Traefik Dashboard 404 not found - Docker

Traefik Traefik v2
1

Hi guys,

This is most likely an ID10T issue. First time setting up Traefik v2, and got a Dashboard 404 error.

I've tried curl http://192.168.0.6:8080/api/http/routers
and get: 404 page not found

Here's my config: https://pastebin.com/KUpSPVAk

I've tried following https://www.smarthomebeginner.com/traefik-2-docker-tutorial/#Testing_Docker_Traefik_2_Setup but I'm pretty certain I've mucked something up!

Here are the logs I currently have: https://pastebin.com/nR9cEzm1

Any help for this muppet would certainly be appreciated!

Thank you

2

Welcome @modem7

  - "traefik.http.routers.traefik-rtr.entrypoints=https"
  - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
  - "traefik.http.routers.traefik-rtr.tls=true"

This entrypoint https is defined as port 443 and the router is tls enabled. So using http:// scheme will not work.

Additionally the Rule is host based so you will need to use the host in the url.
https://traefik.$DOMAINNAME/

1 Like
3

Ahha, thank you for the pointer!

I've just setup a CNAME record on cloudflare, made sure the router was port forwarded accordingly to 80 and 443, and verified via ping.

Unfortunately still no go.

Getting 404 on https:// traefik. modem7. com. I'm definitely doing something stupid somewhere!

I'm also seeing acme.json is still empty

image
image748×646 28.9 KB

4

Can you post the new config (after your changes) and new logs? 404, when returned from traefik, means that none of the rules has matched, so, this is something you might want to doublecheck. And cert is of course a separate problem.

5

Also please docker inspect your docker container and check the labels. Using environment variables sometime they just aren't set.

6

Hi guys,

Thanks for the suggestions!

New Traefik Docker Logs:
https://pastebin.com/TEmasS7J

Inspect response:
https://pastebin.com/MwYaDPik

Traefik Logs:
https://pastebin.com/XTQF40RF

I've checked that all the files in the volumes (rules etc) have the same permissions the traefik.log (as that can be written to, I thought it'd be a good place to start just in case it was a permissions issue)

It looks like the labels are being seen as expected.

Cert I'm not too fussed about at this point, that I can resolve once I can see the dashboard (it's also using a staging server, so cert issues are to be expected).

Please note that Plex is hosted outside of Docker, and the Nginx things you see in the logs are just calls by Netdata.

7

Hi guys,

It seems that the macvlan might be the issue.

The settings I have work absolutely fine for Nginx, but seems to not work w/ Traefik. Have I done anything glaringly wrong?

8

The main reason I asked for posting your configuration, is so that I could try and reproduce your issue. Inspect response is not very well suited for that.

9

https://pastebin.com/2Rcm2w1X - this is my full docker compose

Hopefully this should give some insight

10

Can you also tell me what's not working? In your initial post you wrote:

I've tried curl http://192.168.0.6:8080/api/http/routers

but 192.168.0.6 is your internal docker macvlan, where did you issue that command from? How is routing setup between these two networks?

For what it's worth:

--entryPoints.traefik.address=:8080
...
traefik.http.routers.traefik-rtr.entrypoints=https
...
- traefik.http.routers.traefik-rtr.service=api@internal

If you are expecting api/dashboard on 8080 it won't be there since you are not using that entrypoint for the api/dashboard.

11

Hi,
I've a similar Problem: Dashboard is served by web but not by websecure

version: "3.3"
services:
  traefik:
    image: "traefik:v2.2"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--accesslog=true" # print access-logs
      - "--api" # enable dashboard
      - "--api.debug=true"
      - "--providers.docker=true" # listen for docker-container events
      - "--providers.docker.exposedbydefault=false" # explicitly expose by container label
      - "--entrypoints.web.address=:80" # http
      - "--entrypoints.websecure.address=:443" # https
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`1.2.3.4`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.dashboard.service=api@internal"

curl -v http://1.2.3.4/dashboard/
< HTTP/1.1 200 OK

curl -v -k https://1.2.3.4/dashboard/
< HTTP/2 404

What is my problem here?

12

Welcome @Psi

Your router does not have TLS enabled. You would need two routers on this service to do both http and https.

13

Ah ok. Is there a way to define tls global for every router similar to treafik 1?

14

Yes.

https://docs.traefik.io/routing/entrypoints/#tls

And above that section is the entrypoint redirect. So you can set a default http -> https redirect.

15

Hmm this is not clear to me. I already have a

  • "--entrypoints.websecure.address=:443"
    Cli option.
16

The command options, or equivalent toml/yaml
--entrypoints.websecure.http.tls=true
and/or
--entrypoints.websecure.http.tls.certresolver=myresolver0

This is my 'simple' example: 
services:
  traefik:
    image: "traefik:v2.2"
    command:
    - --entrypoints.web.address=:80
    - --entrypoints.web.http.redirections.entryPoint.to=websecure
    - --entrypoints.web.http.redirections.entryPoint.scheme=https
    - --entrypoints.web.http.redirections.entrypoint.permanent=true
    - --entrypoints.websecure.address=:443
    - --entrypoints.websecure.http.tls=true
    # add a resolver for real certs
    #- --entrypoints.websecure.http.tls.certresolver=myresolver0
    - --providers.docker=true
    - --providers.docker.exposedbydefault=false
    - --api
    labels:
      traefik.enable: "true"
      #traefik.http.routers.api.rule: (Host(`foo.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)))
      traefik.http.routers.api.rule: PathPrefix(`/api`) || PathPrefix(`/dashboard`)
      traefik.http.routers.api.service: api@internal
      traefik.http.services.dummy.loadBalancer.server.port: 65535
      traefik.http.routers.api.entrypoints: websecure
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  whoami:
    image: containous/whoami
    labels:
      traefik.enable: "true"
      traefik.http.routers.w.rule: PathPrefix(`/whoami`)
      traefik.http.routers.w.entrypoints: websecure
17

thanks a lot!
--entrypoints.websecure.http.tls=true did the trick

One last question: Can I have a Host Rule with an IP? Like Host('1.2.3.4') ? Seems this is not working.

18

@Psi the documentation for rules is located here. There is nothing that prevents you from having a host rule with an IP, but it will do the same thing that a host rule with a name: filter on the host header of the incoming http request. I'm not sure, that this is what you want.

19

If I add a Host-Rule with the IP of public interface I'll get 404s. So seems it does not work but never the less, adding a regular DNS for the Dashboard is the more straight forward way.

Many thanks for your feedback and help. I love traefik for years and the progress of v2

20

If I add a Host-Rule with the IP of public interface I'll get 404s

Does the IP address appear in the host header?