Traefik - V2.2 configuration issues

Dear Traefiks ,

I set up below file mainly for HomeAssitant
with letsencrypt and reverse proxy

currently - traefik wont start with error:

traefik          | 2020/03/31 09:16:51 command traefik error: no valid configuration found in file: /etc/traefik/traefik.toml
traefik          | 2020/03/31 09:32:27 command traefik error: field not found, node: entryPoint

Why i'm getting this error?
for the tls part - I'm not sure how to define it in dymanic_conf,
is it correct to add it in the docker-compsoe instead?
What the noop.loadbalancer stands for and why its needed?
should i place there homeassitant url ?

docker-compose:

version: '3.7'

networks:
  rev_traefik_proxy:
    external: true

services:
  traefik:
    image: "traefik:v2.2"
    container_name: "traefik"
    networks:
      - rev_traefik_proxy
    command:
      - "--certificatesResolvers.myresolver.acme.tlsChallenge=true"
    ports:
      - "80:80"
      - "443:443"
      - "8888:8888"
    volumes:
      - ./letsencrypt:/letsencrypt    
      - ./traefik/traefik.toml:/etc/traefik/traefik.toml
      - ./log/:/etc/traefik/log
      - ./traefik/dynamic_conf.toml:/etc/traefik/dynamic_conf.toml
      - /var/run/docker.sock:/var/run/docker.sock

  homeassistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:latest
    ports:
      - 8123:8123
    volumes:
      - "./HA/:/config"
      - /etc/localtime:/etc/localtime:ro
    restart: always
    network_mode: "host"

traefik.toml

[Global]
  CheckNewVersion = false
  SendAnonymousUsage = false

[ServersTransport]
  InsecureSkipVerify = true

[providers]
#  providersThrottleDuration = "2s"
  [providers.docker]
    watch = true
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false
    network = "rev_traefik_proxy"
  [providers.file]
    watch = true
    filename = "/etc/traefik/dynamic_conf.toml"


[log]
  filePath = "logs/traefik.log"
  level = "DEBUG"
  
[accessLog]
  filePath = "log/access.log"
  bufferingSize = 100.0

[api]
  dashboard = true
  insecure = true

    
[certificatesResolvers]
  [certificatesResolvers.letsencrypt]
    [certificatesResolvers.letsencrypt.acme]
    email = "XXXXXX@gmail.com"
    storage = "acme.json"
      [certificatesResolvers.letsencrypt.acme.httpChallenge]
      entryPoint = "http"

dynamic_conf.toml

# dynamic_conf.toml
[http]
  [http.routers]
    [http.routers.redirect-to-https]
      entryPoints = ["web"]
      middlewares = ["https-redirect"]
      rule = "HostRegexp(`{host:.+}`)"
      service = "noop"

    [http.routers.hass]
      entrypoints = ["web-secure"]
      rule = "Host(`xxxxx.myqnapcloud.com`)" # you probably want to customize this rule
      service = "hass"
      [http.routers.hass.tls]
        certResolver = "letsencrypt"
        [[http.routers.hass.tls.domains]]
          main = "xxxxxxx.myqnapcloud.com"
          sans = ["*.xxxxxx.myqnapcloud.com"]

  [http.middlewares]
    [http.middlewares.https-redirect.redirectScheme]
      scheme = "https"
    [http.middlewares.auth.basicAuth]
      users = ["xxxx:$apr1cccccccccccccwQUFlhyrH5y7Upw."]
      
