Traefik docker swarm deployment: traefik dashboard 404 error

Traefik Traefik v2
,
1

I am not able to access the dashboard, below is the config

docker-compose
**version: '3.5'

services:
traefik:
image: traefik:latest
container_name: traefik
security_opt:
- no-new-privileges:true
networks:
- traefik-public
ports:
- 80:80
- 443:443
command:
- --entrypoints.websecure.http.tls=true
environment:
- CF_API_EMAIL=cc
- CF_DNS_API_TOKEN=cc
- CF_API_KEY=cc
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /mnt/nfs/docker/traefik_swarm/config/traefik.yml:/traefik.yml:ro
- /mnt/nfs/docker/traefik_swarm/acme.json:/acme.json
- /mnt/nfs/docker/traefik_swarm/config.yml:/config.yml:ro
- /mnt/nfs/docker/traefik_swarm/logs:/var/log/traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik-public"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(domain)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$2y$05$etnSNxq0f4.dgadYYpatoO1zxeDWXcLIS/ssss.e2"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(domain)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certificatesResolvers=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=domain"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*domain"
- "traefik.http.routers.traefik-secure.service=api@internal"

networks:
traefik-public:
external: true**

traefik.yml
api:
dashboard: true
debug: true

serversTransport:
insecureSkipVerify: true

entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"

providers:
docker:
endpoint: "unix:///var/run/docker.sock"
swarmMode: true
exposedByDefault: false
network: "traefik-public"
certificatesResolvers:
cloudflare:
acme:
email: cc #add your email
storage: acme.json
dnsChallenge:
provider: cloudflare
disablePropagationCheck: true
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"

log:
level: "DEBUG"
filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"

2

TLS handshake error from 10.0.0.2:50812: remote error: tls: unknown certificate"
error in log

3

Use 3 backticks before and after code for better readability. In yaml every space matters.

5 
version: '3.5'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik-public
    ports:
      - "80:80"
      - "443:443"
    command:
      - "--entrypoints.websecure.http.tls=true"
    environment:
      - CF_API_EMAIL=cc
      - CF_DNS_API_TOKEN=cc
      - CF_API_KEY=cc
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/mnt/nfs/docker/traefik_swarm/config/traefik.yml:/traefik.yml:ro"
      - "/mnt/nfs/docker/traefik_swarm/acme.json:/acme.json"
      - "/mnt/nfs/docker/traefik_swarm/config.yml:/config.yml:ro"
      - "/mnt/nfs/docker/traefik_swarm/logs:/var/log/traefik"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik-public"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`domain`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$2y$05$etnSNxq0f4.dgadYYpatoO1zxeDWXcLIS/ssss.e2"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`domain`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certificatesResolvers=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=domain"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*domain"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  traefik-public:
    external: true
6 
api:
  dashboard: true
  debug: true

serversTransport:
  insecureSkipVerify: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    swarmMode: true
    exposedByDefault: false
    network: "traefik-public"
    certificatesResolvers:
      cloudflare:
        acme:
          email: cc #add your email
          storage: acme.json
          dnsChallenge:
            provider: cloudflare
            disablePropagationCheck: true
    resolvers:
      - "1.1.1.1:53"
      - "1.0.0.1:53"

log:
  level: "DEBUG"
  filePath: "/var/log/traefik/traefik.log"
  accessLog:
    filePath: "/var/log/traefik/access.log"
7

done, thank you for reaching out

please have a look

8

Let’s see what I wrote 13 hours ago on this forum :wink:

You can’t use static config in traefik.yml and command: , decide for one (doc ).

Compare to simple Traefik Swarm example.

certresolver needs to be declared as root element in static config and then assigned to entrypoint or routers.

9

tried your docker compose got this in traefik log

msg="Unable to obtain ACME certificate for domains "whoami.bitsandbots.cc": unable to generate a certificate for the domains [whoami.bitsandbots.cc]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt" providerName=myresolver.acme rule="Host(whoami.bitsandbots.cc) || PathPrefix(/whoami)" routerName=websecure-whoami@docker ACME CA="https://acme-v02.api.letsencrypt.org/directory"

10

it works and I was able to access both services but how to get rid of the error in the log?

11

For the "rate limit" error you simply wait 7 days to go away.

Update: for "too many failed authorizations recently" it might be even less.

Note that Traefik CE does not support clustered LetsEncrypt. So if you run multiple Traefik instances, you would need to use dnsChallenge for per-server-certs, with a max of 5 because of rate limits.

12

It is just one traefik instance, the other problem I am facing is with service deployment

Scenario 1: deploying a service on manager node where traefik is running and exposing it using traefik works

Scenario 2 : deploying a service on a worker node , attach it to the proxy overlay network and then using traefik to expose the service . Does not work. In this case the service for some reason does not attach to the proxy network on manager node.

