Running Dashboard on port 8443 and Configuring SSL

I am trying to run Traefik's dashboard on port 8443 and its docker-compose.yml file contain:

  traefik:
    container_name: traefik
    # The official v3 Traefik docker image 
    image: traefik:v3.3 
    # Enables the web UI and tells Traefik to listen to docker 
    ports:       
       - "80:80"
       - "443:443"
       - "8080:8080"
       - "8443:8443"

    command: 
      -  --api.insecure=false
      -  --providers.docker
      -  --providers.file.directory=/etc/traefik/dynamic

    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entryPoints=web8443
      - traefik.http.services.traefik.loadbalancer.server.port=443
      - "traefik.http.routers.traefik.rule=Host(`${RC_TRAEFIK_HOSTNAME}`)"

    volumes: 
      # So that Traefik can listen to the Docker events 
      - /var/run/docker.sock:/var/run/docker.sock     
      # Mount the dynamic configuration      
      - ./certs/certs-traefik.yaml:/etc/traefik/dynamic/certs-traefik.yaml
      - ./certs:/etc/certs 
      - ./traefik.yaml:/etc/traefik/traefik.yaml
    networks:
      - traefik-redcap-net
     

    
networks:
  traefik-redcap-net:
    external: true
    name: traefik-redcap-net

Where the content of traefik.yaml is:

## Static configuration
entryPoints:
  web80:
    address: ":80"

  web8080:
    address: ":8080"

  web443:
    address: ":443"

  web8443:
    address: ":8443"    

providers:
  file:
    filename: /etc/traefik/dynamic/certs-traefik.yaml

and /etc/traefik/dynamic/certs-traefik.yaml is:

tls:
  certificates:
    - certFile: /etc/certs/ssl.crt
      keyFile:  /etc/certs/ssl.key

When opening the website for the dashboard I get: 404 page not found

Also, I do not understand this result and why it is being opened a non secure ssl warning. Maybe the CA cert is also needed but if so how can I specify it?

I opened the 8443 port also:

8443/tcp                   ALLOW       Anywhere

Thanks in advance

You can’t use traefik.yml and command: at the same time for static config, decide for one (doc).

For a working setup, compare to simple Traefik example.

For the Traefik example you mentioned... I need to ask two questions:

a) How using commands valid ssl certificates can be specified? My university provides those certificates and CA file.
b) How using commands I can set traefik to listen to "external" secured port 8443 and redirect to traefik's internal 443? I want to reserve "external" 443 for another service.

Thanks

For existing TLS certs, you need to load them in a dynamic config file (doc), which is loaded via providers.file in static config.

Then you simply need to enable TLS on entrypoint or router with .tls=true or tls: {}.

For using a different port externally, you should set that up with ports: in Docker compose.yml.

I tried to follow all your suggestions and posted another question at:

Thanks

Answered already to you :slight_smile:

You're close, but the issue you're facing with the 404 error and SSL warning is likely due to missing or incorrect router configuration for the Traefik dashboard.

First, you're trying to expose the dashboard on port 8443 using the web8443 entryPoint, but there’s no router explicitly defined to serve the dashboard on that port. Traefik’s dashboard is not automatically exposed unless you configure a router for it. You need to add the following labels to your traefik service in the docker-compose.yml file:

- traefik.http.routers.dashboard.rule=Host(`yourdomain.com`)
- traefik.http.routers.dashboard.entrypoints=web8443
- traefik.http.routers.dashboard.service=api@internal
- traefik.http.routers.dashboard.tls=true

Make sure to replace yourdomain.com with your actual domain or hostname that points to the server running Traefik.

Second, the SSL warning you’re seeing is because you're using a self-signed certificate (ssl.crt and ssl.key). Modern browsers don’t trust self-signed certificates by default, so they show a "Not Secure" warning. For local or internal testing, you can proceed by accepting the warning in the browser. For production or public access, it’s better to use a certificate from a trusted authority like Let's Encrypt. Traefik supports automatic Let's Encrypt configuration using the ACME protocol.

If you're using a certificate from a Certificate Authority and it's still showing an SSL warning, it might be due to a missing CA chain. In that case, you should include the full certificate chain in the configuration. Update the certs-traefik.yaml file to point to the fullchain.pem and privkey.pem like this:

tls:
  certificates:
    - certFile: /etc/certs/fullchain.pem
      keyFile: /etc/certs/privkey.pem

Lastly, make sure that port 8443 is not only exposed in your Docker configuration but also open on your firewall and router. You've already allowed it via UFW, which is good. Try accessing your dashboard through https://yourdomain.com:8443 and check if it loads properly. Also, use docker logs traefik to monitor any runtime errors related to routing or TLS.