  [http.services]
    [http.services.hass.loadBalancer]
      [[http.services.hass.loadBalancer.servers]]
        url = "http://192.168.1.112:8123" # 172.17.0.1 is the docker0 interface: a way to communicate outside of docker (ie with home assistant on the host network)

    # noop service, the URL will be never called
    [http.services.noop.loadBalancer]
      [[http.services.noop.loadBalancer.servers]]
        url = "http://192.168.0.1"

I update original post with updated (not working) version,

entryPoint is not a valid option for the API

https://docs.traefik.io/v2.2/operations/api/

Tnx @ldez ,

I update the api + add DEBUG flag + open port 80:80 in router (temporary )
i set with 600 permission on acme.json
guess something wrong with configuration ...
appreciate your help !

time="2020-03-31T19:43:14Z" level=info msg="Traefik version 2.2.0 built on 2020-03-25T17:32:57Z"
time="2020-03-31T19:43:14Z" level=debug msg="Static configuration loaded {\"global\":{},\"serversTransport\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"rev_traefik_proxy\",\"swarmModeRefreshSeconds\":15000000000},\"file\":{\"watch\":true,\"filename\":\"/etc/traefik/dynamic_conf.toml\"}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"logs/traefik.log\",\"format\":\"common\"},\"accessLog\":{\"filePath\":\"log/access.log\",\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}},\"bufferingSize\":100},\"certificatesResolvers\":{\"letsencrypt\":{\"acme\":{\"email\":\"xxxxx23@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"http\"}}}}}"
time="2020-03-31T19:43:14Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
time="2020-03-31T19:43:14Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-03-31T19:43:14Z" level=debug msg="Start TCP Server" entryPointName=http
time="2020-03-31T19:43:14Z" level=debug msg="Start TCP Server" entryPointName=traefik
time="2020-03-31T19:43:14Z" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/dynamic_conf.toml\"}"
time="2020-03-31T19:43:14Z" level=info msg="Starting provider *acme.Provider {\"email\":\"xxxxx23@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"http\"},\"ResolverName\":\"letsencrypt\",\"store\":{},\"ChallengeStore\":{}}"
time="2020-03-31T19:43:14Z" level=info msg="Testing certificate renew..." providerName=letsencrypt.acme
time="2020-03-31T19:43:14Z" level=debug msg="Configuration received from provider file: {\"http\":{\"routers\":{\"hass\":{\"entryPoints\":[\"https\"],\"service\":\"hass\",\"rule\":\"Host(`xxxxx23.myqnapcloud.com`)\",\"tls\":{\"certResolver\":\"letsencrypt\",\"domains\":[{\"main\":\"xxxxx23.myqnapcloud.com\"}]}},\"redirect-to-https\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirect\"],\"service\":\"noop\",\"rule\":\"HostRegexp(`{host:.+}`)\"}},\"services\":{\"hass\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.1.112:8123\"}],\"passHostHeader\":null}},\"noop\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.0.1\"}],\"passHostHeader\":null}}},\"middlewares\":{\"auth\":{\"basicAuth\":{\"users\":[\"avic:$apr1$JUiuuu4D$zgmsF4wQUFlhyrH5y7Upw.\"]}},\"https-redirect\":{\"redirectScheme\":{\"scheme\":\"https\"}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
time="2020-03-31T19:43:14Z" level=debug msg="Configuration received from provider letsencrypt.acme: {\"http\":{},\"tls\":{}}" providerName=letsencrypt.acme
time="2020-03-31T19:43:14Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"rev_traefik_proxy\",\"swarmModeRefreshSeconds\":15000000000}"
time="2020-03-31T19:43:14Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-03-31T19:43:14Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/[^:\\\\/]+(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}}},\"tcp\":{},\"tls\":{}}" providerName=internal
time="2020-03-31T19:43:14Z" level=debug msg="Creating middleware" serviceName=noop middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=redirect-to-https@file
time="2020-03-31T19:43:14Z" level=debug msg="Creating load-balancer" serviceName=noop entryPointName=http routerName=redirect-to-https@file
time="2020-03-31T19:43:14Z" level=debug msg="Creating server 0 http://192.168.0.1" entryPointName=http routerName=redirect-to-https@file serviceName=noop serverName=0
time="2020-03-31T19:43:14Z" level=debug msg="Added outgoing tracing middleware noop" entryPointName=http routerName=redirect-to-https@file middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T19:43:14Z" level=debug msg="Creating middleware" routerName=redirect-to-https@file middlewareName=https-redirect@file middlewareType=RedirectScheme entryPointName=http
time="2020-03-31T19:43:14Z" level=debug msg="Setting up redirection to https " entryPointName=http routerName=redirect-to-https@file middlewareName=https-redirect@file middlewareType=RedirectScheme
