.compose.oneoff:False com.docker.compose.project:docker-redcap-admin-dev com.docker.compose.project.config_files:/opt/docker/docker-redcap-admin-dev/docker-compose.yml com.docker.compose.project.working_dir:/opt/docker/docker-redcap-admin-dev com.docker.compose.service:redcap-admin com.docker.compose.version:2.35.1 image:local_docker_redcap:14.5.42-rc4 name:redcap-admin traefik.enable:true]} Scope:local Time:1746035021 TimeNano:1746035021321827102} providerName=docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:185 > Filtering disabled container container=minikube-5994ee7d102f1208d8048ccbc303c6ce395fc9862ba768d30cac4281d5815ad0 providerName=docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"auth":{"basicAuth":{"users":["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/","test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]}}},"routers":{"mydashboard":{"entryPoints":["web8443"],"middlewares":["auth"],"rule":"Host(`hsc-ctsc-redcapdeva.health.unm.edu`)","service":"api@internal"},"redcap-admin-docker-redcap-admin-dev":{"rule":"Host(`redcap-admin-docker-redcap-admin-dev`)","service":"redcap-admin-docker-redcap-admin-dev"},"shibboleth-sp":{"entryPoints":["web443"],"rule":"Host(`rc-dev.health.unm.edu`)","service":"shibboleth-sp"}},"services":{"redcap-admin-docker-redcap-admin-dev":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.18.0.4:8080"}]}},"shibboleth-sp":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.3:443"}]}},"traefik":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.2:443"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/aggregator.go:52 > No entryPoint defined for this router, using the default one(s) instead entryPointName=["web8443"] routerName=redcap-admin-docker-redcap-admin-dev
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/basic_auth.go:37 > Creating middleware entryPointName=web8443 middlewareName=auth@docker middlewareType=BasicAuth routerName=mydashboard@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=web8443 middlewareName=auth@docker routerName=mydashboard@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:312 > Creating load-balancer entryPointName=web8443 routerName=redcap-admin-docker-redcap-admin-dev@docker serviceName=redcap-admin-docker-redcap-admin-dev@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:344 > Creating server URL=http://172.18.0.4:8080 entryPointName=web8443 routerName=redcap-admin-docker-redcap-admin-dev@docker serverIndex=0 serviceName=redcap-admin-docker-redcap-admin-dev@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:25 > Creating middleware entryPointName=web8443 middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:312 > Creating load-balancer entryPointName=web443 routerName=shibboleth-sp@docker serviceName=shibboleth-sp@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:344 > Creating server URL=https://172.18.0.3:443 entryPointName=web443 routerName=shibboleth-sp@docker serverIndex=0 serviceName=shibboleth-sp@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:25 > Creating middleware entryPointName=web443 middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for rc-dev.health.unm.edu with TLS options default entryPointName=web443
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for hsc-ctsc-redcapdeva.health.unm.edu with TLS options default entryPointName=web8443
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for redcap-admin-docker-redcap-admin-dev with TLS options default entryPointName=web8443
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$
Any suggestions? Traefik seems to be very complicated...
Thanks in advance