Router defined multiple times error

Hi there,

Suddenly bumping into the following error with traefik:

2024-06-11T21:22:55+02:00 ERR github.com/traefik/traefik/v3/pkg/provider/configuration.go:174 > Router defined multiple times with different configurations configuration=["radarr-docker-b1da03a3c9716287853edc3a910aeda4fda60747e1d509910401aebe0acfc96a","sabnzbd-docker-60984f2e27c4c3f44ef05c3427ad1632f8081d000275b54f2991894138558f23","traefik-docker-3c74ed86189d2f793a7e1091b3eaa08380eeecd96eb15f5b868e90c8c4859889"] providerName=docker routerName=traefik-rtr

docker compose:

##### NETWORKS
networks:
  default:
    driver: bridge
  proxy:
    name: proxy
  socket:
    name: socket

##### SECRETS
secrets:
  basic_auth_credentials:
    file: $DOCKERDIR/secrets/basic_auth_credentials
  cf_api_email:
    file: $DOCKERDIR/secrets/cf_api_email
  cf_dns_api_token:
    file: $DOCKERDIR/secrets/cf_dns_api_token
  plex_claim:
    file: $DOCKERDIR/secrets/plex_claim
  authelia_jwt_secret:
    file: $DOCKERDIR/secrets/authelia_jwt_secret
  authelia_session_secret:
    file: $DOCKERDIR/secrets/authelia_session_secret
  authelia_storage_encryption_key:
    file: $DOCKERDIR/secrets/authelia_storage_encryption_key
  authelia_email_password:
    file: $DOCKERDIR/secrets/authelia_email_password

##### SERVICES
include:
  # CORE
  - compose/socket-proxy.yml
  - compose/traefik.yml
  - compose/authelia.yml
  - compose/portainer.yml
  # FRONTEND
  - compose/homepage.yml
  - compose/whoami.yml
  # DOWNLOADERS
  - compose/sabnzbd.yml
  # PVRS
  - compose/radarr.yml
  # MEDIA  
  - compose/plex.yml
  # MONITORING
  - compose/dozzle.yml

traefik.yml

services:
  traefik:
    container_name: traefik
    image: traefik:v3.0.2
    security_opt:
      - no-new-privileges=true
    restart: unless-stopped
    ports:
      - 8008:80
      - 8443:443
    networks:
      - socket
      - proxy
    volumes:
      - $DOCKERDIR/appdata/traefik/letsencrypt:/letsencrypt
      - $DOCKERDIR/appdata/traefik/logs:/logs
      - $DOCKERDIR/appdata/traefik/rules:/rules
    command:
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --api.dashboard=true
      - --log=true
      - --log.level=DEBUG
      # - --log.filepath=/logs/traefik.log
      - --accesslog=true
      # - --accesslog.filepath=/logs/access.log
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      # - --entrypoints.traefik.address=:8080
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
      # - --entrypoints.websecure.http.tls.options=tls-opts@file
      - --entrypoints.websecure.http.tls.certresolver=dns-cloudflare
      - --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME
      - --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME
      - --certificatesresolvers.dns-cloudflare.acme.email=$EMAIL
      # - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesResolvers.dns-cloudflare.acme.storage=/letsencrypt/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90
      - --providers.docker=true
      - --providers.docker.endpoint=tcp://socket-proxy:2375
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=proxy
      - --providers.file.directory=/rules
      - --providers.file.watch=true
    environment:
      - TZ=$TZ
      - CF_API_EMAIL_FILE=/run/secrets/cf_api_email
      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token
      - DOMAINNAME
    secrets:
      - basic_auth_credentials
      - cf_dns_api_token
      - cf_api_email
    labels:
      - "traefik.enable=true"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=websecure"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
      # Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      # Middlewares
      # - "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file"
      - "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file" # For Authelia Authentication

sabnzbd.yml

services:
  sabnzbd:
    image: lscr.io/linuxserver/sabnzbd:latest
    container_name: sabnzbd
    security_opt:
      - no-new-privileges=true
    networks:
      - proxy
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
      - UMASK=002
    volumes:
      - $DOCKERDIR/appdata/sabnzbd/config:/config
      - $DATADIR/usenet:/usenet
    ports:
      - "8084:8080"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      # HTTP Routers Auth
      - "traefik.http.routers.sabnzbd-rtr.entrypoints=websecure"
      - "traefik.http.routers.sabnzbd-rtr.rule=Host(`sabnzbd.$DOMAINNAME`)"
      # Middlewares
      # - "traefik.http.routers.sabnzbd-rtr.middlewares=chain-basic-auth@file"
      - "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file" # For Authelia Authentication
      # HTTP Services
      - "traefik.http.routers.sabnzbd-rtr.service=sabnzbd-svc"
      - "traefik.http.services.sabnzbd-svc.loadbalancer.server.port=8080"