I have checked the udp port for overlay docker network communication it is working. All ports are working for docker communication

13 
version: '3.6'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:latest
    container_name: uptime-kuma
    volumes:
      - /mnt/nfs/docker/swarm/uptime-kuma/:/app/data
    restart: always
    ports:
      - "3001:3001"
    networks:
      - proxy
    deploy:

      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.routers.uptime-kuma-http.rule=Host(`xx`)"
        - "traefik.http.routers.uptime-kuma-http.entrypoints=web"
        #- "traefik.http.routers.uptime-kuma-http.middlewares=https-redirect"
        - "traefik.http.routers.uptime-kuma-https.rule=Host(`xx`)"
        - "traefik.http.routers.uptime-kuma-https.entrypoints=websecure"
        - "traefik.http.routers.uptime-kuma-https.tls=true"
        - "traefik.http.routers.uptime-kuma-https.tls.certresolver=myresolver"
        - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
networks:
  proxy:
    external: true
14

You would need to connect Traefik and the target service to the same Docker overlay network. And preferably set docker.network on provider.docker static config or on target service labels.

Compare to simple Traefik Swarm example.

Enable Traefik debug log, access log and Traefik Dashboard to see what’s going on.

15

overlay network : frontend

version: '3.6'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:latest
    container_name: uptime-kuma
    volumes:
      - /mnt/nfs/docker/swarm/kuma/:/app/data
    restart: always
    ports:
      - "3001:3001"
    networks:
      - frontend
    deploy:

      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=frontend"
        - "traefik.http.routers.uptime-kuma-https.rule=Host(`up.bitsandbots.cc`)"
        - "traefik.http.routers.uptime-kuma-https.entrypoints=websecure"
        - "traefik.http.routers.uptime-kuma-https.tls=true"
        - "traefik.http.routers.uptime-kuma-https.tls.certresolver=myresolver"
        - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
networks:
  frontend:
    external: true

version: '3.6'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:latest
    container_name: uptime-kuma
    volumes:
      - /mnt/nfs/docker/swarm/kuma/:/app/data
    restart: always
    ports:
      - "3001:3001"
    networks:
      - frontend
    deploy:

      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=frontend"
        - "traefik.http.routers.uptime-kuma-https.rule=Host(`up.bitsandbots.cc`)"
        - "traefik.http.routers.uptime-kuma-https.entrypoints=websecure"
        - "traefik.http.routers.uptime-kuma-https.tls=true"
        - "traefik.http.routers.uptime-kuma-https.tls.certresolver=myresolver"
        - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
networks:
  frontend:
    external: true
version: '3'

docker-compose for traefik

services:
  traefik:
    image: traefik:v2.10
      #hostname: '{{.Node.Hostname}}'
    ports:
      # listen on host ports without ingress network
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    networks:
      - frontend
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /mnt/nfs/docker/swarm_traefik/var/log:/var/log
      - /mnt/nfs/docker/swarm_traefik/letsencrypt:/letsencrypt
    command:
      - --api.dashboard=true
      - --log.level=INFO
      - --log.filepath=/var/log/traefik.log
      - --accesslog=true
      - --accesslog.filepath=/var/log/traefik-access.log
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=frontend
      - --providers.docker.swarmMode=true
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls.certresolver=myresolver
      - --certificatesresolvers.myresolver.acme.email=xx
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.myresolver.acme.tlschallenge=true
    deploy:
      mode: global
      placement:
        constraints:
          - node.role==manager
      labels:
        - traefik.enable=true
        - traefik.http.routers.mydashboard.rule=Host(`xx`)
        - traefik.http.routers.mydashboard.service=api@internal
        - traefik.http.routers.mydashboard.middlewares=myauth
        - traefik.http.services.mydashboard.loadbalancer.server.port=1337
        - traefik.http.middlewares.myauth.basicauth.users=admin:$$2y$$05$$KzaeJ..DkKCgmdsmSr92g.PRpP53fFvVYelrYH8G4qJn0cnelwzve

  whoami:
    image: traefik/whoami:v1.10
      #hostname: '{{.Node.Hostname}}'
    networks:
      - frontend
    deploy:
      mode: global
      labels:
        - 'traefik.enable=true'
        - 'traefik.http.routers.whoami.rule=Host(`xx`) || PathPrefix(`/whoami`)'
        - 'traefik.http.services.whoami.loadbalancer.server.port=80'

networks:
  frontend:
    external: true
16

debug logs:

time="2024-04-09T13:55:35Z" level=debug msg="Static configuration loaded {"global":{"checkNewVersion":true},"serversTransport":{"maxIdleConnsPerHost":200},"entryPoints":{"web":{"address":":80","transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s"}},"forwardedHeaders":{},"http":{"redirections":{"entryPoint":{"to":"websecure","scheme":"https","permanent":true,"priority":2147483646}}},"http2":{"maxConcurrentStreams":250},"udp":{"timeout":"3s"}},"websecure":{"address":":443","transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s"}},"forwardedHeaders":{},"http":{"tls":{"certResolver":"myresolver"}},"http2":{"maxConcurrentStreams":250},"udp":{"timeout":"3s"}}},"providers":{"providersThrottleDuration":"2s","docker":{"watch":true,"endpoint":"unix:///var/run/docker.sock","defaultRule":"Host({{ normalize .Name }})","swarmMode":true,"network":"frontend","swarmModeRefreshSeconds":"15s"}},"api":{"dashboard":true},"log":{"level":"DEBUG","filePath":"/var/log/traefik.log","format":"common"},"accessLog":{"filePath":"/var/log/traefik-access.log","format":"common","filters":{},"fields":{"defaultMode":"keep","headers":{"defaultMode":"drop"}}},"certificatesResolvers":{"myresolver":{"acme":{"email":"patelshukan97@gmail.com","caServer":"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"tlsChallenge\":{}}}}}"

