Traefik 2.8.2 not happy with my yml file

Hi all,

I have Traefik configured in Docker and also I supply a yml file to it for the non-Docker services.
Updating to 2.8.2 resulted in go panic messages, rolling back to 2.8.1 seems to do the trick.
Can someone please have a look on my yml file and let me know where the mistakes are? The yml vscode extension told me that my issue is with the rule definitions but not pointed me to the fix :frowning:

http:
  routers:
    sonarr:
      entryPoints:
        - web-secure
      middlewares:
        - fauth2
      rule: "Host(`sonarr.{{env "ZONE"}}`)"
      service: sonarr
      tls:
        certResolver: "basic"
    radarr:
      entryPoints:
        - web-secure
      middlewares:
        - fauth2
      rule: "Host(`radarr.{{env "ZONE"}}`)"
      service: radarr
      tls:
        certResolver: "basic"
    pi-hole:
      entryPoints:
        - web-secure
      middlewares:
        - fauth2
      rule: "Host(`phl.{{env "ZONE"}}`)"
      service: pi-hole
      tls:
        certResolver: "basic"       
    jackett:
      entryPoints:
        - web-secure
      middlewares:
        - fauth2
      rule: "Host(`jackett.{{env "ZONE"}}`)"
      service: jackett
      tls:
        certResolver: "basic"
    plex:
      entryPoints:
        - web-secure
      middlewares:
        - fauth2
      rule: "Host(`plex.{{env "ZONE"}}`)"
      service: plex
      tls:
        certResolver: "basic"
    nas:
      entryPoints:
        - web-secure
      middlewares:
        - fauth2
      rule: "Host(`true.{{env "ZONE"}}`)"
      service: nas
      tls:
        certResolver: "basic"        
  services:
    sonarr:
      loadBalancer:
        servers:
          - url: "http://192.168.0.30:8989"
    radarr:
      loadBalancer:
        servers:
          - url: "http://192.168.0.30:20000"
    pi-hole:
      loadBalancer:
        servers:
          - url: "http://192.168.0.24/admin/"     
    jackett:
      loadBalancer:
        servers:
          - url: "http://192.168.0.55:9117"
    plex:
      loadBalancer:
        servers:
          - url: "http://192.168.0.30:32400/web/index.html"
    nas:
      loadBalancer:
        servers:
          - url: "http://192.168.0.25"
  middlewares:
    fauth2:
      forwardAuth:
        address: "http://fauth:4181"
        trustForwardHeader: true
        authResponseHeaders: "X-Forwarded-User"

Here is the relevant Docker-Compose bit:

version: '3.7'
services:
  traefik_v2.0:
    image: 'traefik:2.8.1'
    container_name: traefik_v2
    hostname: traefik_v2
    ports:
      - '443:443'
      - '80:80'
      - '8080:8080'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
      - 'letsencrypt:/letsencrypt'
      - './traefik_v2/rules.yml:/rules.yml'
    env_file:
      - .env
    restart: unless-stopped
    labels:
      - com.ouroboros.enable=true
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=web
      - traefik.http.routers.traefik.rule=Host(`traefik.localhost`)
      - traefik.http.services.traefik.loadbalancer.server.port=8080
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      - "traefik.http.middlewares.BUFFER.buffering.maxrequestbodybytes=256000000"
      - "traefik.http.middlewares.BUFFER.buffering.maxresponsebodybytes=256000000"
      - "traefik.http.middlewares.BUFFER.buffering.memrequestbodybytes=256000000"
      - "traefik.http.middlewares.BUFFER.buffering.memresponsebodybytes=256000000"
      - 'traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)'
      - traefik.http.routers.redirs.entrypoints=web
      - traefik.http.routers.redirs.middlewares=redirect-to-https
    environment:
      - 'CLOUDFLARE_EMAIL=${EMAIL}'
      - 'CLOUDFLARE_API_KEY=${API_KEY}'
      - com.ouroboros.enable=true
      - 'TZ=${TZ}'
      - TRAEFIK_API_DASHBOARD=true
    command:
      - '--log.level=DEBUG'
      - '--log.format=json'
      - '--pilot.token=1c619e46-16bd-496f-80f1-2d8ceaa16160'
      - '--global.checkNewVersion=true'
      - '--global.sendAnonymousUsage=false'
      - '--entryPoints.web.address=:80'
      - '--entryPoints.web-secure.address=:443'
      - '--api'
      - '--api.debug'
      - '--api.insecure=true'
      - '--api.dashboard=true'
      - '--ping'
      - '--providers.docker.exposedByDefault=false'
      - '--providers.docker.watch=true'
      - '--providers.file.watch=true'
      - '--providers.file.filename=/rules.yml'
      - '--certificatesresolvers.basic.acme.tlschallenge=true'
      - '--certificatesresolvers.basic.acme.email=${EMAIL}'
      - '--certificatesresolvers.basic.acme.storage=/letsencrypt/acme.json'

Many thanks for your help.

Hello @losif,

Thanks for your interest in Traefik,

The issue is in the forwardAuth configuration, which should be the following:

middlewares:
  fauth2:
    forwardAuth:
      address: "http://fauth:4181"
      trustForwardHeader: true
      authResponseHeaders:
        - X-Forwarded-User

Please make sure that the schema you are using is up-to-date (some fixes have been pushed to JSON Schema Store).

As explained in v2.8.2 go panic ยท Issue #9249 ยท traefik/traefik ยท GitHub, we changed the behavior in v2.8.3, but we will reintroduce it in a future release.

Hope this helps!

Many thanks, that seems to be the proper fix. Here is a cool suggestion how about a cool config check tool? Or a config generator?

Many thanks for your help.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.