time="2020-03-31T19:43:14Z" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T19:43:14Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=http middlewareName=traefik-internal-recovery
time="2020-03-31T19:43:14Z" level=error msg="entryPoint \"https\" doesn't exist" entryPointName=https routerName=hass@file
time="2020-03-31T19:43:14Z" level=error msg="no valid entryPoint for this router" routerName=hass@file
time="2020-03-31T19:43:14Z" level=error msg="entryPoint \"https\" doesn't exist" routerName=hass@file entryPointName=https
time="2020-03-31T19:43:14Z" level=error msg="no valid entryPoint for this router" routerName=hass@file
time="2020-03-31T19:43:14Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T19:43:14Z" level=debug msg="Provider connection established with docker 17.09.1-ce (API 1.32)" providerName=docker
time="2020-03-31T19:43:14Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-traefik-e9b91756d85750af31f3980d8cb760ca745b431138f5e1ae49995311529c68f8
time="2020-03-31T19:43:14Z" level=debug msg="Configuration received from provider docker: {\"http\":{},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2020-03-31T19:43:15Z" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxx23.myqnapcloud.com\"]..." providerName=letsencrypt.acme
time="2020-03-31T19:43:15Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T19:43:15Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=http routerName=redirect-to-https@file serviceName=noop middlewareName=pipelining
time="2020-03-31T19:43:15Z" level=debug msg="Creating load-balancer" serviceName=noop entryPointName=http routerName=redirect-to-https@file
time="2020-03-31T19:43:15Z" level=debug msg="Creating server 0 http://192.168.0.1" serviceName=noop serverName=0 entryPointName=http routerName=redirect-to-https@file
time="2020-03-31T19:43:15Z" level=debug msg="Added outgoing tracing middleware noop" middlewareType=TracingForwarder middlewareName=tracing entryPointName=http routerName=redirect-to-https@file
time="2020-03-31T19:43:15Z" level=debug msg="Creating middleware" middlewareName=https-redirect@file entryPointName=http routerName=redirect-to-https@file middlewareType=RedirectScheme
time="2020-03-31T19:43:15Z" level=debug msg="Setting up redirection to https " middlewareName=https-redirect@file entryPointName=http routerName=redirect-to-https@file middlewareType=RedirectScheme
time="2020-03-31T19:43:15Z" level=debug msg="Adding tracing to middleware" middlewareName=https-redirect@file entryPointName=http routerName=redirect-to-https@file
time="2020-03-31T19:43:15Z" level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-03-31T19:43:15Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2020-03-31T19:43:15Z" level=debug msg="Creating middleware" middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2020-03-31T19:43:15Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2020-03-31T19:43:15Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2020-03-31T19:43:15Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2020-03-31T19:43:15Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-03-31T19:43:15Z" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2020-03-31T19:43:15Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2020-03-31T19:43:15Z" level=error msg="entryPoint \"https\" doesn't exist" routerName=hass@file entryPointName=https
time="2020-03-31T19:43:15Z" level=error msg="no valid entryPoint for this router" routerName=hass@file
time="2020-03-31T19:43:15Z" level=error msg="entryPoint \"https\" doesn't exist" routerName=hass@file entryPointName=https
time="2020-03-31T19:43:15Z" level=error msg="no valid entryPoint for this router" routerName=hass@file
time="2020-03-31T19:43:15Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T19:43:16Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme
time="2020-03-31T19:43:16Z" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxx23.myqnapcloud.com\"]..." providerName=letsencrypt.acme
time="2020-03-31T19:43:16Z" level=debug msg="Adding certificate for domain(s) xxxxx23.myqnapcloud.com"
time="2020-03-31T19:43:16Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T19:43:17Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme
time="2020-03-31T19:43:17Z" level=debug msg="Creating middleware" routerName=redirect-to-https@file serviceName=noop middlewareName=pipelining middlewareType=Pipelining entryPointName=http
time="2020-03-31T19:43:17Z" level=debug msg="Creating load-balancer" entryPointName=http routerName=redirect-to-https@file serviceName=noop
time="2020-03-31T19:43:17Z" level=debug msg="Creating server 0 http://192.168.0.1" entryPointName=http routerName=redirect-to-https@file serviceName=noop serverName=0