time="2024-04-09T13:55:35Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"

time="2024-04-09T13:55:35Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"

time="2024-04-09T13:55:35Z" level=info msg="Starting provider *traefik.Provider"

time="2024-04-09T13:55:35Z" level=debug msg="*traefik.Provider provider configuration: {}"

time="2024-04-09T13:55:35Z" level=debug msg="Configuration received: {"http":{"routers":{"web-to-websecure":{"entryPoints":["web"],"middlewares":["redirect-web-to-websecure"],"service":"noop@internal","rule":"HostRegexp({host:.+})","priority":2147483646}},"services":{"api":{},"dashboard":{},"noop":{}},"middlewares":{"redirect-web-to-websecure":{"redirectScheme":{"scheme":"https","port":"443","permanent":true}}},"models":{"websecure":{"tls":{"certResolver":"myresolver"}}},"serversTransports":{"default":{"maxIdleConnsPerHost":200}}},"tcp":{},"udp":{},"tls":{}}" providerName=internal

time="2024-04-09T13:55:35Z" level=debug msg="Starting TCP Server" entryPointName=websecure

time="2024-04-09T13:55:35Z" level=debug msg="Starting TCP Server" entryPointName=web

time="2024-04-09T13:55:35Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"

time="2024-04-09T13:55:35Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"

time="2024-04-09T13:55:35Z" level=info msg="Starting provider *docker.Provider"

time="2024-04-09T13:55:35Z" level=debug msg="*docker.Provider provider configuration: {"watch":true,"endpoint":"unix:///var/run/docker.sock","defaultRule":"Host({{ normalize .Name }})","swarmMode":true,"network":"frontend","swarmModeRefreshSeconds":"15s"}"

time="2024-04-09T13:55:35Z" level=info msg="Starting provider *acme.Provider"

time="2024-04-09T13:55:35Z" level=debug msg="*acme.Provider provider configuration: {"email":"patelshukan97@gmail.com","caServer":"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"tlsChallenge\":{},\"ResolverName\":\"myresolver\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"

time="2024-04-09T13:55:35Z" level=debug msg="Attempt to renew certificates "720h0m0s" before expiry and check every "24h0m0s"" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"

time="2024-04-09T13:55:35Z" level=info msg="Testing certificate renew..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme

time="2024-04-09T13:55:35Z" level=debug msg="Configuration received: {"http":{},"tcp":{},"udp":{},"tls":{}}" providerName=myresolver.acme

time="2024-04-09T13:55:36Z" level=debug msg="Provider connection established with docker 26.0.0 (API 1.45)" providerName=docker

time="2024-04-09T13:55:36Z" level=debug msg="Filtering disabled container" container=portainer-agent-6awv1viwd1dr0j7fuxgj3jlbe providerName=docker

time="2024-04-09T13:55:36Z" level=debug msg="Filtering disabled container" container=portainer-agent-6d4o5oowgc338fqgqc5cl9t40 providerName=docker

time="2024-04-09T13:55:36Z" level=debug msg="Filtering disabled container" providerName=docker container=portainer-agent-c00lunqjpfv43b8abxjzmqzf5

time="2024-04-09T13:55:36Z" level=debug msg="Filtering disabled container" providerName=docker container=portainer-agent-oli4ozhkojlvan5aham8o9q9h

time="2024-04-09T13:55:36Z" level=debug msg="Could not find network named "frontend" for container "dockge_dockge.1". Maybe you're missing the project's prefix in the label?" container=dockge-dockge-oyet163193fhpbz291mff9oz3 serviceName=dockge providerName=docker

time="2024-04-09T13:55:36Z" level=warning msg="Defaulting to first available network (&{"ingress" "10.0.0.170" '\x00' "" "ba86nqnzgrzmjm9ubijb8xijf"}) for container "dockge_dockge.1"." container=dockge-dockge-oyet163193fhpbz291mff9oz3 serviceName=dockge providerName=docker

time="2024-04-09T13:55:36Z" level=debug msg="Filtering disabled container" providerName=docker container=public-ip-update-cloudflare-cloudflare-ddns-az42cazars16je81zb5lfst83

