Traefik Suddenly Stopped Working

daithi · September 5, 2021, 6:59pm

Hi there. I've been running Traefik in a docker container along with Plex, Sonarr etc for over a year with no issues after initial setup. 2-3 weeks ago (right before I went on vacation) it suddenly stopped working. I'm kind of stumped because I hadn't made any changes to my server/config for several weeks before it happened. Originally I followed a guide by Containeroo on Medium, starting with their simple guide and continuing with the advanced.

Has anything recently changed with a Traefik update that would break my setup?

I've run docker-compose down followed by docker-compose up -d traefik just to eliminate other services from interfering. As it stands, I can't access traefik locally (192.168.1.150:8080) or remotely (traefik.EXAMPLE.com)

I've pasted all my relevant code/config below, as well as my logs but nothing is obvious (to me, a novice).

~/docker/docker-compose.yml


version: '3.7'

########################### SERVICES
services:
# Traefik 2 - Reverse Proxy
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=EXAMPLE@gmail.com
      - CF_API_KEY=97acd6b527a1539d6c7722d818128029401a9
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $USERDIR/docker/traefik/data/traefik.yml:/traefik.yml:ro
      - $USERDIR/docker/traefik/data/acme.json:/acme.json
      - $USERDIR/docker/traefik/data/config.yml:/config.yml:ro
      - $USERDIR/docker/traefik/traefik.log:/traefik.log
      - $USERDIR/docker/shared:/shared
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.rule=Host(`traefik.EXAMPLE.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=EXAMPLE:$$apr1$$oW/Q0xLe$$8bOgxVSW1NFsbAywUf93u0"
      - "traefik.http.routers.traefik.middlewares=traefik-auth"
      - "traefik.http.routers.traefik.service=api@internal"
#
######################### NETWORKS
networks:
  proxy:
    external: true

~/docker/traefik/data/config.yml

http:
  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https

    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsSeconds: 15778463
        stsIncludeSubdomains: true
        stsPreload: true

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/24"
        - "192.168.0.0/16"
        - "172.0.0.0/8"

    secured:
      chain:
        middlewares:
        - default-headers

~/docker/traefik/data/traefik.yml

api:
  dashboard: true
  debug: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
  https:
    address: ":443"
    http:
      middlewares:
        - default-headers@file
      tls:
        certResolver: cloudflare
        domains:
          - main: EXAMPLE.com
            sans:
              - "*.EXAMPLE.com"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml

certificatesResolvers:
  cloudflare:
    acme:
      email: EXAMPLE@gmail.com
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"

