Some problems with traefik and docker

Hey guys,

i have some Problems with Traefik, which is run in docker:

  1. I want to secure the traefik dashboard, doesn't work. When i call traefik, i'm allways directly on the dashboard
  2. I want do redirect from http to https automaticly, doesn't work. I can call the URL with https://pma.localhost but with http:// i got an 404
  3. I want that traefik automaticly install TLS Certs, doesn't work. https://pma.localhost allways brings an certification error. No acme.json is created.

I despair :smiley:

So, here is my toml file:

[global]
  sendAnonymousUsage = false

[api]
  dashboard = true
  debug = true
  insecure = true

[log]
  level = "DEBUG"

[entryPoints]
  [entryPoints.http]
    address = ":80"
  [entryPoints.https]
    address = ":443"

[http.routers]
  [http.routers.redirecttohttps]
    entryPoints = ["http"]
    middlewares = ["httpsredirect"]
    rule = "HostRegexp(`{host:.+}`)"
    service = "noop"

[http.middlewares]
  [http.middlewares.httpsredirect.redirectScheme]
    permanent = true
    scheme = "https"
    port = 443

[certificatesresolvers]
  [certificatesresolvers.mytlschallenge.acme]
    email = "mymail adress"
    storage = "/certs/acme.json"
    [certificatesResolvers.mytlschallenge.acme.httpChallenge]
      entryPoint = "http"
    [certificatesResolvers.mytlschallenge.acme.tlsChallenge]

[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  exposedByDefault = false
  network = "mynetwork"

And this is docker compose, traefik and one container with phpMyAdmin:

version: "3.7"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    depends_on:
      - ${PMA}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:rw
      - ./traefik/traefik.toml:/etc/traefik/traefik.toml:ro
      - ./traefik/certs:/certs:rw
    ports:
      - 80:80
      - 8080:8080
      - 443:443
    labels:
      - traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$05$$O/F51ypL6pGkFyk65MGhx.htOTpQ4iYj1t/3j2OCDvyuLUnwaQ9QK
    networks:
      mynetwork:
        ipv4_address: ${TRAEFIK_IP}

  pma:
    image: phpmyadmin/phpmyadmin:5
    container_name: ${PMA}
    restart: unless-stopped
    volumes:
      - /sessions
    environment:
      - PMA_HOSTS=${DATABASE},${DATABASE_SERVICES}
    links:
      - ${DATABASE}
      - ${DATABASE_SERVICES}
    volumes:
      - /sessions
      - ./pma/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php
      - ./pma/php.ini:/usr/local/etc/php/php.ini
    networks:
      mynetwork:
        ipv4_address: ${PMA_IP}
    labels:
      - traefik.enable=true
      - traefik.http.routers.pma.tls.certresolver=mytlschallenge
      - traefik.http.routers.pma.entrypoints=https
      - traefik.http.routers.pma.rule=Host(`pma.localhost`)

Thx for help
Cheers
Ralf

Hello @ralf,

Your configuration is not valid.

Concerning the dashboard, the way to go is defined in the documentation, it could be something like:

# Static Configuration
[api]
# Dynamic Configuration
labels:
  - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
  - "traefik.http.routers.api.service=api@internal"
  - "traefik.http.routers.api.middlewares=auth"
  - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"

Concerning the redirection, if you want to use the default redirection, you can use the following configuration as defined in the documentation:

[entryPoints.web]
  address = ":80"

  [entryPoints.web.http]
    [entryPoints.web.http.redirections]
      [entryPoints.web.http.redirections.entryPoint]
        to = "websecure"
        scheme = "https"

[entryPoints.websecure]
  address = ":443"

Concerning the TLS certs, you can find the configuration in the related documentation for the static part (defining the acme account) and here for the dynamic part, which means the reference to set in the router configuration.