Not able to open dashboard through external port 8443

jcabrerazuniga · April 30, 2025, 5:03pm

I can not open the dashboard while using server's port 8443 (Host) and I do not understand what is going on. I understand I must use a static configuration file traefik.yml to specify ports, providers (to indicate valid ssl certs), api, etc. Yet, I can no open the dashboard or login page for testing users.

My docker-compose.yml file for Traefik contains (among other stuff):

   traefik:
    container_name: traefik
    # The official v3 Traefik docker image 
    image: traefik:v3.3 
    # Enables the web UI and tells Traefik to listen to docker 
    ports:       
       - "443:443"
       - "8443:8443"   

    networks:
      - traefik-redcap-net
     
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mydashboard.rule=Host(`${RC_TRAEFIK_HOSTNAME}`)"      
      - "traefik.http.routers.mydashboard.entryPoints=web8443"
      - "traefik.http.routers.mydashboard.service=api@internal"
      - "traefik.http.routers.mydashboard.middlewares=auth"  
      - "traefik.http.services.traefik.loadbalancer.server.scheme=https"
      - "traefik.http.services.traefik.loadbalancer.server.port=443"
      - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"

    volumes: 
      # So that Traefik can listen to the Docker events 
      - /var/run/docker.sock:/var/run/docker.sock
      # Mount Certs folder
      - ./certs:/etc/traefik/certs 
      # Mount Static initial configuration
      - ./traefik.yaml:/etc/traefik/traefik.yaml

my traefik.yaml is:

## Static configuration
entryPoints:

  web443:
    address: ":443"
    http:          
      tls: {}  # Enable TLS for this entrypoint    

  web8443:
    address: ":8443"    
    http:
      tls: {}  # Enable TLS for this entrypoint    
    asDefault: true


providers:
  file: 
    filename: /etc/traefik/certs/traefik-ssl.yaml
  docker:
    endpoint: "unix:///var/run/docker.sock"
    network: traefik-redcap-net
    exposedByDefault: false

api:
  insecure: false
  dashboard: true

log:
  level: DEBUG

the traefik-ssl.yaml is:

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/traefik/certs/ssl.crt
        keyFile: /etc/traefik/certs/ssl.key

I am using a .env file that contains:

RC_SAML_HOSTNAME="rc-dev.health.unm.edu"
RC_TRAEFIK_HOSTNAME = "hsc-ctsc-redcapdeva.health.unm.edu"

Some logs:

jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$ docker network ls
NETWORK ID     NAME                              DRIVER    SCOPE
fd180284e984   bridge                            bridge    local
89c970e3fa6c   docker-redcap-admin-dev_default   bridge    local
a62a4dd81160   host                              host      local
1d65b7ac257c   minikube                          bridge    local
304c8d5133b7   none                              null      local
162ae60a49b1   traefik-redcap-net                bridge    local
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$ docker inspect traefik-redcap-net
[
    {
        "Name": "traefik-redcap-net",
        "Id": "162ae60a49b17b46ed4daf80da7e37b3081e055d3e00c262295ba796aeab97a1",
        "Created": "2025-04-24T19:07:10.31542712-06:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv4": true,
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b": {
                "Name": "redcap-admin",
                "EndpointID": "9bb8154e40a7a7f67717db8a4d8b6351c8abb5a4f29f1a658be5bc66c6baa5e6",
                "MacAddress": "be:3b:55:a1:48:2d",
                "IPv4Address": "172.18.0.4/16",
                "IPv6Address": ""
            },
            "7467713cd42553ffa94f093c33f0b1c29ac461063452fb3ce1c0cc682140cab3": {
                "Name": "traefik",
                "EndpointID": "5ed3f4aeabdc9040440fd73abff1f6302ba41ecf2722f6da650803ff8327b987",
                "MacAddress": "6a:c0:7e:73:52:2c",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            },
            "beba2705e3c78d282ac0e2e32cf53a1a13c7ac281e46b9262a39baea7cf641e0": {
                "Name": "shibboleth-sp",
                "EndpointID": "cb5359b38d155d61a81cb6d23495335995f667ad6fb931afc6b80aa4ed1d6f1a",
                "MacAddress": "92:9f:c7:04:e5:3c",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$ docker logs traefik
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:106 > Traefik version 3.3.6 built on 2025-04-18T09:18:47Z version=3.3.6
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/cmd/traefik/traefik.go:113 > Static configuration loaded [json] staticConfiguration={"api":{"basePath":"/","dashboard":true},"entryPoints":{"web443":{"address":":443","forwardedHeaders":{},"http":{"maxHeaderBytes":1048576,"sanitizePath":true,"tls":{}},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"web8443":{"address":":8443","asDefault":true,"forwardedHeaders":{},"http":{"maxHeaderBytes":1048576,"sanitizePath":true,"tls":{}},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}}},"global":{"checkNewVersion":true},"log":{"format":"common","level":"DEBUG"},"providers":{"docker":{"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","network":"traefik-redcap-net","watch":true},"file":{"filename":"/etc/traefik/certs/traefik-ssl.yaml","watch":true},"providersThrottleDuration":"2s"},"serversTransport":{"maxIdleConnsPerHost":200},"tcpServersTransport":{"dialKeepAlive":"15s","dialTimeout":"30s"}}
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:632 >
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/

