Redirect Loop for non-containers

Hello all,

I'm looking for some assistance on tracking down a recent problem I've been having. As most of us have done, I've followed this guide on how to get Traefik stood up and work. F YI I am using Docker for Mac.

I was able to follow this and complete with no issues. There is a section toward the bottom that explains how to setup non-container devices that can be accessed via Traefik. The site gives PiHole as one example. (Link here)

I setup a few different LAN devices/IP (my router, two switches, Synology NAS, etc). Everything worked. At some point maybe a month or two back, these devices now stopped working an are showing the error about a redirection loop. (note my Synology still works, but NAS and Routers dont)

Here are things I've tested/confirmed:

  • In Cloudflare my SSL is set to Full/Strict
  • I have a http to https redirect setup in Traefik as per the linked guide above. This works without issues on all docker containers.
  • My switch and routers use HTTP. They are accessable via IP address on the LAN (not via Traefik).
  • Example of my rule.yml which controls one such device:
      rule: "Host(`hostname.***.com`)" 
        - https
        #- chain-no-auth
      service: router-svc
      tls: {}
        #certResolver: dns-cloudflare

        passHostHeader: true
          - url: ""  # or whatever your external host's IP:port is          

In the example above I've tested commenting out the middlewares and the TLS, both of which do not help. I still get the "redirect too many times error"

In addition here is my docker-compose for Traefik:

      - socketproxy
    image: traefik
    container_name: ${COMPOSE_PROJECT_NAME}_traefik
    restart: always
      - no-new-privileges:true
      - macdocker_proxy1
      - macdocker_socketproxy1
      - "80:80"
      - "443:443"
      - /etc/localtime:/etc/localtime:ro
      #- /var/run/docker.sock:/var/run/docker.sock:ro using a socket proxy
      - /***/Traefik/data:/etc/traefik/data
      - /***/Traefik/traefik.yml:/etc/traefik/traefik.yml:ro
      - 'com.centurylinklabs.watchtower.enable=true'
      - 'com.centurylinklabs.watchtower.monitor-only=true'
      - 'traefik.enable=true'
      - ''
      #global http redirect catch all
      - 'traefik.http.routers.httpcatchall.entrypoints=http'
      - 'traefik.http.routers.httpcatchall.rule=hostregexp(`{host:.+}`)'
      - 'traefik.http.routers.httpcatchall.middlewares=redirect-to-https'
      #middleware redirect
      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'
      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true'
      #https entrypoint
      - 'traefik.http.routers.traefik.entrypoints=https'
      #always use TLS
      - 'traefik.http.routers.traefik.tls=true'
      #cert resolver name - comment out after first run to force wildcard cert
     # - 'traefik.http.routers.traefik.tls.certresolver=dns-cloudflare'
      - '[0]'
      - '[0].sans=*'
      # Services - API - makes dashboard available insecure
      - 'traefik.http.routers.traefik.service=api@internal'
      #Middleware basic auth chain
      #- 'traefik.http.routers.traefik.middlewares=chain-basic-auth@file'
      - 'traefik.http.routers.traefik.middlewares=chain-oauth@file'
      #rule for determining hostname
      - 'traefik.http.routers.traefik.rule=Host(`traefik.$DOMAINNAME`)'

Wondering why this just recently started and would appreciate any assistance I could get to resolve this, or be pointed in the right direction.

I've uncovered a bit more of the issue.

I have several containers (Nextcloud) and non-containers (router, netgear switch) that use port 80.

My containers that us port 80, traefik is working fine.

If I switch my non-container to use a different port (Changing my router to port 81), is also works fine.

So it appears all my non-containers behind Traefik that use port 80 are stuck in a redirect loop.