Traefik Dashboard 404 not found - Docker

At least on the curl site:

> GET /dashboard/ HTTP/2
> Host: 45.77.52.138
> user-agent: curl/7.71.0

There were some changes in the area after 2.2.1 that took several versions to get right. We are now at 2.2.5, but I'm not convinced that all the issues are ironed out. HTTP/2 in particular is suspect. If you could try with 2.2.1 perhaps? What you showing looks right and it should work. TLS certificates is a different matter though.

Good evening,

Apologies for the late reply!

So routing is as follows:

My home network is 192.168.0.x
Internal docker vlan is 172.22.0.x (which bridges to 192.168.0.254)

I've currently got Nginx + Pihole on the macvlan (due to the fact that I have apache on the host (0.254), I couldn't have Pihole or Nginx on bridge/host as they both use port 80 (and 443 in Nginx's case).

I've done some further experimentation, and it seems that Traefik works in bridge mode with the current config (https://pastebin.com/WJdQG40J), but doesn't work at all in the macvlan (even though Nginx has no issues).

I've also tried allowing traefik to use both bridge and macvlan networks, but still no go.

Is there any way to have Traefik work on the macvlan + the bridge network by allowing access to both or would I need to keep Traefik on the bridge and create a separate rule to access pihole externally?

My home network is 192.168.0.x

Thank you for explaining that.

I've currently got Nginx + Pihole on the macvlan (due to the fact that I have apache on the host (0.254), I couldn't have Pihole or Nginx on bridge/host as they both use port 80 (and 443 in Nginx's case).

Sorry can you explain this a bit more. You cannot use the same port for the same container IP, that's for sure, but presumably Pihole or Nginx are a separate container from apache so what's wrong with having them on a bridge?

but doesn't work at all in the macvlan (even though Nginx has no issues).

You keep saying "not working" and I asked you to explain what is that, that is not working, but for whatever reason you chose not to. It would not be possible for me to help you if I do not get information that I require. In particular, I would like to know what you did, (e.g. curl command that you ran with all parameters/urls) what you expected to see (e.g. dashboard html) and what you saw instead (404, cert error, timeout, etc).

If "not working" is curling http://192.168.0.6:8080/api/http/routers, then it's not working because in your last example 8080 corresponds to a entry point called traefik but then you are not use this entry point in any router, which I already mentioned above.

I know that experimenting head-first is much more exciting than answering boring questions, but if you would like useful input from me, I encourage you to make an effort

Sorry can you explain this a bit more. You cannot use the same port for the same container IP, that's for sure, but presumably Pihole or Nginx are a separate container from apache so what's wrong with having them on a bridge?

So in this case, with PiHole for example, if you change from port 80 and 443, it causes issues with the adblocking itself if one were to change the ports that are exposed (eg 81:80). For Nginx, it was just easier and cleaner to have it on the separate mcvlan rather than as a different port within the host.

In regards to the curl command, I also attempted curl traefik.domain.com and get the 404 also. At the time 3 weeks ago, I obviously wasn't aware about the 8080 entrypoint rule. So running curl http://traefik.domain.com/dashboard only gives 404 page not found when on the macvlan as per the screenshot third comment down.

My latest attempt I tried curl -k https://traefik.mydomain.com and got:

$ curl -k https://traefik.mydomain.com
404 page not found

This is purely using the macvlan, not attaching it to the bridge as well.

I know that experimenting head-first is much more exciting than answering boring questions, but if you would like useful input from me, I encourage you to make an effort

Could we try to take the condescension down a notch? I understand that it's infuriating to both parties where one is attempting to assist (thank you very much by the way for helping), and the one attempting to learn is missing some inputs/queries, but I'm sure the tone can be kept amicable.

That was not the intention, and sincere apologies if it came across this way. I, myself, personally do feel that that experimenting head-first is much more exciting than answering boring questions. I have been on the other end of support threads too, so that was reflection of my experience. On the other hand I do not feel that I can contribute to this discussion any further. Good luck!

Looks like we both misunderstood the textual intention and intonation, so I will also apologise for my own misunderstanding on your comment! My apologies!

Yes, I will absolutely agree that experimenting is far more fun, but one needs to get the basics working prior to the fun part (and I'm one of the weirdos that thinks the boring questions are also one of the fun parts as that's usually where you learn and/or realise you're being an idiot, which I'm probably being)

But once again, I thank you for the assistance thus far, I just need to figure out why it's not working on the macvlan, then I suspect I might be able to figure out the rest from there!

Thanks again!

@modem7 and others,

I was also experiencing a 404 issue, while trying to access traefik via a MACVLAN and following some instructions from here: How To Use Traefik v2 as a Reverse Proxy for Docker Containers on Ubuntu 20.04 | DigitalOcean

Culprit in my case was trying to set things up directly with (non-functioning) tls. I was aware of that and was just ignoring the message that Chrome was throwing at me by proceeding with an 'insecure' site.

Apparently Traefik does not accept proceeding with an insecure situation and throws back a 404. When changing the entrypoint to " web" on port 80 everything works.

I have gone through the post but I still encountered this issue. Could you help me have a look? Here is my configuration. I had the same configuaration labels for Grafana and Prometheus, and they worked for me. But the traefik dashboard did not.

traefik:
image: traefik:v2.3.4
command:
- --accesslog=true
- --accesslog.fields.defaultmode=keep
- --accesslog.fields.headers.defaultmode=keep
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --providers.docker.swarmMode=true
- --providers.docker.exposedByDefault=false
- --api.dashboard=true
- --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.leresolver.acme.email=
- --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.leresolver.acme.tlschallenge=true
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/home/ubuntu/letsencrypt:/letsencrypt"
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.rule=HostRegexp({host:.*})"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# expose dashboard
- "traefik.http.routers.t.rule=Host(traefik.ubuntu.domain.org) && (PathPrefix(/api) || PathPrefix(/dashboard`))" # Tell Traefik to create routre 't' and catch all requests with given Host
- "traefik.http.routers.t.tls=true"
- "traefik.http.routers.t.service=api@internal" # the router 't' will forward request to service api@internal
- "traefik.http.routers.t.tls.certresolver=leresolver" # the router 't' will use TLS certresolver called LE
- "traefik.http.routers.t.entrypoints=websecure" # the router 't' should listen on both entrypoints