time="2020-03-31T19:43:17Z" level=debug msg="Added outgoing tracing middleware noop" entryPointName=http routerName=redirect-to-https@file middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T19:43:17Z" level=debug msg="Creating middleware" routerName=redirect-to-https@file middlewareName=https-redirect@file middlewareType=RedirectScheme entryPointName=http
time="2020-03-31T19:43:17Z" level=debug msg="Setting up redirection to https " middlewareType=RedirectScheme entryPointName=http routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T19:43:17Z" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T19:43:17Z" level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-03-31T19:43:17Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T19:43:17Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix
time="2020-03-31T19:43:17Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2020-03-31T19:43:17Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
time="2020-03-31T19:43:17Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
time="2020-03-31T19:43:17Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2020-03-31T19:43:17Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T19:43:17Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2020-03-31T19:43:17Z" level=error msg="entryPoint \"https\" doesn't exist" entryPointName=https routerName=hass@file
time="2020-03-31T19:43:17Z" level=error msg="no valid entryPoint for this router" routerName=hass@file
time="2020-03-31T19:43:17Z" level=error msg="entryPoint \"https\" doesn't exist" routerName=hass@file entryPointName=https
time="2020-03-31T19:43:17Z" level=error msg="no valid entryPoint for this router" routerName=hass@file
time="2020-03-31T19:43:17Z" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxx23.myqnapcloud.com\"]..." providerName=letsencrypt.acme
time="2020-03-31T19:43:17Z" level=debug msg="Adding certificate for domain(s) xxxxx23.myqnapcloud.com"
time="2020-03-31T19:43:17Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T19:43:19Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme
time="2020-03-31T19:43:19Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T19:43:19Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik
time="2020-03-31T19:43:19Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2020-03-31T19:43:19Z" level=debug msg="Creating middleware" routerName=dashboard@internal entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2020-03-31T19:43:19Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" routerName=dashboard@internal entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2020-03-31T19:43:19Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-03-31T19:43:19Z" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2020-03-31T19:43:19Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-03-31T19:43:19Z" level=debug msg="Creating middleware" serviceName=noop routerName=redirect-to-https@file middlewareName=pipelining middlewareType=Pipelining entryPointName=http
time="2020-03-31T19:43:19Z" level=debug msg="Creating load-balancer" serviceName=noop routerName=redirect-to-https@file entryPointName=http
time="2020-03-31T19:43:19Z" level=debug msg="Creating server 0 http://192.168.0.1" routerName=redirect-to-https@file entryPointName=http serviceName=noop serverName=0
time="2020-03-31T19:43:19Z" level=debug msg="Added outgoing tracing middleware noop" entryPointName=http routerName=redirect-to-https@file middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T19:43:19Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=http routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T19:43:19Z" level=debug msg="Setting up redirection to https " entryPointName=http routerName=redirect-to-https@file middlewareName=https-redirect@file middlewareType=RedirectScheme
time="2020-03-31T19:43:19Z" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T19:43:19Z" level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-03-31T19:43:19Z" level=error msg="entryPoint \"https\" doesn't exist" routerName=hass@file entryPointName=https
time="2020-03-31T19:43:19Z" level=error msg="no valid entryPoint for this router" routerName=hass@file
time="2020-03-31T19:43:19Z" level=error msg="entryPoint \"https\" doesn't exist" routerName=hass@file entryPointName=https
time="2020-03-31T19:43:19Z" level=error msg="no valid entryPoint for this router" routerName=hass@file
time="2020-03-31T19:43:19Z" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxx23.myqnapcloud.com\"]..." providerName=letsencrypt.acme
time="2020-03-31T19:43:19Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme

