Setting docker defaultRule

I'm trying to set the defaultRule for my docker containers, I'm doing this in my traefik.yml file.
This works for the containers and it will give them the proper route. However it breaks the file provider.
Traefik will start giving the error:

time="2023-02-26T01:26:27Z" level=error msg="Error while building configuration (for the first time): /etc/traefik/traefik.yml: template: :95: unexpected \"\\\\\" in operand" providerName=file

The very odd thing is that if I comment out the defaultRule line from my traefik.yml file the error doesn't go away. It only goes away if I completely remove the defaultRule: line out of the file.

I've redone my traefik.yml file by using the reference version, but that didn't change anything.

I've seen other help requests for this, but somehow their solutions don't work.

traefik.yml file:

global:
  checkNewVersion: true
  sendAnonymousUsage: false

serversTransport:
  insecureSkipVerify: true
  # rootCAs:
  #   - foobar
  #   - foobar
  maxIdleConnsPerHost: 42
  forwardingTimeouts:
    dialTimeout: 42s
    responseHeaderTimeout: 42s
    idleConnTimeout: 42s

entryPoints:
  http:
    address: :80
    transport:
      lifeCycle:
        requestAcceptGraceTimeout: 42s
        graceTimeOut: 42s
      respondingTimeouts:
        readTimeout: 42s
        writeTimeout: 42s
        idleTimeout: 42s
    proxyProtocol:
      insecure: true
      trustedIPs:
        - 127.0.0.1/32
        - 10.0.0.0/8
        - 192.168.1.0/24
        - 192.168.4.0/24
        - 172.16.0.0/12
    forwardedHeaders:
      insecure: true
      trustedIPs:
        - 127.0.0.1/32
        - 10.0.0.0/8
        - 192.168.1.0/24
        - 192.168.4.0/24
        - 172.16.0.0/12
          #http:
          #  redirections:
          #    entryPoint:
          #      to: https
          #      scheme: https
          #      permanent: true
          #      priority: 42
    http2:
      maxConcurrentStreams: 42
    http3:
      advertisedPort: 42
    udp:
      timeout: 42s

  https:
    address: :443
    transport:
      lifeCycle:
        requestAcceptGraceTimeout: 42s
        graceTimeOut: 42s
      respondingTimeouts:
        readTimeout: 42s
        writeTimeout: 42s
        idleTimeout: 42s
    proxyProtocol:
      insecure: false
      trustedIPs:
        - 127.0.0.1/32
        - 10.0.0.0/8
        - 192.168.1.0/24
        - 192.168.4.0/24
        - 172.16.0.0/12
    forwardedHeaders:
      insecure: false
      trustedIPs:
        - 127.0.0.1/32
        - 10.0.0.0/8
        - 192.168.1.0/24
        - 192.168.4.0/24
        - 172.16.0.0/12
    http2:
      maxConcurrentStreams: 42
    http3:
      advertisedPort: 42
    udp:
      timeout: 42s

providers:
  providersThrottleDuration: 42s
  docker:
    # constraints: foobar
    watch: true
    defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.lan.to`,`{{ index .Labels \"com.docker.compose.service\"}}.lan`)"
    # tls:
      # ca: foobar
      # caOptional: true
      # cert: foobar
      # key: foobar
      # insecureSkipVerify: true
    exposedByDefault: true
    useBindPortIP: false
    network: docker-network
    httpClientTimeout: 42s
    allowEmptyServices: true

  file:
    directory: /etc/traefik
    watch: true
    # filename: foobar
    debugLogGeneratedTemplate: true
  # plugin:
  #   Descriptor0: {}
  #   Descriptor1: {}

api:
  insecure: true
  dashboard: true
  debug: true

metrics:
  influxDB2:
    address: http://influxdb:8086
    token: -redacted-
    pushInterval: 42s
    org: -redacted-
    bucket: telegraf
    addEntryPointsLabels: true
    addRoutersLabels: true
    addServicesLabels: true
    # additionalLabels:
      # name0: foobar
      # name1: foobar

# ping:
#   entryPoint: http
#   manualRouting: true
#   terminatingStatusCode: 42

log:
  level:  DEBUG #ERROR  # DEBUG, INFO, WARNING, ERROR, CRITICAL
#   filePath: /var/log/traefik/traefik.log
  format: common  # common, json, logfmt