2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:73 > Starting provider aggregator *aggregator.ProviderAggregator
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:231 > Starting TCP Server entryPointName=web443
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:231 > Starting TCP Server entryPointName=web8443
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *file.Provider
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *file.Provider provider configuration config={"filename":"/etc/traefik/certs/traefik-ssl.yaml","watch":true}
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /etc/traefik/certs
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /etc/traefik/certs/traefik-ssl.yaml
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *traefik.Provider
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *traefik.Provider provider configuration config={}
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *docker.Provider
2025-04-30T17:43:10Z INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *acme.ChallengeTLSALPN
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *acme.ChallengeTLSALPN provider configuration config={}
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *docker.Provider provider configuration config={"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","network":"traefik-redcap-net","watch":true}
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{},"tcp":{},"tls":{"stores":{"default":{}}},"udp":{}} providerName=file
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"models":{"web443":{"observability":{},"tls":{}},"web8443":{"observability":{},"tls":{}}},"serversTransports":{"default":{"maxIdleConnsPerHost":200}},"services":{"api":{},"dashboard":{},"noop":{}}},"tcp":{"serversTransports":{"default":{"dialKeepAlive":"15s","dialTimeout":"30s"}}},"tls":{},"udp":{}} providerName=internal
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/pdocker.go:90 > Provider connection established with docker 28.1.1 (API 1.49) providerName=docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:185 > Filtering disabled container container=minikube-5994ee7d102f1208d8048ccbc303c6ce395fc9862ba768d30cac4281d5815ad0 providerName=docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"auth":{"basicAuth":{"users":["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/","test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]}}},"routers":{"mydashboard":{"entryPoints":["web8443"],"middlewares":["auth"],"rule":"Host(`hsc-ctsc-redcapdeva.health.unm.edu`)","service":"api@internal"},"shibboleth-sp":{"entryPoints":["web443"],"rule":"Host(`rc-dev.health.unm.edu`)","service":"shibboleth-sp"}},"services":{"shibboleth-sp":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.3:443"}]}},"traefik":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.2:443"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/basic_auth.go:37 > Creating middleware entryPointName=web8443 middlewareName=auth@docker middlewareType=BasicAuth routerName=mydashboard@docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=web8443 middlewareName=auth@docker routerName=mydashboard@docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:25 > Creating middleware entryPointName=web8443 middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:312 > Creating load-balancer entryPointName=web443 routerName=shibboleth-sp@docker serviceName=shibboleth-sp@docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:344 > Creating server URL=https://172.18.0.3:443 entryPointName=web443 routerName=shibboleth-sp@docker serverIndex=0 serviceName=shibboleth-sp@docker
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:25 > Creating middleware entryPointName=web443 middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for rc-dev.health.unm.edu with TLS options default entryPointName=web443
2025-04-30T17:43:10Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for hsc-ctsc-redcapdeva.health.unm.edu with TLS options default entryPointName=web8443
2025-04-30T17:43:11Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/pdocker.go:112 > Provider event received {Status:start ID:3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b From:local_docker_redcap:14.5.42-rc4 Type:container Action:start Actor:{ID:3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b Attributes:map[com.docker.compose.config-hash:3300688a7394b4df4ecb70a2ca56c9eccea937e580e0718ec57261c6313cf518 com.docker.compose.container-number:1 com.docker.compose.depends_on:shibboleth-sp:service_started:false com.docker.compose.image:sha256:4895b8ec6ea1356631d6f5eabda8124792e69c5b951ff9b42d94f826fa6a5f15 com.docker.compose.oneoff:False com.docker.compose.project:docker-redcap-admin-dev com.docker.compose.project.config_files:/opt/docker/docker-redcap-admin-dev/docker-compose.yml com.docker.compose.project.working_dir:/opt/docker/docker-redcap-admin-dev com.docker.compose.service:redcap-admin com.docker.compose.version:2.35.1 image:local_docker_redcap:14.5.42-rc4 name:redcap-admin traefik.enable:true]} Scope:local Time:1746034991 TimeNano:1746034991262497841} providerName=docker
2025-04-30T17:43:11Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:200 > Filtering unhealthy or starting container container=redcap-admin-docker-redcap-admin-dev-3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b providerName=docker
