The default "traefik" endpoint is the only endpoint that does not return 404 for every request

Hi.

Can somebody please tell me what I am doing wrong?

I am trying to do four things:

  • all HTTP ingress must be redirected to HTTPS
  • all HTTPS ingress for the path / should b forwarded to http://localhost:9000/cerebro/
  • all HTTPS ingress for the path /dashboard should be sent to the internal dashboard service
  • all HTTPS ingress for the path /api should be sent to the internal api service

to simplify things, i am running traefik as root:

root@com:/home/karl# /opt/traefik/traefik --configfile=/etc/traefik/traefik.toml

Here's my static config:

root@com:/etc/traefik# cat traefik.toml
################################################################
# Global configuration
################################################################
[global]
  checkNewVersion = true
  # Nothing wrong w/ letting them know it's in use
  # See: https://docs.traefik.io/contributing/data-collection/
  sendAnonymousUsage = true

################################################################
# Entrypoints configuration
################################################################

# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
  # We want all http to be immediately upgraded to https
  [entryPoints.web]
    address = ":80"

  [entryPoints.websecure]
    address = ":443"
    # TODO: also get the traefik dashboard on this entry point, too

  # I can't seem to get things "working" on the HTTPS endpoint, but at least
  # i can move the port that traefik's API and Dashboard are on...
  [entryPoints.traefik]
    address = ":8081"

################################################################
# Traefik logs configuration
################################################################
[log]
  # Log level
  # TODO: switch back when done debugging!
  level = "DEBUG"
  format = "common"

################################################################
# Access logs configuration
################################################################

[accessLog]

################################################################
# API and dashboard configuration
# See: https://docs.traefik.io/v2.1/operations/api/
################################################################

# Enable API and dashboard
[api]
  # Don't just have the api, also have a GUI
  dashboard = true

  # When enabled, the service is wired up do an entrypoint called "traefik" which appears to have no auth middleware
  # and is on port 8080.
  ##
  # TODO: when done debugging, turn off
  insecure = true

################################################################
# Ping configuration
# See: https://docs.traefik.io/v2.1/operations/ping/
################################################################

# Enable ping endpoint; this is what consul-agent will check against!
[ping]
  # Name of the related entry point
  #
  # Optional
  # Default: "traefik"
  entryPoint = "websecure"

################################################################
# Provider configuration
# See: https://docs.traefik.io/providers/file/
################################################################

[providers.file]
  filename = "/etc/traefik/dynamic.toml"

And here's my dynamic config:

################################################################
# the Dynamic config for Traefik
################################################################


################################################################
# Routing configuration
# See: https://docs.traefik.io/routing/routers/
################################################################


[http.routers]
  # A "catch-all" for HTTP -> HTTPS redirects
  [http.routers.http-catchall]
    # Anything that comes in over TCP/80
    entryPoints = ["web"]
    
    # And is destined for any host
    rule = "hostregexp(`{host:[a-z-.]+}`)"

    # Should get redirected to HTTPS
    middlewares = ["redirect-to-https"]

    # For reasons that are not clear or documented (typical for traefik...) 
    # the route never forms unless it has a service attached to it... but i don't know what
    # service this should have since after the redirect, there should be no more involvement...
    service = "cerebro"


  [http.routers.cerebro]
    # Any request that comes in on the HTTPS entrypoint
    # NOTE: since the traefik entry point seems to work, see if i can wire up the router to it as well...
    entryPoints = ["websecure", "traefik"]

    # And is for the / path
    rule = "Path(`/`)"

    # Should get re-written so the the /cerebro/ path is added to the query
    middlewares = ["add-cerebro-prefix"]

    # And then forwarded to the cerebro service
    service = "cerebro"

  [http.routers.dashboard]
    # Any request that comes in on the HTTPS entrypoint
    entryPoints = ["websecure"]