You have to define the entry points:

## traefik.toml
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"

also you cannot use file (traefik.toml) and CLI flags at the same time:

https://docs.traefik.io/v2.2/getting-started/configuration-overview/#the-static-configuration

1 Like

Thanks,
I update the changes, getting error:

[/share/Avi/traefik] # tail -f /share/Avi/traefik/traefik/log/traefik.log
time="2020-03-31T21:52:23Z" level=debug msg="Adding tracing to middleware" middlewareName=https-redirect@file entryPointName=web routerName=redirect-to-https@file
time="2020-03-31T21:52:23Z" level=debug msg="Creating middleware" middlewareType=Recovery middlewareName=traefik-internal-recovery entryPointName=web
time="2020-03-31T21:52:23Z" level=debug msg="Creating middleware" routerName=hass@file serviceName=hass middlewareName=pipelining middlewareType=Pipelining entryPointName=web-secure
time="2020-03-31T21:52:23Z" level=debug msg="Creating load-balancer" routerName=hass@file serviceName=hass entryPointName=web-secure
time="2020-03-31T21:52:23Z" level=debug msg="Creating server 0 http://192.168.1.112:8123" routerName=hass@file serviceName=hass entryPointName=web-secure serverName=0
time="2020-03-31T21:52:23Z" level=debug msg="Added outgoing tracing middleware hass" entryPointName=web-secure routerName=hass@file middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T21:52:23Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web-secure middlewareName=traefik-internal-recovery
time="2020-03-31T21:52:23Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T21:52:23Z" level=debug msg="Serving default certificate for request: \"xxxxxx23.myqnapcloud.com\""
time="2020-03-31T21:52:23Z" level=debug msg="http: TLS handshake error from 193.43.244.193:11638: remote error: tls: unknown certificate"
time="2020-03-31T21:52:25Z" level=debug msg="Domains [\"xxxxxx23.myqnapcloud.com\" \"*.xxxxxx23.myqnapcloud.com\"] need ACME certificates generation for domains \"*.xxxxxx23.myqnapcloud.com\"." providerName=letsencrypt.acme
time="2020-03-31T21:52:25Z" level=debug msg="Loading ACME certificates [*.xxxxxx23.myqnapcloud.com]..." providerName=letsencrypt.acme
time="2020-03-31T21:52:25Z" level=debug msg="Building ACME client..." providerName=letsencrypt.acme
time="2020-03-31T21:52:25Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
time="2020-03-31T21:52:25Z" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxxx23.myqnapcloud.com\" \"*.xxxxxx23.myqnapcloud.com\"]..." providerName=letsencrypt.acme
time="2020-03-31T21:52:25Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxxx23.myqnapcloud.com\" \"*.xxxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme
time="2020-03-31T21:52:25Z" level=debug msg="Adding certificate for domain(s) xxxxxx23.myqnapcloud.com"
time="2020-03-31T21:52:25Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T21:52:26Z" level=debug msg="Using HTTP Challenge provider." providerName=letsencrypt.acme
time="2020-03-31T21:52:26Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com, *.xxxxxx23.myqnapcloud.com] acme: Obtaining bundled SAN certificate"
time="2020-03-31T21:52:27Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal
time="2020-03-31T21:52:27Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" middlewareType=StripPrefix middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2020-03-31T21:52:27Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2020-03-31T21:52:27Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2020-03-31T21:52:27Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik middlewareName=dashboard_redirect@internal routerName=dashboard@internal
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining routerName=redirect-to-https@file serviceName=noop entryPointName=web
time="2020-03-31T21:52:27Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=redirect-to-https@file serviceName=noop
time="2020-03-31T21:52:27Z" level=debug msg="Creating server 0 http://192.168.0.1" routerName=redirect-to-https@file serviceName=noop entryPointName=web serverName=0
