Secure Dashboard HTTPS 404

Traefik Traefik v3 (latest)
, ,
1

Hi,

I am unable to secure my traefik v3 dashboard for HTTPS. HTTP works fine if I use api insecure=true.

I am following bluepuma77's configuration (traefik-best-practice/docker-traefik-dashboard-letsencrypt at main · bluepuma77/traefik-best-practice · GitHub) for securing traefik v3 dashboard with docker. There are minor changes and I do set a different static ip address for traefik and whoami.

The domains for whoami and traefik are configured via my pfsense, are working correctly and ping the correct/expected IP address.

Configuration as follows:

version: '3.9'

services:
  traefik:
    image: traefik:v3.0
    container_name: "traefik"
    ports:
      - 80:80
      - 443:443
    networks:
      somelan:
        ipv4_address: someip.2
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/somepath/acme.json:/acme.json
      #- /var/log:/var/log
    command:
      - --api.dashboard=true
      - --log.level=INFO
      #- --log.filepath=/var/log/traefik.log
      - --accesslog=true
      #- --accesslog.filepath=/var/log/traefik-access.log
      - --providers.docker.network=somelan
      - --providers.docker.exposedByDefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      # remove next line when using Traefik v2
      - --entrypoints.websecure.asDefault=true 
      - --entrypoints.websecure.http.tls.certresolver=myresolver
      - --certificatesresolvers.myresolver.acme.email=personA@somedomain.com
      - --certificatesresolvers.myresolver.acme.tlschallenge=true
      - --certificatesresolvers.myresolver.acme.storage=/acme.json
    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.rule=Host(`traefik.somedomain.com`)
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth
      - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

  whoami:
    image: traefik/whoami:v1.8
    container_name: "whoami"
    networks:
      somelan:
        ipv4_address: someip.4
    labels:
      - traefik.enable=true
      - traefik.http.routers.mywhoami.rule=Host(`whoami.somedomain.com`) || Host(`www.whoami.somedomain.com`)
      - traefik.http.services.mywhoami.loadbalancer.server.port=80

      - traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
      - traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://$${1}
      - traefik.http.routers.mywhoami.middlewares=mywwwredirect

networks:
  somelan:
    external: true

Any ideas? Thanks in advance

2

Why do you set an IP address inside the Docker network? You can connect to the services with the service name, without IP.

Are the IPs even within the Docker network subnet?

Note that Traefik current is v3.1.

3

These ips are maclvan type and already assigned within my docker instance. Using http there is no issue with this setup.

Logically there should not be any issue with https since it already works on http.

I have no choice but to use maclvan type here so need to understand how I can get this to work. Thanks

4

Enable and check Traefik debug log.