    # And is for the /dashboard path
    rule = "PathPrefix(`/dashboard`)"

    # TODO: SHould get AUTH applied to it
    # for now, just replicate the middlewares that exist when insecure=true is set...
    ##
    # Note: removed "dashboard_stripprefix@internal" and dashboard_redirect@internal"due to
    #   middleware "dashboard_stripprefix@internal" does not exist  entryPointName=websecure routerName=dashboard@file
    #   middleware "dashboard_redirect@internal" does not exist  entryPointName=websecure routerName=dashboard@file
    middlewares = []

    # And then forwarded to the internal dashboard/api service
    # See: https://docs.traefik.io/v2.1/operations/dashboard/#secure-mode
    service = "dashboard@internal"

  [http.routers.api]
    # Any request that comes in on the HTTPS entrypoint
    entryPoints = ["websecure"]

    # And is for the /api
    rule = "PathPrefix(`/api`)"

    # And then forwarded to the internal dashboard/api service
    # See: https://docs.traefik.io/v2.1/operations/dashboard/#secure-mode
    service = "api@internal"

################################################################
# Services configuration
# See: https://docs.traefik.io/routing/services/
################################################################
## Dynamic configuration
[http.services]
  [http.services.cerebro.loadBalancer]
    [[http.services.cerebro.loadBalancer.servers]]
      # Cerebro will expect traffic on port 9000
      url = "http://127.0.0.1:9000/"

################################################################
# Midleware configuration
# See: https://docs.traefik.io/middlewares/addprefix/
################################################################

# Prefixing with /cerebro
[http.middlewares]
  [http.middlewares.add-cerebro-prefix.addPrefix]
    # a request for / will be turnd into a request for /cerrebro/ and then forwarded...
    prefix = "/cerebro"

  [http.middlewares.redirect-to-https.redirectScheme]
    # See: https://docs.traefik.io/middlewares/redirectscheme/
    scheme = "https"

And here's a full log from startup to making two small requests on the dashboard:

root@com:/home/karl# /opt/traefik/traefik --configfile=/etc/traefik/traefik.toml
INFO[0000] Configuration loaded from file: /etc/traefik/traefik.toml
INFO[2019-12-13T20:26:12Z] Traefik version 2.1.1 built on 2019-12-12T19:01:37Z
DEBU[2019-12-13T20:26:12Z] Static configuration loaded {"global":{"checkNewVersion":true,"sendAnonymousUsage":true},"serversTransport":{"maxIdleConnsPerHost":200},"entryPoints":{"traefik":{"address":":8081","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{}},"web":{"address":":80","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{}},"websecure":{"address":":443","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{}}},"providers":{"providersThrottleDuration":2000000000,"file":{"watch":true,"filename":"/etc/traefik/dynamic.toml"}},"api":{"insecure":true,"dashboard":true},"ping":{"entryPoint":"websecure"},"log":{"level":"DEBUG","format":"common"},"accessLog":{"format":"common","filters":{},"fields":{"defaultMode":"keep","headers":{"defaultMode":"drop"}}}}
INFO[2019-12-13T20:26:12Z] Stats collection is enabled.
INFO[2019-12-13T20:26:12Z] Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.
INFO[2019-12-13T20:26:12Z] Help us improve Traefik by leaving this feature on :)
INFO[2019-12-13T20:26:12Z] More details on: https://docs.traefik.io/v2.0/contributing/data-collection/
INFO[2019-12-13T20:26:12Z] Starting provider aggregator.ProviderAggregator {}
DEBU[2019-12-13T20:26:12Z] Start TCP Server                              entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Start TCP Server                              entryPointName=web
DEBU[2019-12-13T20:26:12Z] Start TCP Server                              entryPointName=traefik
INFO[2019-12-13T20:26:12Z] Starting provider *file.Provider {"watch":true,"filename":"/etc/traefik/dynamic.toml"}
INFO[2019-12-13T20:26:12Z] Starting provider *traefik.Provider {}
DEBU[2019-12-13T20:26:12Z] Configuration received from provider file: {"http":{"routers":{"api":{"entryPoints":["websecure"],"service":"api@internal","rule":"PathPrefix(`/api`)"},"cerebro":{"entryPoints":["websecure","traefik"],"middlewares":["add-cerebro-prefix"],"service":"cerebro","rule":"Path(`/`)"},"dashboard":{"entryPoints":["websecure"],"service":"dashboard@internal","rule":"PathPrefix(`/dashboard`)"},"http-catchall":{"entryPoints":["web"],"middlewares":["redirect-to-https"],"service":"cerebro","rule":"hostregexp(`{host:[a-z-.]+}`)"}},"middlewares":{"add-cerebro-prefix":{"addPrefix":{"prefix":"/cerebro"}},"redirect-to-https":{"redirectScheme":{"scheme":"https"}}},"services":{"cerebro":{"loadBalancer":{"servers":[{"url":"http://127.0.0.1:9000/"}],"passHostHeader":null}}}},"tcp":{},"tls":{}}  providerName=file
DEBU[2019-12-13T20:26:12Z] Configuration received from provider internal: {"http":{"routers":{"api":{"entryPoints":["traefik"],"service":"api@internal","rule":"PathPrefix(`/api`)","priority":2147483646},"dashboard":{"entryPoints":["traefik"],"middlewares":["dashboard_redirect@internal","dashboard_stripprefix@internal"],"service":"dashboard@internal","rule":"PathPrefix(`/`)","priority":2147483645},"ping":{"entryPoints":["websecure"],"service":"ping@internal","rule":"PathPrefix(`/ping`)","priority":2147483647}},"middlewares":{"dashboard_redirect":{"redirectRegex":{"regex":"^(http:\\/\\/[^:]+(:\\d+)?)/$","replacement":"${1}/dashboard/","permanent":true}},"dashboard_stripprefix":{"stripPrefix":{"prefixes":["/dashboard/","/dashboard"]}}},"services":{"api":{},"dashboard":{},"ping":{}}},"tcp":{},"tls":{}}  providerName=internal
DEBU[2019-12-13T20:26:12Z] Creating middleware                           serviceName=cerebro middlewareName=pipelining middlewareType=Pipelining entryPointName=traefik routerName=cerebro@file
DEBU[2019-12-13T20:26:12Z] Creating load-balancer                        serviceName=cerebro entryPointName=traefik routerName=cerebro@file
DEBU[2019-12-13T20:26:12Z] Creating server 0 http://127.0.0.1:9000/      entryPointName=traefik routerName=cerebro@file serviceName=cerebro serverName=0
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware cerebro     entryPointName=traefik routerName=cerebro@file middlewareType=TracingForwarder middlewareName=tracing
DEBU[2019-12-13T20:26:12Z] Creating middleware                           middlewareType=AddPrefix entryPointName=traefik routerName=cerebro@file middlewareName=add-cerebro-prefix@file
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware                  routerName=cerebro@file entryPointName=traefik middlewareName=add-cerebro-prefix@file
DEBU[2019-12-13T20:26:12Z] Creating middleware                           middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery
DEBU[2019-12-13T20:26:12Z] Creating middleware                           entryPointName=web routerName=http-catchall@file serviceName=cerebro middlewareName=pipelining middlewareType=Pipelining
DEBU[2019-12-13T20:26:12Z] Creating load-balancer                        entryPointName=web routerName=http-catchall@file serviceName=cerebro
DEBU[2019-12-13T20:26:12Z] Creating server 0 http://127.0.0.1:9000/      routerName=http-catchall@file serviceName=cerebro serverName=0 entryPointName=web
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware cerebro     entryPointName=web routerName=http-catchall@file middlewareType=TracingForwarder middlewareName=tracing
DEBU[2019-12-13T20:26:12Z] Creating middleware                           entryPointName=web middlewareName=redirect-to-https@file middlewareType=RedirectScheme routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Setting up redirection to https               entryPointName=web middlewareName=redirect-to-https@file middlewareType=RedirectScheme routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware                  entryPointName=web routerName=http-catchall@file middlewareName=redirect-to-https@file
DEBU[2019-12-13T20:26:12Z] Creating middleware                           entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware dashboard@internal  entryPointName=websecure routerName=dashboard@file middlewareType=TracingForwarder middlewareName=tracing
