The dashboard is not accessible: bug or wrong code?

If you have a valid acme.json, you can copy it around and have Traefik use it. Be aware the LE certificates expire after around 90 days.

In general you can not use LetsEncrypt with localhost. LE will try to verify your domain name and the IP, and of course it can't reach your localhost to do that.

Here is a workin example docker-compose.yml with Traefik, dashboard, LetsEncrypt, LE certs stored on host, http->https and www redirect - and a service:

#docker-compose.yml
version: '3.9'

services:
  traefik:
    image: traefik:v2.9
    ports:
      - published: 80
        target: 80
        protocol: tcp
        mode: host
      - published: 443
        target: 443
        protocol: tcp
        mode: host
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /root/traefik-certificates:/traefik-certificates
    command:
      --providers.docker=true
      --providers.docker.network=proxy
      --providers.docker.exposedByDefault=false
      --entryPoints.web.address=:80
      --entryPoints.web.http.redirections.entryPoint.to=websecure
      --entryPoints.web.http.redirections.entryPoint.scheme=https
      --entryPoints.websecure.address=:443
      --entryPoints.websecure.http.tls=true
      --api.debug=true
      --api.dashboard=true
      --log.level=DEBUG
      --accesslog=true
      --certificatesResolvers.myresolver.acme.email=mail@example.com
      --certificatesResolvers.myresolver.acme.tlschallenge=true
      --certificatesResolvers.myresolver.acme.storage=/traefik-certificates/acme.json
    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.entrypoints=websecure
      - traefik.http.routers.mydashboard.rule=Host(`traefik.example.com`) || Host(`www.traefik.example.com`)
      - traefik.http.routers.mydashboard.tls.certresolver=myresolver
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth,mywwwremove
      - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/
      - traefik.http.middlewares.mywwwremove.redirectregex.regex=^https://www\.(.*)
      - traefik.http.middlewares.mywwwremove.redirectregex.replacement=https://$${1}
      - traefik.http.services.dummy-svc.loadbalancer.server.port=9999

  whoami:
    image: traefik/whoami:v1.8
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.mywhoami.entrypoints=websecure
      - traefik.http.routers.mywhoami.rule=Host(`example.com`) || Host(`www.example.com`)
      - traefik.http.routers.mywhoami.tls.certresolver=myresolver
      - traefik.http.routers.mywhoami.middlewares=mywwwremove
      - traefik.http.services.mywhoami.loadbalancer.server.port=80

networks:
  proxy:
    name: proxy
    driver: overlay
    attachable: true
  • Note that the rule must include both host names ( example.com, www.example.com )
  • Not sure docker compose will automatically create the network if not in Swarm mode
1 Like