time="2020-03-31T21:52:27Z" level=debug msg="Added outgoing tracing middleware noop" routerName=redirect-to-https@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" entryPointName=web routerName=redirect-to-https@file middlewareName=https-redirect@file middlewareType=RedirectScheme
time="2020-03-31T21:52:27Z" level=debug msg="Setting up redirection to https " middlewareType=RedirectScheme entryPointName=web routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T21:52:27Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" middlewareType=Pipelining middlewareName=pipelining entryPointName=web-secure routerName=hass@file serviceName=hass
time="2020-03-31T21:52:27Z" level=debug msg="Creating load-balancer" routerName=hass@file serviceName=hass entryPointName=web-secure
time="2020-03-31T21:52:27Z" level=debug msg="Creating server 0 http://192.168.1.112:8123" routerName=hass@file serviceName=hass entryPointName=web-secure serverName=0
time="2020-03-31T21:52:27Z" level=debug msg="Added outgoing tracing middleware hass" routerName=hass@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=web-secure
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery entryPointName=web-secure middlewareType=Recovery
time="2020-03-31T21:52:27Z" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxxx23.myqnapcloud.com\" \"*.xxxxxx23.myqnapcloud.com\"]..." providerName=letsencrypt.acme
time="2020-03-31T21:52:27Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxxx23.myqnapcloud.com\" \"*.xxxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme
time="2020-03-31T21:52:27Z" level=debug msg="Adding certificate for domain(s) xxxxxx23.myqnapcloud.com"
time="2020-03-31T21:52:27Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=web routerName=redirect-to-https@file serviceName=noop middlewareName=pipelining
time="2020-03-31T21:52:27Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=redirect-to-https@file serviceName=noop
time="2020-03-31T21:52:27Z" level=debug msg="Creating server 0 http://192.168.0.1" entryPointName=web routerName=redirect-to-https@file serviceName=noop serverName=0
time="2020-03-31T21:52:27Z" level=debug msg="Added outgoing tracing middleware noop" routerName=redirect-to-https@file entryPointName=web middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" routerName=redirect-to-https@file middlewareName=https-redirect@file middlewareType=RedirectScheme entryPointName=web
time="2020-03-31T21:52:27Z" level=debug msg="Setting up redirection to https " middlewareType=RedirectScheme entryPointName=web routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T21:52:27Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
time="2020-03-31T21:52:27Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal
time="2020-03-31T21:52:27Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik
time="2020-03-31T21:52:27Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2020-03-31T21:52:27Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2020-03-31T21:52:27Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" entryPointName=web-secure routerName=hass@file middlewareName=pipelining middlewareType=Pipelining serviceName=hass
time="2020-03-31T21:52:27Z" level=debug msg="Creating load-balancer" entryPointName=web-secure routerName=hass@file serviceName=hass
time="2020-03-31T21:52:27Z" level=debug msg="Creating server 0 http://192.168.1.112:8123" entryPointName=web-secure routerName=hass@file serviceName=hass serverName=0
time="2020-03-31T21:52:27Z" level=debug msg="Added outgoing tracing middleware hass" entryPointName=web-secure routerName=hass@file middlewareType=TracingForwarder middlewareName=tracing
time="2020-03-31T21:52:27Z" level=debug msg="Creating middleware" entryPointName=web-secure middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-03-31T21:52:27Z" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxxx23.myqnapcloud.com\" \"*.xxxxxx23.myqnapcloud.com\"]..." providerName=letsencrypt.acme
time="2020-03-31T21:52:27Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxxx23.myqnapcloud.com\" \"*.xxxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme
time="2020-03-31T21:52:28Z" level=debug msg="legolog: [INFO] [*.xxxxxx23.myqnapcloud.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3679169966"