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware api@internal  routerName=api@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Creating middleware                           middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] No default certificate, generating one
DEBU[2019-12-13T20:26:12Z] Creating middleware                           entryPointName=websecure routerName=cerebro@file serviceName=cerebro middlewareName=pipelining middlewareType=Pipelining
DEBU[2019-12-13T20:26:12Z] Creating load-balancer                        entryPointName=websecure routerName=cerebro@file serviceName=cerebro
DEBU[2019-12-13T20:26:12Z] Creating server 0 http://127.0.0.1:9000/      routerName=cerebro@file serviceName=cerebro serverName=0 entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware cerebro     entryPointName=websecure routerName=cerebro@file middlewareName=tracing middlewareType=TracingForwarder
DEBU[2019-12-13T20:26:12Z] Creating middleware                           middlewareName=add-cerebro-prefix@file middlewareType=AddPrefix entryPointName=websecure routerName=cerebro@file
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware                  routerName=cerebro@file middlewareName=add-cerebro-prefix@file entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware dashboard@internal  routerName=dashboard@file entryPointName=websecure middlewareType=TracingForwarder middlewareName=tracing
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware ping@internal  routerName=ping@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware api@internal  entryPointName=websecure middlewareName=tracing middlewareType=TracingForwarder routerName=api@file
DEBU[2019-12-13T20:26:12Z] Creating middleware                           entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware api@internal  routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware dashboard@internal  routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
DEBU[2019-12-13T20:26:12Z] Creating middleware                           entryPointName=traefik middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix routerName=dashboard@internal
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware                  routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
DEBU[2019-12-13T20:26:12Z] Creating middleware                           entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
DEBU[2019-12-13T20:26:12Z] Setting up redirection from ^(http:\/\/[^:]+(:\d+)?)/$ to ${1}/dashboard/  entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware                  middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
DEBU[2019-12-13T20:26:12Z] Creating middleware                           entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
DEBU[2019-12-13T20:26:12Z] Creating middleware                           entryPointName=web routerName=http-catchall@file serviceName=cerebro middlewareName=pipelining middlewareType=Pipelining
DEBU[2019-12-13T20:26:12Z] Creating load-balancer                        entryPointName=web routerName=http-catchall@file serviceName=cerebro
DEBU[2019-12-13T20:26:12Z] Creating server 0 http://127.0.0.1:9000/      serverName=0 serviceName=cerebro entryPointName=web routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Added outgoing tracing middleware cerebro     middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Creating middleware                           middlewareName=redirect-to-https@file middlewareType=RedirectScheme entryPointName=web routerName=http-catchall@file
DEBU[2019-12-13T20:26:12Z] Setting up redirection to https               routerName=http-catchall@file middlewareName=redirect-to-https@file middlewareType=RedirectScheme entryPointName=web
DEBU[2019-12-13T20:26:12Z] Adding tracing to middleware                  entryPointName=web routerName=http-catchall@file middlewareName=redirect-to-https@file
DEBU[2019-12-13T20:26:12Z] Creating middleware                           middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery
DEBU[2019-12-13T20:26:12Z] No default certificate, generating one
my.internal.ipv4.addy - - [13/Dec/2019:20:26:13 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 1 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:13 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 2 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:18 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 3 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:18 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 4 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:18 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 5 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:19 +0000] "GET /api/http/routers?search=&status=&per_page=10&page=1 HTTP/1.1" 200 1410 "-" "-" 6 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:21 +0000] "GET /api/http/routers/dashboard@file HTTP/1.1" 200 178 "-" "-" 7 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:21 +0000] "GET /api/entrypoints/websecure HTTP/1.1" 200 165 "-" "-" 8 "api@internal" - 0ms
my.internal.ipv4.addy - - [13/Dec/2019:20:26:23 +0000] "GET /api/overview HTTP/1.1" 200 332 "-" "-" 9 "api@internal" - 0ms
^CINFO[2019-12-13T20:26:24Z] I have to go...
INFO[2019-12-13T20:26:24Z] Stopping server gracefully
DEBU[2019-12-13T20:26:24Z] Waiting 10s seconds before killing connections.  entryPointName=websecure
DEBU[2019-12-13T20:26:24Z] Waiting 10s seconds before killing connections.  entryPointName=traefik
ERRO[2019-12-13T20:26:24Z] accept tcp [::]:443: use of closed network connection  entryPointName=websecure
ERRO[2019-12-13T20:26:24Z] accept tcp [::]:8081: use of closed network connection  entryPointName=traefik
DEBU[2019-12-13T20:26:24Z] Entry point websecure closed                  entryPointName=websecure
DEBU[2019-12-13T20:26:24Z] Waiting 10s seconds before killing connections.  entryPointName=web
ERRO[2019-12-13T20:26:24Z] accept tcp [::]:80: use of closed network connection  entryPointName=web
DEBU[2019-12-13T20:26:24Z] Entry point web closed                        entryPointName=web
DEBU[2019-12-13T20:26:25Z] Entry point traefik closed                    entryPointName=traefik
INFO[2019-12-13T20:26:25Z] Server stopped
INFO[2019-12-13T20:26:25Z] Shutting down