log:
  filePath: "/traefik.log"
  level: DEBUG

~/docker/traefik/traefik.log

level=info msg="Traefik version 2.5.2 built on 2021-09-02T15:07:43Z"
level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"https\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483646}}},\"udp\":{\"timeout\":\"3s\"}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"middlewares\":[\"default-headers@file\"],\"tls\":{\"certResolver\":\"cloudflare\",\"domains\":[{\"main\":\"EXAMPLE.com\",\"sans\":[\"*.EXAMPLE.com\"]}]}},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"},\"file\":{\"watch\":true,\"filename\":\"/config.yml\"}},\"api\":{\"dashboard\":true,\"debug\":true},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/traefik.log\",\"format\":\"common\"},\"certificatesResolvers\":{\"cloudflare\":{\"acme\":{\"email\":\"EXAMPLE@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]}}}},\"pilot\":{\"dashboard\":true}}"
level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
level=info msg="Starting provider aggregator.ProviderAggregator {}"
level=debug msg="Start TCP Server" entryPointName=http
level=debug msg="Start TCP Server" entryPointName=https
level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/config.yml\"}"
level=info msg="Starting provider *traefik.Provider {}"
level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
level=info msg="Starting provider *acme.ChallengeTLSALPN {\"Timeout\":4000000000}"
level=info msg="Starting provider *acme.Provider {\"email\":\"EXAMPLE@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]},\"ResolverName\":\"cloudflare\",\"store\":{},\"TLSChallengeProvider\":{\"Timeout\":4000000000},\"HTTPChallengeProvider\":{}}"
level=info msg="Testing certificate renew..." providerName=cloudflare.acme
level=debug msg="Configuration received from provider file: {\"http\":{\"middlewares\":{\"default-headers\":{\"headers\":{\"sslRedirect\":true,\"stsSeconds\":15778463,\"stsIncludeSubdomains\":true,\"stsPreload\":true,\"forceSTSHeader\":true,\"frameDeny\":true,\"contentTypeNosniff\":true,\"browserXssFilter\":true}},\"default-whitelist\":{\"ipWhiteList\":{\"sourceRange\":[\"10.0.0.0/24\",\"192.168.0.0/16\",\"172.0.0.0/8\"]}},\"https-redirect\":{\"redirectScheme\":{\"scheme\":\"https\"}},\"secured\":{\"chain\":{\"middlewares\":[\"default-headers\"]}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"http-to-https\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"redirect-http-to-https\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483646}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"redirect-http-to-https\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}},\"models\":{\"https\":{\"middlewares\":[\"default-headers@file\"],\"tls\":{\"certResolver\":\"cloudflare\",\"domains\":[{\"main\":\"EXAMPLE.com\",\"sans\":[\"*.EXAMPLE.com\"]}]}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"tls\":{}}" providerName=internal
level=debug msg="No default certificate, generating one" tlsStoreName=default
level=debug msg="Configuration received from provider cloudflare.acme: {\"http\":{},\"tls\":{}}" providerName=cloudflare.acme
level=debug msg="Provider connection established with docker 20.10.8 (API 1.41)" providerName=docker
level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"traefik\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"traefik-auth\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.EXAMPLE.com`)\"}},\"services\":{\"traefik-docker\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.20.0.2:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"traefik-auth\":{\"basicAuth\":{\"users\":[\"EXAMPLE:$apr1$oW/Q0xLe$8bOgxVSW1NFsbAywUf93u0\"]}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
level=debug msg="Added outgoing tracing middleware noop@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=http routerName=http-to-https@internal
level=debug msg="Creating middleware" middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme routerName=http-to-https@internal entryPointName=http
level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme routerName=http-to-https@internal entryPointName=http middlewareName=redirect-http-to-https@internal
level=debug msg="Adding tracing to middleware" middlewareName=redirect-http-to-https@internal entryPointName=http routerName=http-to-https@internal
level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
level=debug msg="No default certificate, generating one" tlsStoreName=default
level=debug msg="Adding certificate for domain(s) EXAMPLE.com,*.EXAMPLE.com"
level=debug msg="Added outgoing tracing middleware noop@internal" routerName=http-to-https@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
level=debug msg="Creating middleware" entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme
level=debug msg="Setting up redirection to https 443" entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme
level=debug msg="Adding tracing to middleware" entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal
level=debug msg="Creating middleware" entryPointName=http middlewareType=Recovery middlewareName=traefik-internal-recovery
level=debug msg="No default certificate, generating one" tlsStoreName=default
level=debug msg="Adding certificate for domain(s) EXAMPLE.com,*.EXAMPLE.com"
level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=http routerName=http-to-https@internal middlewareName=tracing middlewareType=TracingForwarder
level=debug msg="Creating middleware" middlewareName=redirect-http-to-https@internal middlewareType=RedirectScheme entryPointName=http routerName=http-to-https@internal
level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal
level=debug msg="Adding tracing to middleware" entryPointName=http routerName=http-to-https@internal middlewareName=redirect-http-to-https@internal
level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=http middlewareName=traefik-internal-recovery
level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=https routerName=traefik@docker
level=debug msg="Creating middleware" entryPointName=https routerName=traefik@docker middlewareName=traefik-auth@docker middlewareType=BasicAuth
level=debug msg="Adding tracing to middleware" entryPointName=https routerName=traefik@docker middlewareName=traefik-auth@docker
level=debug msg="Creating middleware" middlewareName=default-headers@file middlewareType=Headers entryPointName=https routerName=traefik@docker
level=warning msg="SSLRedirect is deprecated, please use entrypoint redirection instead." middlewareName=default-headers@file middlewareType=Headers entryPointName=https routerName=traefik@docker
level=debug msg="Setting up secureHeaders from {map[] map[] false [] [] [] [] [] 0 false [] [] true false  map[] false 15778463 true true true true  true true       false}" middlewareType=Headers entryPointName=https routerName=traefik@docker middlewareName=default-headers@file
level=debug msg="Adding tracing to middleware" entryPointName=https routerName=traefik@docker middlewareName=default-headers@file
level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
level=debug msg="Adding route for traefik.EXAMPLE.com with TLS options default" entryPointName=https
level=debug msg="Looking for provided certificate(s) to validate [\"EXAMPLE.com\" \"*.EXAMPLE.com\"]..." providerName=cloudflare.acme
level=debug msg="No ACME certificate generation required for domains [\"EXAMPLE.com\" \"*.EXAMPLE.com\"]." providerName=cloudflare.acme

Would love any help, or even a prod in the right direction!

Thanks,
Dave

Topic		Replies	Views
Docker instance of Traefik shutting down on it's own Traefik v2 docker	2	1428	January 5, 2023
Traefik refuses to start, now can't access my server Traefik v2 docker	2	717	December 14, 2021
Traefik seems to have stopped sending requests to some containers? Traefik v2 docker	1	1037	February 27, 2020
Traefik config not working Traefik v2 file	10	2313	June 29, 2023
Some malfunctions with Traefik Traefik v3 (latest) docker	3	12	December 29, 2024

Traefik Suddenly Stopped Working

Related topics