time="2024-04-09T13:55:36Z" level=debug msg="Configuration received: {"http":{"routers":{"dockge":{"entryPoints":["websecure"],"service":"dockge","rule":"Host(docker.bitsandbots.cc)","tls":{"certResolver":"myresolver"}},"mydashboard":{"middlewares":["myauth"],"service":"api@internal","rule":"Host(traefik.bitsandbots.cc)"},"portainer":{"entryPoints":["websecure"],"service":"portainer","rule":"Host(portainerswarm.bitsandbots.cc)","tls":{"certResolver":"myresolver"}},"uptime-kuma-https":{"entryPoints":["websecure"],"service":"uptime-kuma","rule":"Host(up.bitsandbots.cc)","tls":{"certResolver":"myresolver"}},"whoami":{"service":"whoami","rule":"Host(whoami.bitsandbots.cc) || PathPrefix(/whoami)"}},"services":{"dockge":{"loadBalancer":{"servers":[{"url":"http://10.0.0.170:5001"}],"passHostHeader":true}},"mydashboard":{"loadBalancer":{"servers":[{"url":"http://10.0.9.17:1337"}],"passHostHeader":true}},"portainer":{"loadBalancer":{"servers":[{"url":"http://10.0.9.14:9000"}],"passHostHeader":true}},"uptime-kuma":{"loadBalancer":{"servers":[{"url":"http://10.0.9.16:3001"}],"passHostHeader":true}},"whoami":{"loadBalancer":{"servers":[{"url":"http://10.0.9.11:80"},{"url":"http://10.0.9.9:80"},{"url":"http://10.0.9.8:80"},{"url":"http://10.0.9.6:80"}],"passHostHeader":true}}},"middlewares":{"myauth":{"basicAuth":{"users":["admin:$2y$05$KzaeJ..DkKCgmdsmSr92g.PRpP53fFvVYelrYH8G4qJn0cnelwzve"]}}}},"tcp":{},"udp":{}}" providerName=docker

time="2024-04-09T13:55:36Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default

time="2024-04-09T13:55:36Z" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme

time="2024-04-09T13:55:36Z" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery

time="2024-04-09T13:55:36Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web websecure]" routerName=mydashboard

time="2024-04-09T13:55:36Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web websecure]" routerName=whoami

time="2024-04-09T13:55:36Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" routerName=whoami@docker serviceName=whoami middlewareName=pipelining middlewareType=Pipelining entryPointName=web

time="2024-04-09T13:55:36Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=whoami@docker serviceName=whoami

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 0 http://10.0.9.8:80" serverName=0 entryPointName=web routerName=whoami@docker serviceName=whoami

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.8:80 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Propagating new UP status"

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 1 http://10.0.9.11:80" entryPointName=web routerName=whoami@docker serviceName=whoami serverName=1

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.11:80 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Still UP, no need to propagate"

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 2 http://10.0.9.9:80" serverName=2 routerName=whoami@docker serviceName=whoami entryPointName=web

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.9:80 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Still UP, no need to propagate"

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 3 http://10.0.9.6:80" entryPointName=web routerName=whoami@docker serviceName=whoami serverName=3

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.6:80 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Still UP, no need to propagate"

time="2024-04-09T13:55:36Z" level=debug msg="Added outgoing tracing middleware whoami" middlewareType=TracingForwarder entryPointName=web routerName=whoami@docker middlewareName=tracing

time="2024-04-09T13:55:36Z" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal

time="2024-04-09T13:55:36Z" level=debug msg="Setting up redirection to https 443" middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal

time="2024-04-09T13:55:36Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=mydashboard@docker

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" entryPointName=web routerName=mydashboard@docker middlewareName=myauth@docker middlewareType=BasicAuth

time="2024-04-09T13:55:36Z" level=debug msg="Adding tracing to middleware" middlewareName=myauth@docker entryPointName=web routerName=mydashboard@docker

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery

time="2024-04-09T13:55:36Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=websecure routerName=websecure-mydashboard@docker middlewareName=tracing middlewareType=TracingForwarder

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" middlewareName=myauth@docker entryPointName=websecure routerName=websecure-mydashboard@docker middlewareType=BasicAuth

time="2024-04-09T13:55:36Z" level=debug msg="Adding tracing to middleware" entryPointName=websecure middlewareName=myauth@docker routerName=websecure-mydashboard@docker

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" entryPointName=websecure routerName=websecure-whoami@docker serviceName=whoami middlewareName=pipelining middlewareType=Pipelining

time="2024-04-09T13:55:36Z" level=debug msg="Creating load-balancer" serviceName=whoami entryPointName=websecure routerName=websecure-whoami@docker

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 0 http://10.0.9.9:80" routerName=websecure-whoami@docker serviceName=whoami serverName=0 entryPointName=websecure

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.9:80 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Propagating new UP status"

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 1 http://10.0.9.6:80" entryPointName=websecure routerName=websecure-whoami@docker serviceName=whoami serverName=1

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.6:80 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Still UP, no need to propagate"

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 2 http://10.0.9.8:80" entryPointName=websecure routerName=websecure-whoami@docker serviceName=whoami serverName=2

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.8:80 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Still UP, no need to propagate"

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 3 http://10.0.9.11:80" serviceName=whoami serverName=3 entryPointName=websecure routerName=websecure-whoami@docker

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.11:80 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Still UP, no need to propagate"

time="2024-04-09T13:55:36Z" level=debug msg="Added outgoing tracing middleware whoami" entryPointName=websecure routerName=websecure-whoami@docker middlewareName=tracing middlewareType=TracingForwarder