Can somebody tell me what i am missing?

1 Like

I have made a tiny . bit of progress: i can now get the / path to forward traffic to the cerebro backend!

I needed to add the flag indicating that TLS would be resolved:

  [http.routers.cerebro]
    # Any request that comes in on the HTTPS entrypoint
    # NOTE: since the traefik entry point seems to work, see if i can wire up the router to it as well...
    entryPoints = ["websecure"]

    # And is for the / path
    rule = "PathPrefix(`/cerebro`)"

    # Should get re-written so the the /cerebro/ path is added to the query
    #middlewares = ["add-cerebro-prefix"]

    # And then forwarded to the cerebro service
    service = "cerebro"

    # will terminate the TLS request
    [http.routers.cerebro.tls]

But i am still unable to get the HTTP -> HTTPS redirect working and the dashboard can't be accessed...

After a bit of head scratching, i've managed to get everything working. Posting my solution here for the benefit of anybody else that wants to use traefik but wishes there were any useful/working examples out there.

First:
The docs don't make is super explicit: you MUST have a "dynamic" provider. This provider can also be just a flat file or directory of files on the host. Why you can't just have your static configuration in the main traefik.toml file is beyond me. Kinda silly to use dynamic configuration... for a static config. But i digress.

Here's my traefik.toml:

################################################################
#
# Configuration for Traefik v2.
#
# All HTTP traffic MUST be immediately redirected to https
#
# The only backend service that needs to be exposed is Cerebro
#   via the /cerebro path
#
# The dashboard/API should be exposed via the /dashboard path
#
# The ping endpoint must be port 8080; http is OK
################################################################

################################################################
# Global configuration
################################################################
[global]
  checkNewVersion = true
  # Nothing wrong w/ letting them know it's in use
  # See: https://docs.traefik.io/contributing/data-collection/
  sendAnonymousUsage = true

################################################################
# Entrypoints configuration
################################################################

[entryPoints]
  # We want all http to be immediately upgraded to https
  [entryPoints.web]
    address = ":80"
  
  # All traffic will be over TLS
  [entryPoints.websecure]
    address = ":443"

  # And this is the endpoint that we'll monitor traefik health with
  [entryPoints.ping]
    address = ":8080"

################################################################
# Traefik logs configuration
################################################################

# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
[log]
  level = "INFO"

