Hey traefik community,
I wanted to ask for some help. I have traefik installed on an unRAID server and it sometimes stops working. That means that I can't reach the dashboard (because of too many redirects
) anymore. Moreover, some of my services won't be reachable as well. Here is the odd part, I'm pretty sure that my home assistant container is always reachable but my pihole e.g. won't be reachable at that times. I think when that happens, the docker health of my pihole container shows "unhealthy" which I can't explain either. Does traefik rely on any of the docker healthchecks?
Unfortunately, I can't test all that atm, as traefik currently is working as it is supposed to.
In the traefik logs I saw the following message which could be related to that:
panic: Timeout while stopping traefik, killing instance ✝
goroutine 5772 [running]:
github.com/traefik/traefik/v3/pkg/server.(*Server).Close.func1({0x70a24a8, 0xc000747110})
github.com/traefik/traefik/v3/pkg/server/server.go:87 +0x9d
created by github.com/traefik/traefik/v3/pkg/server.(*Server).Close in goroutine 1
github.com/traefik/traefik/v3/pkg/server/server.go:82 +0x96
In the unRAID docker config, I just bind volumes and add the docker.sock, my config files are the following:
docker label-file
:
# > Traefik
traefik.enable=true
traefik.http.routers.api.service=api@internal
traefik.http.routers.traefik.middlewares=traefikAuth@file,default@file
config.yml
:
# Traefik dynamic configuration file
# See https://www.benjaminrancourt.ca/a-complete-traefik-configuration/
# and https://blog.lrvt.de/nginx-proxy-manager-versus-traefik/
# and https://doc.traefik.io/traefik/getting-started/configuration-overview/#the-dynamic-configuration
http:
middlewares:
# A basic authentification middleware, to protect the Traefik dashboard to anyone except myself
# Use with traefik.http.routers.myRouter.middlewares: "traefikAuth@file"
traefikAuth:
basicAuth:
removeHeader: true
usersFile: "/etc/traefik/usersfile" # Contains the users with a hashed password
# Recommended default middleware for most of the services
# Use with traefik.http.routers.myRouter.middlewares: "default@file"
# Equivalent of traefik.http.routers.myRouter.middlewares: "default-security-headers@file,error-pages@file,gzip@file"
# Or enable as default for an entryPoint in the static config
default:
chain:
middlewares:
- default-security-headers
- gzip
# Add automatically some security headers
# Use with traefik.http.routers.myRouter.middlewares: "default-security-headers@file"
default-security-headers:
headers:
browserXssFilter: true # X-XSS-Protection=1; mode=block
contentTypeNosniff: true # X-Content-Type-Options=nosniff
forceSTSHeader: true # Add the Strict-Transport-Security header even when the connection is HTTP
frameDeny: true # X-Frame-Options=deny
referrerPolicy: "strict-origin-when-cross-origin"
sslRedirect: true # Allow only https requests
stsIncludeSubdomains: true # Add includeSubdomains to the Strict-Transport-Security header
stsPreload: true # Add preload flag appended to the Strict-Transport-Security header
stsSeconds: 63072000 # Set the max-age of the Strict-Transport-Security header (63072000 = 2 years)
# Enables the GZIP compression (https://docs.traefik.io/middlewares/compress/)
# if the response body is larger than 1400 bytes
# if the Accept-Encoding request header contains gzip
# if the response is not already compressed (Content-Encoding is not set)
# Use with traefik.http.routers.myRouter.middlewares: "gzip@file"
gzip:
compress: {}
tls:
stores:
# Add bassmann.intra certificate to be the standard one
default:
defaultCertificate:
certFile: xxxx.crt
keyFile: xxxx.pem
options:
default:
minVersion: "VersionTLS13" # Minimum TLS Version
traefik.yml
:
# Traefik static configuration file (/etc/traefik/traefik.yml)
# See https://www.benjaminrancourt.ca/a-complete-traefik-configuration/
# and https://blog.lrvt.de/nginx-proxy-manager-versus-traefik/
# and https://doc.traefik.io/traefik/getting-started/configuration-overview/#the-static-configuration
# and https://doc.traefik.io/traefik/reference/static-configuration/cli/
api:
dashboard: true # Enable the dashboard
insecure: false # Don't expose the dashboard through :8080
global:
checknewversion: true # Periodically check if a new version has been released.
sendAnonymousUsage: true
entryPoints:
http:
address: :80 # Create the HTTP entrypoint on port 80
http:
redirections: # HTTPS redirection (80 to 443)
entryPoint:
to: https # The target element
scheme: https # The redirection target scheme
https:
address: :443 # Create the HTTPS entrypoint on port 443
asDefault: true # Use https as default entrypoint
http:
tls: true # Enable TLS by default
middlewares:
- default@file # Set 'default' middleware from config.yml as default
# serversTransports:
# insecureSkipVerify: true # Allow insecure backend connections
log:
level: INFO # DEBUG, INFO, WARN, ERROR, FATAL, PANIC
# Uncomment if normal logs should be written to a file instead of std_out thus not being able to view in unRAID console
# filePath: "/logs/traefik.log" # Path to the log file
accessLog:
filePath: "/logs/access.log" # Path to the file
format: json
bufferingSize: 0 # How many logs should be buffered until written to the file
filters:
statusCodes: # Limit logging to the following codes
- "200"
- "300-302"
retryAttempts: true # Keep the access logs when at least one retry has happened
minDuration: "10ms" # Keep access logs when requests take longer than the specified duration
providers:
docker:
endpoint: "unix:///var/run/docker.sock" # Listen to the UNIX Docker socket
exposedByDefault: false # Only expose container that are explicitly enabled (using label traefik.enabled)
network: "traefik-net" # Default network to use for connections to all containers.
defaultRule: "Host(`{{ .Name }}.xxxx`)" # If no URL is given, use the Docker service name
file:
filename: "/etc/traefik/config.yml" # Link to the dynamic configuration
watch: true # Watch for modifications
providersThrottleDuration: 10 # Configuration reload frequency
Thanks for any help in advance