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" middlewareName=pipelining entryPointName=websecure routerName=dockge@docker serviceName=dockge middlewareType=Pipelining

time="2024-04-09T13:55:36Z" level=debug msg="Creating load-balancer" entryPointName=websecure routerName=dockge@docker serviceName=dockge

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 0 http://10.0.0.170:5001" routerName=dockge@docker serviceName=dockge serverName=0 entryPointName=websecure

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.0.170:5001 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Propagating new UP status"

time="2024-04-09T13:55:36Z" level=debug msg="Added outgoing tracing middleware dockge" middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure routerName=dockge@docker

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=websecure routerName=uptime-kuma-https@docker serviceName=uptime-kuma middlewareName=pipelining

time="2024-04-09T13:55:36Z" level=debug msg="Creating load-balancer" serviceName=uptime-kuma entryPointName=websecure routerName=uptime-kuma-https@docker

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 0 http://10.0.9.16:3001" entryPointName=websecure routerName=uptime-kuma-https@docker serviceName=uptime-kuma serverName=0

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.16:3001 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Propagating new UP status"

time="2024-04-09T13:55:36Z" level=debug msg="Added outgoing tracing middleware uptime-kuma" entryPointName=websecure routerName=uptime-kuma-https@docker middlewareName=tracing middlewareType=TracingForwarder

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" entryPointName=websecure routerName=portainer@docker serviceName=portainer middlewareName=pipelining middlewareType=Pipelining

time="2024-04-09T13:55:36Z" level=debug msg="Creating load-balancer" serviceName=portainer entryPointName=websecure routerName=portainer@docker

time="2024-04-09T13:55:36Z" level=debug msg="Creating server 0 http://10.0.9.14:9000" serverName=0 entryPointName=websecure routerName=portainer@docker serviceName=portainer

time="2024-04-09T13:55:36Z" level=debug msg="child http://10.0.9.14:9000 now UP"

time="2024-04-09T13:55:36Z" level=debug msg="Propagating new UP status"

time="2024-04-09T13:55:36Z" level=debug msg="Added outgoing tracing middleware portainer" routerName=portainer@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure

time="2024-04-09T13:55:36Z" level=debug msg="Creating middleware" entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery

time="2024-04-09T13:55:36Z" level=debug msg="Adding route for whoami.bitsandbots.cc with TLS options default" entryPointName=websecure

time="2024-04-09T13:55:36Z" level=debug msg="Adding route for docker.bitsandbots.cc with TLS options default" entryPointName=websecure

time="2024-04-09T13:55:36Z" level=debug msg="Adding route for up.bitsandbots.cc with TLS options default" entryPointName=websecure

time="2024-04-09T13:55:36Z" level=debug msg="Adding route for portainerswarm.bitsandbots.cc with TLS options default" entryPointName=websecure

time="2024-04-09T13:55:36Z" level=debug msg="Adding route for traefik.bitsandbots.cc with TLS options default" entryPointName=websecure

time="2024-04-09T13:55:36Z" level=debug msg="Trying to challenge certificate for domain [docker.bitsandbots.cc] found in HostSNI rule" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=dockge@docker rule="Host(docker.bitsandbots.cc)"

time="2024-04-09T13:55:36Z" level=debug msg="Looking for provided certificate(s) to validate ["docker.bitsandbots.cc"]..." rule="Host(docker.bitsandbots.cc)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=dockge@docker

time="2024-04-09T13:55:36Z" level=debug msg="Domains ["docker.bitsandbots.cc"] need ACME certificates generation for domains "docker.bitsandbots.cc"." rule="Host(docker.bitsandbots.cc)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=dockge@docker

time="2024-04-09T13:55:36Z" level=debug msg="Loading ACME certificates [docker.bitsandbots.cc]..." rule="Host(docker.bitsandbots.cc)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=dockge@docker

time="2024-04-09T13:55:36Z" level=debug msg="Building ACME client..." providerName=myresolver.acme

time="2024-04-09T13:55:36Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme

time="2024-04-09T13:55:36Z" level=debug msg="Trying to challenge certificate for domain [up.bitsandbots.cc] found in HostSNI rule" routerName=uptime-kuma-https@docker rule="Host(up.bitsandbots.cc)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"

time="2024-04-09T13:55:36Z" level=debug msg="Trying to challenge certificate for domain [portainerswarm.bitsandbots.cc] found in HostSNI rule" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=portainer@docker rule="Host(portainerswarm.bitsandbots.cc)" providerName=myresolver.acme

time="2024-04-09T13:55:36Z" level=debug msg="Trying to challenge certificate for domain [traefik.bitsandbots.cc] found in HostSNI rule" routerName=websecure-mydashboard@docker ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme rule="Host(traefik.bitsandbots.cc)"

time="2024-04-09T13:55:36Z" level=debug msg="Looking for provided certificate(s) to validate ["portainerswarm.bitsandbots.cc"]..." providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=portainer@docker rule="Host(portainerswarm.bitsandbots.cc)"

