Sudden Response Code 418 on Dashboard (and other services)

Traefik Traefik v3 (latest)
,
1

Hello everyone,
I am new to Traefik and after a lot of fiddling around I finally managed to get a simple containerized setup with two services (Traefik & BookStack) running.
I use Cloudflare DNS and set up a dnschallenge and all http traffic is redirected to https.

This setup worked fine, I was able to access the traefik Dashboard under traefik.my-domain.com and BookStack under wiki.my-domain.com but after about an hour of not using the services I wanted to open them again and only got response code 418 "I'm a teapot".

I stopped the BookStack container(s), restartet Traefik and deleted the certificates to force the download of new ones but this all did not work.
When accessing http://traefik.my-domain.com it still redirects to HTTPS but then I get this error code again.
The log also does not show any activity when I try to access the dashboard.

Below is my Traefik docker-compose.yml. I am omitting the BookStack configuration as the problem does not seem to be related to it (even with ONLY Traefik running I have this problem).

services:
  traefik:
    image: traefik:latest
    restart: unless-stopped
    container_name: traefik
    command:
      # Configure logging
      - "--log.level=DEBUG"
      - "--accessLog=true"
      # Opt out of usage statistics
      - "--global.sendAnonymousUsage=false"
      # Enable docker provider but do not expose containers by default
      - "--providers.docker"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=home-server"
      # API settings
      - "--api.dashboard=true"
      - "--api.insecure=false"
      - "--api.debug=true"
      # Entrypoints port 80 (http) and port 443 (https)
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      # Trust cloudflare forwarded headers (https://www.cloudflare.com/ips-v4)
      - "--entryPoints.web.forwardedHeaders.trustedIPs=103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
      - "--entryPoints.websecure.forwardedHeaders.trustedIPs=103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
      # Redirect http to https
      - "--entryPoints.web.http.redirections.entryPoint.to=websecure"
      - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
      # letsencrypt ACME
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.letsencrypt.acme.email=<my_mail>"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      # - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" # TODO remove once debugging is done      
      # default certificate
      - "--entryPoints.websecure.http.tls.certresolver=letsencrypt"
      - "--entryPoints.websecure.http.tls.domains[0].main=my-domain.com"
      - "--entryPoints.websecure.http.tls.domains[0].sans=*.my-domain.com"
    ports:
      # The HTTP port (necessary for HTTP challenge)
      - "80:80"
      # The HTTPS port
      - "443:443"
    networks:
      - frontend
    volumes:
      # Create a letsencrypt dir within the folder where the docker-compose file is
      - ./letsencrypt:/letsencrypt
      - ./logs:/logs
      # So that Traefik can read the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CF_DNS_API_TOKEN=<my_token>
      - CF_API_EMAIL=<my_mail>
    labels:
      - "traefik.enable=true"

      #
      # DASHBOARD CONFIGURATION
      #

      # route to traefik.my-domain.com
      - "traefik.http.routers.dashboard.rule=Host(`traefik.my-domain.com`)"
      # use internal API service
      - "traefik.http.routers.dashboard.service=api@internal"
      # use HTTPS entry
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.routers.dashboard.tls=true"
      # route traffic to 8080
      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
      # - "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
      # add authentication
      - "traefik.http.routers.dashboard.middlewares=authtraefik"
      # set dashboard user(s) (see https://stackoverflow.com/questions/47376909/traefik-authentication-failed )
      - "traefik.http.middlewares.authtraefik.basicauth.users=admin:<hash>"

networks:
  frontend:
    external: true
    name: home-server

I am forwarding both port 80 and 443 in my router.
And again: this all worked but somehow broke while idling.

What could be the problem here? And how could I get more information?

2

Enable and check Traefik debug log and Traefik access log.