Traefik has completely stopped working, and now it only shows an error message

Hello,

This is my third day trying to assemble and expose all of my services behind Traefik. Today, I attempted to set up a new file provider, and something broke in the process—now Traefik doesn't respond to any requests and doesn't even display its dashboard. I have no idea what went wrong. After hours of debugging with the help of AI tools and countless videos, I’m still stuck.

In docker logs I have this display:

025-04-08T22:43:22+02:00 ERR error="accept tcp [::]:80: use of closed network connection" entryPointName=http
2025-04-08T22:43:22+02:00 ERR error="close tcp [::]:80: use of closed network connection" entryPointName=http

Originally, I was trying to expose Nextcloud All-in-One using a dynamic configuration file, but no matter what I tried, I kept getting 404 Not Found errors. I had Portainer running, which I successfully set up using labels—but now it's not reachable and results in an error 512. I'm now trying to use dynamic configuration for Nextcloud instead, but I'm not sure if I'm doing it correctly.

I’ve read that some configuration options in Traefik are mutually exclusive, but I don't fully understand whether I can use both labels and dynamic configuration files at the same time.

I'm also providing my yml files below.

docker compose

services:
  traefik:
    image: traefik
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
      - 8080:8080
      # - 443:443/tcp # Uncomment if you want HTTP3
      # - 443:443/udp # Uncomment if you want HTTP3
    environment:
      #$CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets
      CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN} # if using .env
      TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    #secrets:
     # - cf_api_token
    #env_file: .env # use .env
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/traefik/data/config.yml:/dynamic
      #- /etc/traefik/data/:/etc/traefik/data/:ro
      #- ./data/acme.json:/acme.json
      # - ./data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      #- "traefik.http.routers.traefik.rule=Host(`traefik.dark-forge.com`)"
      #- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      #- "traefik.http.routers.traefik-secure.rule=Host(`traefik.dark-forge.com`)"
     # - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=xx.xx.com"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.xx.xx.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

traefik config

log:
  level: DEBUG
api:
  dashboard: true
  debug: true
  insecure: true
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
#    http:
#     redirections:
#        entryPoint:
#          to: https
#          scheme: https
serversTransport:
  insecureSkipVerify: true
providers:
  file:
    directory: /etc/traefik/data/
    watch: true
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  # file:
  #   filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: thisisnotmymail@gmail.com
      storage: /etc/traefik/data/acme.json
      # caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true 
        #elayBeforeCheck: 60s # 
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

dynamic config

http:
  routers:
    nextcloud:
      rule: "Host(`ex.ex.com`)"
      entrypoints:
        - "https"
      service: nextcloud
      middlewares:
        - nextcloud-chain
      tls:
        certresolver: "cloudflare"

  services:
    nextcloud:
      loadBalancer:
        servers:
          - url: "http://0.0.0.0:11000" # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below

  middlewares:
    nextcloud-secure-headers:
      headers:
        hostsProxyHeaders:
          - X-Forwarded-Host
        referrerPolicy: same-origin

  https-redirect:
    redirectscheme:
       scheme: https

  nextcloud-chain:
    chain:
      middlewares:
          # - ... (e.g. rate limiting middleware)
        - https-redirect
        - nextcloud-secure-headers

Without a rule, Traefik will not be able to match incoming requests to target services, like the dashboard.

Note that 0.0.0.0 is used to tell an application to listen on all available IPs, but when connecting to a service you need a specific IP.

1 Like

Thanks for the input. I'm not sure what I did wrong. I assume it had to do with misconfigured config files. I redid my setup, and now it works.