time="2024-04-09T13:55:36Z" level=debug msg="Domains ["portainerswarm.bitsandbots.cc"] need ACME certificates generation for domains "portainerswarm.bitsandbots.cc"." rule="Host(portainerswarm.bitsandbots.cc)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=portainer@docker

time="2024-04-09T13:55:36Z" level=debug msg="Loading ACME certificates [portainerswarm.bitsandbots.cc]..." routerName=portainer@docker rule="Host(portainerswarm.bitsandbots.cc)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"

time="2024-04-09T13:55:36Z" level=debug msg="Looking for provided certificate(s) to validate ["up.bitsandbots.cc"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=uptime-kuma-https@docker rule="Host(up.bitsandbots.cc)" providerName=myresolver.acme

time="2024-04-09T13:55:36Z" level=debug msg="Domains ["up.bitsandbots.cc"] need ACME certificates generation for domains "up.bitsandbots.cc"." ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=uptime-kuma-https@docker rule="Host(up.bitsandbots.cc)" providerName=myresolver.acme

time="2024-04-09T13:55:36Z" level=debug msg="Loading ACME certificates [up.bitsandbots.cc]..." routerName=uptime-kuma-https@docker rule="Host(up.bitsandbots.cc)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"

time="2024-04-09T13:55:36Z" level=debug msg="Trying to challenge certificate for domain [whoami.bitsandbots.cc] found in HostSNI rule" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=websecure-whoami@docker rule="Host(whoami.bitsandbots.cc) || PathPrefix(/whoami)"

time="2024-04-09T13:55:36Z" level=debug msg="Looking for provided certificate(s) to validate ["whoami.bitsandbots.cc"]..." providerName=myresolver.acme routerName=websecure-whoami@docker rule="Host(whoami.bitsandbots.cc) || PathPrefix(/whoami)" ACME CA="https://acme-v02.api.letsencrypt.org/directory"

time="2024-04-09T13:55:36Z" level=debug msg="Looking for provided certificate(s) to validate ["traefik.bitsandbots.cc"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme rule="Host(traefik.bitsandbots.cc)" routerName=websecure-mydashboard@docker

time="2024-04-09T13:55:36Z" level=debug msg="Domains ["traefik.bitsandbots.cc"] need ACME certificates generation for domains "traefik.bitsandbots.cc"." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme rule="Host(traefik.bitsandbots.cc)" routerName=websecure-mydashboard@docker

time="2024-04-09T13:55:36Z" level=debug msg="Loading ACME certificates [traefik.bitsandbots.cc]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme rule="Host(traefik.bitsandbots.cc)" routerName=websecure-mydashboard@docker

time="2024-04-09T13:55:36Z" level=debug msg="Domains ["whoami.bitsandbots.cc"] need ACME certificates generation for domains "whoami.bitsandbots.cc"." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=websecure-whoami@docker rule="Host(whoami.bitsandbots.cc) || PathPrefix(/whoami)"

time="2024-04-09T13:55:36Z" level=debug msg="Loading ACME certificates [whoami.bitsandbots.cc]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=websecure-whoami@docker rule="Host(whoami.bitsandbots.cc) || PathPrefix(/whoami)"

time="2024-04-09T13:55:36Z" level=debug msg="Using TLS Challenge provider." providerName=myresolver.acme

time="2024-04-09T13:55:36Z" level=debug msg="legolog: [INFO] [docker.bitsandbots.cc] acme: Obtaining bundled SAN certificate"

time="2024-04-09T13:55:36Z" level=debug msg="legolog: [INFO] [portainerswarm.bitsandbots.cc] acme: Obtaining bundled SAN certificate"

time="2024-04-09T13:55:36Z" level=debug msg="legolog: [INFO] [up.bitsandbots.cc] acme: Obtaining bundled SAN certificate"

time="2024-04-09T13:55:36Z" level=debug msg="legolog: [INFO] [traefik.bitsandbots.cc] acme: Obtaining bundled SAN certificate"

time="2024-04-09T13:55:36Z" level=debug msg="legolog: [INFO] [whoami.bitsandbots.cc] acme: Obtaining bundled SAN certificate"

time="2024-04-09T13:55:37Z" level=error msg="Unable to obtain ACME certificate for domains "up.bitsandbots.cc": unable to generate a certificate for the domains [up.bitsandbots.cc]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt" routerName=uptime-kuma-https@docker rule="Host(up.bitsandbots.cc)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"

time="2024-04-09T13:55:37Z" level=error msg="Unable to obtain ACME certificate for domains "docker.bitsandbots.cc": unable to generate a certificate for the domains [docker.bitsandbots.cc]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt" routerName=dockge@docker rule="Host(docker.bitsandbots.cc)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"

time="2024-04-09T13:55:37Z" level=error msg="Unable to obtain ACME certificate for domains "whoami.bitsandbots.cc": unable to generate a certificate for the domains [whoami.bitsandbots.cc]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=websecure-whoami@docker rule="Host(whoami.bitsandbots.cc) || PathPrefix(/whoami)"

