I'm just getting started with Traefik so keeping it simple.
docker-compose.yaml:
version: '3'
services:
reverse-proxy:
# The official v3 Traefik docker image
image: traefik:v3.3
# Enables the web UI and tells Traefik to listen to docker
ports:
# The HTTP port
- "8000:80"
# The Web UI (enabled by --api.insecure=true)
# - "8080:8080"
# https port
- "8443:443"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./acme.json:/letsencrypt/acme.json:rw
- ./traefik.yaml:/etc/traefik/traefik.yaml
- ./htpasswd:/etc/traefik/htpasswd
whoami:
# A container that exposes an API to show its IP address
image: traefik/whoami
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.routers.whoami.rule=PathPrefix(`/whoami/`)"
# - "traefik.http.middlewares.basic-auth.basicAuth.usersFile=/etc/traefik/htpasswd"
- "traefik.http.routers.whoami.middlewares=basic-auth@file"
traefik.yaml:
api:
dashboard: false
log:
level: DEBUG
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedbydefault: false
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
# generate user w/ password: echo $(htpasswd -nB user)
http:
middlewares:
basic-auth:
basicAuth:
usersFile: "/etc/traefik/htpasswd"
When I start up, I see that only the first part of my static config is loaded (nothing from the http.middlewares section) (ran through jq for easier reading):
Static configuration loaded [json] staticConfiguration=
{
"api": {
"basePath": "/"
},
"entryPoints": {
"web": {
"address": ":80",
"forwardedHeaders": {},
"http": {
"maxHeaderBytes": 1048576
},
"http2": {
"maxConcurrentStreams": 250
},
"observability": {
"accessLogs": true,
"metrics": true,
"tracing": true
},
"transport": {
"lifeCycle": {
"graceTimeOut": "10s"
},
"respondingTimeouts": {
"idleTimeout": "3m0s",
"readTimeout": "1m0s"
}
},
"udp": {
"timeout": "3s"
}
},
"websecure": {
"address": ":443",
"forwardedHeaders": {},
"http": {
"maxHeaderBytes": 1048576
},
"http2": {
"maxConcurrentStreams": 250
},
"observability": {
"accessLogs": true,
"metrics": true,
"tracing": true
},
"transport": {
"lifeCycle": {
"graceTimeOut": "10s"
},
"respondingTimeouts": {
"idleTimeout": "3m0s",
"readTimeout": "1m0s"
}
},
"udp": {
"timeout": "3s"
}
}
},
"global": {
"checkNewVersion": true
},
"log": {
"format": "common",
"level": "DEBUG"
},
"providers": {
"docker": {
"defaultRule": "Host({{ normalize .Name }})",
"endpoint": "unix:///var/run/docker.sock",
"watch": true
},
"providersThrottleDuration": "2s"
},
"serversTransport": {
"maxIdleConnsPerHost": 200
},
"tcpServersTransport": {
"dialKeepAlive": "15s",
"dialTimeout": "30s"
}
}
reverse-proxy_1 | 2025-01-20T18:44:06Z INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:633 >
Which then results in the following expected error:
reverse-proxy_1 | 2025-01-20T18:44:06Z ERR github.com/traefik/traefik/v3/pkg/server/router/router.go:136 > error="middleware \"basic-auth@file\" does not exist" entryPointName=web routerName=whoami@docker
I've tried a number of things and nothing I seem to put in the http
block ends up being loaded by the final config. I've also tried configuring the dashboard on the two endpoints and that doesn't work either.