I have a working instance of traefik. It's running on a Intel Nuc Celeron J4005 2.0GHz (4M Cache, up to 2.70 GHz) Dual Core CPU, 8GB ram and at least a 5400rpm hdd.
When accessing my traefik dashboard it loads very very slowly, taking several minutes to load. And sometimes won't even load the assets but still act like it resolved (title and logo in firefox, no warning sign next to the https).
This is my docker-compose file.
https://gist.github.com/y2klol/47f6b00d80c02a3251f14d2359191d58
This is my middlewares.toml
[http.middlewares]
[http.middlewares.middlewares-basic-auth]
[http.middlewares.middlewares-basic-auth.basicAuth]username=user, password=mystrongpassword (listed below after hashing)
users = [
"",
]
realm = "Traefik2 Basic Auth" usersFile = "/shared/.htpasswd" #be sure to mount the volume through docker-compose.yml
[http.middlewares.middlewares-rate-limit]
[http.middlewares.middlewares-rate-limit.rateLimit]
average = 100
burst = 50
[http.middlewares.middlewares-secure-headers]
[http.middlewares.middlewares-secure-headers.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlMaxAge = 100
hostsProxyHeaders = ["X-Forwarded-Host"]
sslRedirect = true
stsSeconds = 63072000
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = trueframeDeny = true #overwritten by customFrameOptionsValue
customFrameOptionsValue = "allow-from https:example.xyz" #CSP takes care of this but may be needed for organizr. contentTypeNosniff = true browserXssFilter = true
sslForceHost = true # add sslHost to all of the services
sslHost = "example.xyz"
referrerPolicy = "same-origin"
Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
contentSecurityPolicy = "frame-ancestors '.example.xyz:';object-src 'none';script-src 'none';"
featurePolicy = "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" [http.middlewares.middlewares-secure-headers.headers.customResponseHeaders] X-Robots-Tag = "none,noarchive,nosnippet,notranslate,noimageindex," server = ""
and my middleware-chains.toml
[http.middlewares]
[http.middlewares.chain-no-auth]
[http.middlewares.chain-no-auth.chain]
middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers"][http.middlewares.chain-basic-auth]
[http.middlewares.chain-basic-auth.chain]
middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers", "middlewares-basic-auth"]
Nothing in the logs looks odd only that it won't issue certificates for nextcloud. In addition, my firewall was been temporary disabled and still the same results.