################################################################
# API and dashboard configuration
# See: https://docs.traefik.io/v2.1/operations/api/
################################################################

# Enable API and dashboard
[api]
  # Don't just have the api, also have a GUI
  dashboard = true

  # When enabled, the service is wired up do an entrypoint called "traefik" which appears to have no auth middleware
  # and is on port 8081
  ##
  insecure = false

################################################################
# Ping configuration
# See: https://docs.traefik.io/v2.1/operations/ping/
################################################################

# Enable ping endpoint; this is what consul-agent will check against!
[ping]
  entryPoint = "ping"

################################################################
# Provider configuration
# See: https://docs.traefik.io/providers/file/
################################################################

[providers.file]
  # ALL toml files here are loaded
  directory = "/etc/traefik/dynamic/"

Here's my dynamic/cerebro.toml:

##
# Handles all traffic to the /cerebro/* endpoint
#
##

[http.routers]
  [http.routers.cerebro]
    # Cerebro only accepts connections on HTTPS endpoint
    entryPoints = ["websecure"]

    # And is for the /cerebro path
    # See: https://docs.traefik.io/routing/routers/
    rule = "PathPrefix(`/cerebro`)"
    # For reasons that really suck, there's no easy way to automatically add the trailing /
    # So for now, we just suck it up and take the bad user experience (like configuring traefik isn't bad enough...) and tell users to bookmark the link w/ the slash already added

    # And then forwarded to the cerebro service
    service = "cerebro"

    # will terminate the TLS request
    # Note: This is REQUIRED, otherwise 404.
    [http.routers.cerebro.tls]

[http.services]
  [http.services.cerebro.loadBalancer]
    [[http.services.cerebro.loadBalancer.servers]]
      # Cerebro will expect traffic on port 9000
      url = "http://127.0.0.1:9000/"

Once i figured that out, the dashboard is nearly identical. My dynamic/dashboard.toml:


[http.routers]
  [http.routers.dashboard]
    # We want the dashboard to onlywork over HTTPS
    entryPoints = ["websecure"]

    # And is accessible on the /dashboard path
    # Dashboard is just a front end for API so we OR in the rule...
    # See: https://docs.traefik.io/routing/routers/
    rule = "PathPrefix(`/dashboard`) || PathPrefix(`/api`)"


    # And then forwarded to the internal dashboard/api service
    # See: https://docs.traefik.io/v2.1/operations/dashboard/#secure-mode
    service = "api@internal"

    # will terminate the TLS request
    # Note: This is REQUIRED, otherwise 404!
    [http.routers.dashboard.tls]

And the http redirect using the common noop technique... which seems like a hack to get it working... but, that's par for the course on traefik. Anyways, dynamic/redir.toml

##
# Traefik has some non-intuitive configuration. After much struggle, this is the approach seems to reliably
#   get http redirected to https.
#
# See: https://community.containo.us/t/global-http-to-https-redirect-in-v2/1658/3
##

[http.routers]
  [http.routers.redirecttohttps]
    entryPoints = ["web"]
    middlewares = ["httpsredirect"]
    # Literally ANY host
    rule = "HostRegexp(`{host:.+}`)"
    # Yep, no way to plug middleware directly into entrypoints... which is ironic as routers 
    # really don't do much more than what a rewrite() middleware would do if it had a special lookup_table
    # to consult...
    service = "noop"

[http.services]
  # noop service, the URL will be never called
  [http.services.noop.loadBalancer]
    [[http.services.noop.loadBalancer.servers]]
      url = "http://8.8.8.8"

[http.middlewares]
  [http.middlewares.httpsredirect.redirectScheme]
    scheme = "https"

Hope that helps somebody. If it doesn't, there's always a wealth of good examples about how to get nginx up and running and you'll probably sink less time into that compared trying to get traefik up.

1 Like

Hope that helps somebody. If it doesn't, there's always a wealth of good examples about how to get nginx up and running and you'll probably sink less time into that compared trying to get traefik up.

Good job!