radarr.yml

services:
  radarr:
    image: lscr.io/linuxserver/radarr:latest
    container_name: radarr
    security_opt:
      - no-new-privileges=true
    restart: "no"
    networks:
      - proxy
    ports:
      - "7878:7878"
    volumes:
      - $DOCKERDIR/appdata/radarr:/config
      - $DATADIR:/data
    environment:
      TZ: $TZ
      PUID: $PUID
      PGID: $PGID
    labels:
      - "traefik.enable=true"
      # HTTP Routers Auth
      - "traefik.http.routers.radarr-rtr.entrypoints=websecure"
      - "traefik.http.routers.radarr-rtr.rule=Host(`radarr.$DOMAINNAME`)"
      # Middlewares
      # - "traefik.http.routers.radarr-rtr.middlewares=chain-basic-auth@file"
      - "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file" # For Authelia Authentication
      # HTTP Services
      - "traefik.http.routers.radarr-rtr.service=radarr-svc"
      - "traefik.http.services.radarr-svc.loadbalancer.server.port=7878"

Traefik is now showing a 404 when I visit traefik.homepage.com:8443. The weird thing is that sabnzbd & radarr work fine, also via reverse proxy.

What's going on? And how do I fix this?

You use the Traefik router name in other labels:

traefik.http.routers.traefik-rtr.middlewares

Did you try https://traefik.homepage.com:8443/dashboard/ ?

Thx it’s working again. Screwed it up when copy pasting the authelia docker label across multiple containers.

Still bumping into an error when adding sabnzdb as a client into radarr:

Test was aborted due to an error: Unable to connect to SABnzbd, HTTP request failed: [403:Forbidden] [GET] at [http://sabnzbd:8080/api?mode=get_config&apikey=xxxx

Using the following values for download client in Radarr:

Host: sabnzbd
Port: 8080
API key: copied from sabnzbd config

Rest of configs above are untouched, what can you make up out of this?

Is your apikey something Authelia handles? Otherwise I would think you are missing credentials for the security middleware.

You can enable Traefik access log in JSON mode, that will show OriginStatus (status code from target service) and DownstreamStatus (status code from Traefik to client). So you can check which component creates the error.

I put everything behind the standard basicauth and the exact problem persists, so assuming this is not related to authelia.

Did this and the following shows up in my access.log:

12.345.67.890 - - [12/Jun/2024:09:28:19 +0000] "POST /signalr/messages/negotiate?access_token=58c428f49aa44cb48ab0c1217a651d4b&negotiateVersion=1 HTTP/2.0" 200 215 "-" "-" 1 "radarr-rtr@docker" "http://172.19.0.6:7878" 6ms
12.345.67.890 - - [12/Jun/2024:09:28:20 +0000] "GET /api/v3/queue/status HTTP/2.0" 200 107 "-" "-" 3 "radarr-rtr@docker" "http://172.19.0.6:7878" 4ms
12.345.67.890 - - [12/Jun/2024:09:28:20 +0000] "GET /api/v3/command HTTP/2.0" 200 1325 "-" "-" 4 "radarr-rtr@docker" "http://172.19.0.6:7878" 4ms
12.345.67.890 - - [12/Jun/2024:09:28:20 +0000] "GET /api/v3/health HTTP/2.0" 200 170 "-" "-" 5 "radarr-rtr@docker" "http://172.19.0.6:7878" 3ms
12.345.67.890 - - [12/Jun/2024:09:28:20 +0000] "GET /api/v3/movie HTTP/2.0" 200 6 "-" "-" 6 "radarr-rtr@docker" "http://172.19.0.6:7878" 7ms
12.345.67.890 - - [12/Jun/2024:09:28:35 +0000] "POST /api/v3/downloadclient/test?forceTest=true HTTP/2.0" 400 664 "-" "-" 7 "radarr-rtr@docker" "http://172.19.0.6:7878" 13ms
12.345.67.890 - - [12/Jun/2024:09:28:37 +0000] "GET /api/v3/queue/details?all=true HTTP/2.0" 200 6 "-" "-" 8 "radarr-rtr@docker" "http://172.19.0.6:7878" 4ms
12.345.67.890 - - [12/Jun/2024:09:28:37 +0000] "GET /api/v3/command HTTP/2.0" 200 1402 "-" "-" 9 "radarr-rtr@docker" "http://172.19.0.6:7878" 4ms
12.345.67.890 - - [12/Jun/2024:09:28:37 +0000] "GET /api/v3/queue/details?all=true HTTP/2.0" 200 6 "-" "-" 10 "radarr-rtr@docker" "http://172.19.0.6:7878" 4ms
12.345.67.890 - - [12/Jun/2024:09:28:37 +0000] "GET /api/v3/command HTTP/2.0" 200 1402 "-" "-" 11 "radarr-rtr@docker" "http://172.19.0.6:7878" 4ms

As you can see there's a 400 when testing the download client. What does this tell you and how to address this? Thx!

Solved the issue, I needed to add "sabnzbd" to the whitelist section in special menu of sabnzbd. More info here: Basic-Setup - TRaSH Guides

Thx @bluepuma77 for your guidance as always!