# accessLog:
#   filePath: foobar
#   format: foobar
#   filters:
#     statusCodes:
#       - foobar
#       - foobar
#     retryAttempts: true
#     minDuration: 42s
#   fields:
#     defaultMode: foobar
#     names:
#       name0: foobar
#       name1: foobar
#     headers:
#       defaultMode: foobar
#       names:
#         name0: foobar
#         name1: foobar
#   bufferingSize: 42

# tracing:
#   serviceName: foobar
#   spanNameLimit: 42
#   jaeger:
#     samplingServerURL: foobar
#     samplingType: foobar
#     samplingParam: 42
#     localAgentHostPort: foobar
#     gen128Bit: true
#     propagation: foobar
#     traceContextHeaderName: foobar
#     disableAttemptReconnecting: true
#     collector:
#       endpoint: http://192.168.1.108:14268
#        user: foobar
#        password: foobar
#   datadog:
#     localAgentHostPort: foobar
#     globalTag: foobar
#     globalTags:
#       tag1: foobar
#       tag2: foobar
#     debug: true
#     prioritySampling: true
#     traceIDHeaderName: foobar
#     parentIDHeaderName: foobar
#     samplingPriorityHeaderName: foobar
#     bagagePrefixHeaderName: foobar
# hostResolver:
#   cnameFlattening: true
#   resolvConfig: foobar
#   resolvDepth: 42

certificatesResolvers:
  staging:
    acme:
      email: -redacted-
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      certificatesDuration: 90
      storage: /etc/traefik/certs/acme.json
      httpChallenge:
        entryPoint: web

  production:
    acme:
      email: -redacted-
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      certificatesDuration: 90
      storage: /etc/traefik/certs/acme.json
      httpChallenge:
        entryPoint: web
  hetznerdns:
    acme:
      email: -redacted-
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      certificatesDuration: 90
      storage: /etc/traefik/certs/acme.json
      dnsChallenge:
        provider: hetzner
        delayBeforeCheck: 42s
        resolvers:
          - 1.1.1.1:53

# (Optional) Overwrite Default Certificates
tls:
  stores:
    default:
      defaultCertificate:
        certFile: /ssl-certs/ca.pem
        keyFile: /ssl-certs/ca-key.pem
# (Optional) Disable TLS version 1.0 and 1.1
#   options:
#     default:
#       minVersion: VersionTLS12

# hub:
#   tls:
#     insecure: true
#     ca: foobar
#     cert: foobar
#     key: foobar
# experimental:
#   http3: true
#   hub: true
#   plugins:
#     Descriptor0:
#       moduleName: foobar
#       version: foobar
#     Descriptor1:
#       moduleName: foobar
#       version: foobar
#   localPlugins:
#     Descriptor0:
#       moduleName: foobar
#     Descriptor1:
#       moduleName: foobar

docker-compose file:

version: "3.3"
volumes:
  traefik-ssl-certs:
    driver: local
    
services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    labels:
      - "traefik.enable=true"
      - "traefik.passHostHeader=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.lan`, `traefik.lan.to`)"
      - "traefik.http.routers.traefik.service=traefik"
      - "traefik.http.routers.traefik.middlewares=traefik-chain"
      - "traefik.http.middlewares.traefik-chain.chain.middlewares=traefik-https-redirect,traefik-replacepath"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.permanent=true"
      - "traefik.http.middlewares.traefik-replacepath.replacepath.path=/dashboard/"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.lan`, `traefik.lan.to`)"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.service=traefik-secure"
      - "traefik.http.services.traefik-secure.loadbalancer.server.port=8080"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
      - "traefik.http.routers.traefik-secure.tls.certresolver=hetznerdns"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=-redacted-"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=-redacted-"
      #- "traefik.http.routers.traefik.service=api@internal
    environment:
      - "-redacted-"
    ports:
      - "80:80"
      - "443:443"
      #- "8083:8080"
    volumes:
      - "traefik-ssl-certs:/ssl-certs"
      - "./traefik:/etc/traefik"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - "frontend"
      
networks:
  frontend:
    name: docker-network
    external: true

Maybe try using Host() || Host(), not combining in the same one. I think it's deprecated in v3 anyway. Docker provider defaultRule docs.

With your provider.file you are watching the whole directory, that includes traefic.yml. Try only watching dedicated dynamic config files, not the static config. Recently someone had an issue because of having wrong files in the folder.

It seems the problem was indeed having the file provider pointing to the same directory the traefik.yml configuration file was in. Moved the file with all my routes to the ./routes directory and adjusted the provider in the configuration file and now all is working fine, TY!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.