time="2024-04-09T13:55:37Z" level=error msg="Unable to obtain ACME certificate for domains "traefik.bitsandbots.cc": unable to generate a certificate for the domains [traefik.bitsandbots.cc]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt" providerName=myresolver.acme rule="Host(traefik.bitsandbots.cc)" routerName=websecure-mydashboard@docker ACME CA="https://acme-v02.api.letsencrypt.org/directory"

time="2024-04-09T13:55:37Z" level=error msg="Unable to obtain ACME certificate for domains "portainerswarm.bitsandbots.cc": unable to generate a certificate for the domains [portainerswarm.bitsandbots.cc]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=portainer@docker rule="Host(portainerswarm.bitsandbots.cc)"

time="2024-04-09T13:55:51Z" level=debug msg="Filtering disabled container" container=portainer-agent-6awv1viwd1dr0j7fuxgj3jlbe providerName=docker

time="2024-04-09T13:55:51Z" level=debug msg="Filtering disabled container" container=portainer-agent-6d4o5oowgc338fqgqc5cl9t40 providerName=docker

time="2024-04-09T13:55:51Z" level=debug msg="Filtering disabled container" providerName=docker container=portainer-agent-c00lunqjpfv43b8abxjzmqzf5

time="2024-04-09T13:55:51Z" level=debug msg="Filtering disabled container" providerName=docker container=portainer-agent-oli4ozhkojlvan5aham8o9q9h

time="2024-04-09T13:55:51Z" level=debug msg="Could not find network named "frontend" for container "dockge_dockge.1". Maybe you're missing the project's prefix in the label?" providerName=docker container=dockge-dockge-oyet163193fhpbz291mff9oz3 serviceName=dockge

time="2024-04-09T13:55:51Z" level=warning msg="Defaulting to first available network (&{"ingress" "10.0.0.170" '\x00' "" "ba86nqnzgrzmjm9ubijb8xijf"}) for container "dockge_dockge.1"." container=dockge-dockge-oyet163193fhpbz291mff9oz3 serviceName=dockge providerName=docker

time="2024-04-09T13:55:51Z" level=debug msg="Filtering disabled container" container=public-ip-update-cloudflare-cloudflare-ddns-az42cazars16je81zb5lfst83 providerName=docker

time="2024-04-09T13:55:51Z" level=debug msg="Configuration received: {"http":{"routers":{"dockge":{"entryPoints":["websecure"],"service":"dockge","rule":"Host(docker.bitsandbots.cc)","tls":{"certResolver":"myresolver"}},"mydashboard":{"middlewares":["myauth"],"service":"api@internal","rule":"Host(traefik.bitsandbots.cc)"},"portainer":{"entryPoints":["websecure"],"service":"portainer","rule":"Host(portainerswarm.bitsandbots.cc)","tls":{"certResolver":"myresolver"}},"uptime-kuma-https":{"entryPoints":["websecure"],"service":"uptime-kuma","rule":"Host(up.bitsandbots.cc)","tls":{"certResolver":"myresolver"}},"whoami":{"service":"whoami","rule":"Host(whoami.bitsandbots.cc) || PathPrefix(/whoami)"}},"services":{"dockge":{"loadBalancer":{"servers":[{"url":"http://10.0.0.170:5001"}],"passHostHeader":true}},"mydashboard":{"loadBalancer":{"servers":[{"url":"http://10.0.9.17:1337"}],"passHostHeader":true}},"portainer":{"loadBalancer":{"servers":[{"url":"http://10.0.9.14:9000"}],"passHostHeader":true}},"uptime-kuma":{"loadBalancer":{"servers":[{"url":"http://10.0.9.16:3001"}],"passHostHeader":true}},"whoami":{"loadBalancer":{"servers":[{"url":"http://10.0.9.11:80"},{"url":"http://10.0.9.9:80"},{"url":"http://10.0.9.8:80"},{"url":"http://10.0.9.6:80"}],"passHostHeader":true}}},"middlewares":{"myauth":{"basicAuth":{"users":["admin:$2y$05$KzaeJ..DkKCgmdsmSr92g.PRpP53fFvVYelrYH8G4qJn0cnelwzve"]}}}},"tcp":{},"udp":{}}" providerName=docker

time="2024-04-09T13:55:51Z" level=debug msg="Skipping unchanged configuration." providerName=docker

time="2024-04-09T13:55:56Z" level=debug msg="Serving default certificate for request: "traefik.bitsandbots.cc""

time="2024-04-09T13:55:56Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=myauth@docker

