I'm trying to expose traefik over SSL using a custom domain name.
Similar to how the insecure option works, that auto redirects / to /dashboard/.
It seems that the insecure options creates two internal middlewares. dashboard_stripprefix@internal and dashboard_redirect@internal, but they are not available when insecure=false.
https://traefik.insanegenius.net/ redirects to https://traefik.insanegenius.net/index.php/dashboard/? that is 404.
Removing the index.php and using https://traefik.insanegenius.net/dashboard/ works correctly.
The injection of index.php seems to be a bug?
How do I recreate the internal dashboard rules, or how do I enable them when insecure is not enabled, or how to I expose the dashboard directly at /?
Ansible config for container:
---
# Install Traefik bound to port forwarding network
# https://docs.ansible.com/ansible/latest/modules/docker_container_module.html
- name: 'Install Traefik Public'
docker_container:
name: traefik-public
image: traefik
pull: yes
hostname: gateway
domainname: "{{ ansible_domain }}"
restart_policy: unless-stopped
command:
- "--configfile=/config/traefik-public.yml"
env:
TZ: "America/Los_Angeles"
volumes:
- "{{ appdata_dir }}/traefik/config:/config"
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
- name: "{{ docker_public_network }}"
ipv4_address: 192.168.1.48 # gateway.home.insanegenius.net
- name: "{{ docker_local_network }}"
# published_ports:
# Bind to static IP, do not expose any ports to host
# - 80:80
# - 443:443
# - 8080:8080
labels:
traefik.enable: "true"
traefik.http.routers.traefik-public.rule: "HostHeader(`traefik.{{ external_domain }}`)" # "HostHeader(`traefik.{{ external_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
traefik.http.routers.traefik-public.entrypoints: "websecure"
traefik.http.routers.traefik-public.service: "api@internal"
#traefik.http.routers.traefik-public.middlewares: "dashboard_stripprefix@internal,dashboard_redirect@internal"
recreate: "{{ docker_container_recreate }}"
networks_cli_compatible: yes
Static config:
global:
sendAnonymousUsage: true
log:
level: "WARN" # DEBUG, PANIC, FATAL, ERROR, WARN, and INFO
api:
dashboard: true
insecure: false # true, false
providers:
docker:
exposedByDefault: false
network: "localnet" # {{ docker_local_network }}
file:
filename: "/config/dynamic.yml"
# https://docs.traefik.io/routing/entrypoints/
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
# --entrypoints.websecure.http.middlewares=traefik-forward-auth
# --entrypoints.websecure.http.tls=true
# --entrypoints.websecure.http.tls.certresolver=dns-cloudflare
# --certificatesresolvers.dns-cloudflare.acme.email={{ cloudflare_email }}
# --certificatesresolvers.dns-cloudflare.acme.storage=/config/acme.json
# --certificatesresolvers.dns-cloudflare.acme.dnschallenge.provider=cloudflare
# CF_DNS_API_TOKEN: "{{ cloudflare_dns_api_token }}"
middlewares:
# Enable auth for all services
- "traefik-forward-auth@docker"
tls:
domains:
- main: "home.insanegenius.net" # {{ ansible_domain }}
sans:
- "*.home.insanegenius.net" #*.{{ ansible_domain }}
- main: "insanegenius.net" # {{ external_domain }}
sans:
- "*.insanegenius.net" # *.{{ external_domain }}
Dynamic config:
tls:
stores:
default: {}
certificates:
- certFile: "/config/star_insanegenius_net.crt"
keyFile: "/config/star_insanegenius_net.key"
- certFile: "/config/star_home_insanegenius_net.crt"
keyFile: "/config/star_home_insanegenius_net.key"