2025-04-30T17:43:11Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:185 > Filtering disabled container container=minikube-5994ee7d102f1208d8048ccbc303c6ce395fc9862ba768d30cac4281d5815ad0 providerName=docker
2025-04-30T17:43:12Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"auth":{"basicAuth":{"users":["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/","test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]}}},"routers":{"mydashboard":{"entryPoints":["web8443"],"middlewares":["auth"],"rule":"Host(`hsc-ctsc-redcapdeva.health.unm.edu`)","service":"api@internal"},"shibboleth-sp":{"entryPoints":["web443"],"rule":"Host(`rc-dev.health.unm.edu`)","service":"shibboleth-sp"}},"services":{"shibboleth-sp":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.3:443"}]}},"traefik":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.2:443"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=docker
2025-04-30T17:43:12Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:127 > Skipping unchanged configuration providerName=docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/pdocker.go:112 > Provider event received {Status:health_status: healthy ID:3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b From:local_docker_redcap:14.5.42-rc4 Type:container Action:health_status: healthy Actor:{ID:3fa6f5491d216beb0ac7c2976c77e0a1f4308872e99dc0790aa64b6bc18bd64b Attributes:map[com.docker.compose.config-hash:3300688a7394b4df4ecb70a2ca56c9eccea937e580e0718ec57261c6313cf518 com.docker.compose.container-number:1 com.docker.compose.depends_on:shibboleth-sp:service_started:false com.docker.compose.image:sha256:4895b8ec6ea1356631d6f5eabda8124792e69c5b951ff9b42d94f826fa6a5f15 com.docker.compose.oneoff:False com.docker.compose.project:docker-redcap-admin-dev com.docker.compose.project.config_files:/opt/docker/docker-redcap-admin-dev/docker-compose.yml com.docker.compose.project.working_dir:/opt/docker/docker-redcap-admin-dev com.docker.compose.service:redcap-admin com.docker.compose.version:2.35.1 image:local_docker_redcap:14.5.42-rc4 name:redcap-admin traefik.enable:true]} Scope:local Time:1746035021 TimeNano:1746035021321827102} providerName=docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:185 > Filtering disabled container container=minikube-5994ee7d102f1208d8048ccbc303c6ce395fc9862ba768d30cac4281d5815ad0 providerName=docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"auth":{"basicAuth":{"users":["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/","test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]}}},"routers":{"mydashboard":{"entryPoints":["web8443"],"middlewares":["auth"],"rule":"Host(`hsc-ctsc-redcapdeva.health.unm.edu`)","service":"api@internal"},"redcap-admin-docker-redcap-admin-dev":{"rule":"Host(`redcap-admin-docker-redcap-admin-dev`)","service":"redcap-admin-docker-redcap-admin-dev"},"shibboleth-sp":{"entryPoints":["web443"],"rule":"Host(`rc-dev.health.unm.edu`)","service":"shibboleth-sp"}},"services":{"redcap-admin-docker-redcap-admin-dev":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.18.0.4:8080"}]}},"shibboleth-sp":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.3:443"}]}},"traefik":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"https://172.18.0.2:443"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/aggregator.go:52 > No entryPoint defined for this router, using the default one(s) instead entryPointName=["web8443"] routerName=redcap-admin-docker-redcap-admin-dev
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/basic_auth.go:37 > Creating middleware entryPointName=web8443 middlewareName=auth@docker middlewareType=BasicAuth routerName=mydashboard@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=web8443 middlewareName=auth@docker routerName=mydashboard@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:312 > Creating load-balancer entryPointName=web8443 routerName=redcap-admin-docker-redcap-admin-dev@docker serviceName=redcap-admin-docker-redcap-admin-dev@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:344 > Creating server URL=http://172.18.0.4:8080 entryPointName=web8443 routerName=redcap-admin-docker-redcap-admin-dev@docker serverIndex=0 serviceName=redcap-admin-docker-redcap-admin-dev@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:25 > Creating middleware entryPointName=web8443 middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:312 > Creating load-balancer entryPointName=web443 routerName=shibboleth-sp@docker serviceName=shibboleth-sp@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:344 > Creating server URL=https://172.18.0.3:443 entryPointName=web443 routerName=shibboleth-sp@docker serverIndex=0 serviceName=shibboleth-sp@docker
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:25 > Creating middleware entryPointName=web443 middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for rc-dev.health.unm.edu with TLS options default entryPointName=web443
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for hsc-ctsc-redcapdeva.health.unm.edu with TLS options default entryPointName=web8443
2025-04-30T17:43:41Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for redcap-admin-docker-redcap-admin-dev with TLS options default entryPointName=web8443
jcabrerazuniga@hsc-ctsc-redcapdeva:/opt/docker/docker-redcap-admin-dev$