17

no error on traefik dashboard

18

able to access uptime service at local ip address and port 3001

19

update found this error
traefik_traefik.1.dfqpqgt5x88x@docker-s-m-1 | 10.0.0.2 - - [09/Apr/2024:19:25:03 +0000] "GET /favicon.ico HTTP/2.0" 504 15 "-" "-" 233 "kuma-https@docker" "http://10.0.11.85:3001" 30000ms

the current config for the app looks like this

version: '3.5'

services:

  traefik:
    # Use the latest v2.6.1 Traefik image available
    image: traefik:latest
    ports:
      # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
      - 80:80
      # Listen on port 443, default for HTTPS
      - 443:443
    deploy:
      placement:
        constraints:
          # Make the traefik service run only on the node with this label
          # as the node with it has the volume for the certificates
          - node.labels.traefik-public.traefik-public-certificates == true
      labels:
        # Enable Traefik for this service, to make it available in the public network
        - traefik.enable=true
        # Use the traefik-public network (declared below)
        - traefik.docker.network=traefik-public
        # Use the custom label "traefik.constraint-label=traefik-public"
        # This public Traefik will only use services with this label
        # That way you can add other internal Traefik instances per stack if needed
        - traefik.constraint-label=traefik-public
        # admin-auth middleware with HTTP Basic auth
        # Using the environment variables USERNAME and HASHED_PASSWORD
        - traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
        # https-redirect middleware to redirect HTTP to HTTPS
        # It can be re-used by other stacks in other Docker Compose files
        - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
        - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
        # traefik-http set up only to use the middleware to redirect to https
        # Uses the environment variable DOMAIN
        - traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
        - traefik.http.routers.traefik-public-http.entrypoints=http
        - traefik.http.routers.traefik-public-http.middlewares=https-redirect
        # traefik-https the actual router using HTTPS
        # Uses the environment variable DOMAIN
        - traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable not set}`)
        - traefik.http.routers.traefik-public-https.entrypoints=https
        - traefik.http.routers.traefik-public-https.tls=true
        # Use the special Traefik service api@internal with the web UI/Dashboard
        - traefik.http.routers.traefik-public-https.service=api@internal
        # Use the "le" (Let's Encrypt) resolver created below
        - traefik.http.routers.traefik-public-https.tls.certresolver=le
        # Enable HTTP Basic auth, using the middleware created above
        - traefik.http.routers.traefik-public-https.middlewares=admin-auth
        # Define the port inside of the Docker service to use
        - traefik.http.services.traefik-public.loadbalancer.server.port=8080
    volumes:
      # Add Docker as a mounted volume, so that Traefik can read the labels of other services
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/localtime:/etc/localtime:ro
      # Mount the volume to store the certificates
      #- traefik-public-certificates:/certificates
      - /mnt/nfs/docker/swarm_traefik/letsencrypt:/letsencrypt
    command:
      # We need to read in the static configs as well
      #- --providers.file=true
      #- --providers.file.filename=/rules.toml
      #- --providers.file.watch=true
      # Enable Docker in Traefik, so that it reads labels from Docker services
      - --providers.docker
      - --providers.docker.network=traefik-public
      # Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
      - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
      # Do not expose all Docker services, only the ones explicitly exposed
      - --providers.docker.exposedbydefault=false
      # Enable Docker Swarm mode
      - --providers.docker.swarmmode
      # Create an entrypoint "http" listening on port 80
      - --entrypoints.http.address=:80
      # Create an entrypoint "https" listening on port 443
      - --entrypoints.https.address=:443
      # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
      - --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
      # Store the Let's Encrypt certificates in the mounted volume
      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
      # Use the TLS Challenge for Let's Encrypt
      - --certificatesresolvers.le.acme.tlschallenge=true
      - --certificatesResolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      # Enable the access log, with HTTP requests
      - --accesslog
      # Enable the Traefik log, for configurations and errors
      - --log
      # Enable the Dashboard and API
      - --api
    networks:
      # Use the public network created to be shared between Traefik and
      # any other service that needs to be publicly available with HTTPS
      - traefik-public
networks:
  # Use the previously created public network "traefik-public", shared with other
  # services that need to be publicly available via this Traefik
  traefik-public:
    external: true

version: '3.7' 
services: 
  kuma: 
    image: louislam/uptime-kuma:latest
    ports:
      - 3001:3001

    environment: 
      - PUID=1020
      - PGID=1020
      - TZ=America/New_York
    networks:
      - net
      - traefik-public
    volumes: 
      - /mnt/nfs/docker/swarm/up/data:/app/data
    deploy:
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.kuma-http.rule=Host(`time.bitsandbots.cc`)
        - traefik.http.routers.kuma-http.entrypoints=http
        - traefik.http.routers.kuma-http.middlewares=https-redirect
        - traefik.http.routers.kuma-https.rule=Host(`time.bitsandbots.cc`)
        - traefik.http.routers.kuma-https.entrypoints=https
        - traefik.http.routers.kuma-https.tls=true
        - traefik.http.routers.kuma-https.tls.certresolver=le
        - traefik.http.services.kuma.loadbalancer.server.port=3001

networks:
  net:
    driver: overlay
    attachable: true
  traefik-public:
20

My experience is also that Traefik <= traefik:2.10 behaves correctly.

When I had an upgrade to traefik >= traefik:2.11 (I was also running traefik:latest) everything broke down.

Seems like it's a known regression to traefik:2.11 and traefik:3.0 at least quickly browsing on GitHub.

21

Did you try docker compose pull (or fix to latest version v2.11.2) and restart services?