Hello,
This is my third day trying to assemble and expose all of my services behind Traefik. Today, I attempted to set up a new file provider, and something broke in the process—now Traefik doesn't respond to any requests and doesn't even display its dashboard. I have no idea what went wrong. After hours of debugging with the help of AI tools and countless videos, I’m still stuck.
In docker logs I have this display:
025-04-08T22:43:22+02:00 ERR error="accept tcp [::]:80: use of closed network connection" entryPointName=http
2025-04-08T22:43:22+02:00 ERR error="close tcp [::]:80: use of closed network connection" entryPointName=http
Originally, I was trying to expose Nextcloud All-in-One using a dynamic configuration file, but no matter what I tried, I kept getting 404 Not Found errors. I had Portainer running, which I successfully set up using labels—but now it's not reachable and results in an error 512. I'm now trying to use dynamic configuration for Nextcloud instead, but I'm not sure if I'm doing it correctly.
I’ve read that some configuration options in Traefik are mutually exclusive, but I don't fully understand whether I can use both labels and dynamic configuration files at the same time.
I'm also providing my yml files below.
docker compose
services:
traefik:
image: traefik
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
- 8080:8080
# - 443:443/tcp # Uncomment if you want HTTP3
# - 443:443/udp # Uncomment if you want HTTP3
environment:
#$CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets
CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN} # if using .env
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
#secrets:
# - cf_api_token
#env_file: .env # use .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/traefik/data/config.yml:/dynamic
#- /etc/traefik/data/:/etc/traefik/data/:ro
#- ./data/acme.json:/acme.json
# - ./data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
#- "traefik.http.routers.traefik.rule=Host(`traefik.dark-forge.com`)"
#- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
#- "traefik.http.routers.traefik-secure.rule=Host(`traefik.dark-forge.com`)"
# - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=xx.xx.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.xx.xx.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: true
traefik config
log:
level: DEBUG
api:
dashboard: true
debug: true
insecure: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
# http:
# redirections:
# entryPoint:
# to: https
# scheme: https
serversTransport:
insecureSkipVerify: true
providers:
file:
directory: /etc/traefik/data/
watch: true
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
# file:
# filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: thisisnotmymail@gmail.com
storage: /etc/traefik/data/acme.json
# caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true
#elayBeforeCheck: 60s #
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
dynamic config
http:
routers:
nextcloud:
rule: "Host(`ex.ex.com`)"
entrypoints:
- "https"
service: nextcloud
middlewares:
- nextcloud-chain
tls:
certresolver: "cloudflare"
services:
nextcloud:
loadBalancer:
servers:
- url: "http://0.0.0.0:11000" # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
middlewares:
nextcloud-secure-headers:
headers:
hostsProxyHeaders:
- X-Forwarded-Host
referrerPolicy: same-origin
https-redirect:
redirectscheme:
scheme: https
nextcloud-chain:
chain:
middlewares:
# - ... (e.g. rate limiting middleware)
- https-redirect
- nextcloud-secure-headers