Any suggestions? Traefik seems to be very complicated...

Thanks in advance

bluepuma77 · April 30, 2025, 5:16pm

jcabrerazuniga:

    labels:
      - "traefik.enable=true"
      # - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.rule=Host(`${RC_TRAEFIK_HOSTNAME}`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.shibboleth-sp.entryPoints=web8443"
      - "traefik.http.services.traefik.loadbalancer.server.scheme=https"
      - "traefik.http.services.traefik.loadbalancer.server.port=443"
      - "traefik.http.routers.api.middlewares=auth"      
      - "traefik.http.middlewares.auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"

Your labels look a bit confusing. The labels usually target the container itself, and usually you would use similar names, like in simple Traefik example:

    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.rule=Host(`traefik.example.com`)
      - traefik.http.routers.mydashboard.entrypoints=websecure
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth
      - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

jcabrerazuniga · April 30, 2025, 5:41pm

I reedited the question trying to use your suggestions. I opened port 8443 and made it an entryPoint at the traefik.yaml. I used the cmd:

"traefik.http.services.traefik.loadbalancer.server.port=443"

to force traefik to redirect anything entering through 8443 to go to traefik's port 443. Is this legit? traefik is a service by itself and I could not see anything against this in the manual. If I use:

http://hsc-ctsc-redcapdeva.health.unm.edu:8443/dashboard

I get 404 page not found

bluepuma77 · April 30, 2025, 6:28pm

A "redirect" is a http status response to the client/browser which tells to request another URL.

.loadbalancer.server.port= tells Traefik to use the given port (after router match and middleware) with service to connect internally to the container application.

For .service=api@internal no port is used. It’s only needed when using Swarm, there a fake port number will do.

And let’s not forget the doc:

The trailing slash / in /dashboard/ is mandatory

Topic		Replies	Views
Trouble getting Traefik Dashboard access Traefik v3 (latest) docker , dashboard-api	7	43	April 2, 2025
Running Dashboard on port 8443 and Configuring SSL Traefik v3 (latest) docker	5	5	April 30, 2025
Unable to connect to dashboard on port 8080 Traefik v2 docker	4	3525	March 4, 2024
Unable to access traefik dashboard Traefik v3 (latest) dashboard-api	2	175	December 24, 2024
Dashboard 404 even on official example Traefik v2 docker , dashboard-api	3	5294	June 9, 2023

Not able to open dashboard through external port 8443

Related topics