time="2020-03-31T21:52:28Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3681268547"
time="2020-03-31T21:52:28Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] acme: authorization already valid; skipping challenge"
time="2020-03-31T21:52:28Z" level=debug msg="legolog: [INFO] [*.xxxxxx23.myqnapcloud.com] acme: Could not find solver for: dns-01"
time="2020-03-31T21:52:28Z" level=debug msg="legolog: [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3679169966"
time="2020-03-31T21:52:29Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3681268547"
time="2020-03-31T21:52:29Z" level=error msg="Unable to obtain ACME certificate for domains \"xxxxxx23.myqnapcloud.com,*.xxxxxx23.myqnapcloud.com\" : unable to generate a certificate for the domains [*.xxxxxx23.myqnapcloud.com]: acme: Error -> One or more domains had a problem:\n[*.xxxxxx23.myqnapcloud.com] [*.xxxxxx23.myqnapcloud.com] acme: could not determine solvers\n" providerName=letsencrypt.acme
time="2020-03-31T21:52:29Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"POST\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/auth/token\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"*/*\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-US,en;q=0.9\"],\"Content-Length\":[\"510\"],\"Content-Type\":[\"multipart/form-data; boundary=----WebKitFormBoundaryU7Um4m4JSe60cYU1\"],\"Origin\":[\"https://xxxxxx23.myqnapcloud.com\"],\"Referer\":[\"https://xxxxxx23.myqnapcloud.com/lovelace/default_view\"],\"Sec-Fetch-Dest\":[\"empty\"],\"Sec-Fetch-Mode\":[\"cors\"],\"Sec-Fetch-Site\":[\"same-origin\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36\"],\"X-Forwarded-Host\":[\"xxxxxx23.myqnapcloud.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e9b91756d857.xxxxxx23.myqnapcloud.com\"],\"X-Real-Ip\":[\"193.43.244.193\"]},\"ContentLength\":510,\"TransferEncoding\":null,\"Host\":\"xxxxxx23.myqnapcloud.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"193.43.244.193:10927\",\"RequestURI\":\"/auth/token\",\"TLS\":null}"
time="2020-03-31T21:52:29Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" Request="{\"Method\":\"POST\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/auth/token\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"*/*\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-US,en;q=0.9\"],\"Content-Length\":[\"510\"],\"Content-Type\":[\"multipart/form-data; boundary=----WebKitFormBoundaryU7Um4m4JSe60cYU1\"],\"Origin\":[\"https://xxxxxx23.myqnapcloud.com\"],\"Referer\":[\"https://xxxxxx23.myqnapcloud.com/lovelace/default_view\"],\"Sec-Fetch-Dest\":[\"empty\"],\"Sec-Fetch-Mode\":[\"cors\"],\"Sec-Fetch-Site\":[\"same-origin\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36\"],\"X-Forwarded-Host\":[\"xxxxxx23.myqnapcloud.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e9b91756d857.xxxxxx23.myqnapcloud.com\"],\"X-Real-Ip\":[\"193.43.244.193\"]},\"ContentLength\":510,\"TransferEncoding\":null,\"Host\":\"xxxxxx23.myqnapcloud.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"193.43.244.193:10927\",\"RequestURI\":\"/auth/token\",\"TLS\":null}" ForwardURL="http://192.168.1.112:8123"
time="2020-03-31T21:52:29Z" level=debug msg="'502 Bad Gateway' caused by: dial tcp 192.168.1.112:8123: connect: connection refused"

Current configuration files looks like:
docker-compose - no labels

traefik.toml


#defaultEntryPoints = ["http", "https"]

[Global]
  CheckNewVersion = false
  SendAnonymousUsage = false

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"
    
[ServersTransport]
  InsecureSkipVerify = true

[providers]
#  providersThrottleDuration = "2s"
  [providers.docker]
    watch = true
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false
    network = "rev_traefik_proxy"
  [providers.file]
    watch = true
    filename = "/etc/traefik/dynamic_conf.toml"


[log]
  filePath = "logs/traefik.log"
  level = "DEBUG"
  
[accessLog]
  filePath = "log/access.log"
  bufferingSize = 100.0

[api]
  dashboard = true
  insecure = true

    
[certificatesResolvers]
  [certificatesResolvers.letsencrypt]
    [certificatesResolvers.letsencrypt.acme]
    email = "xxxxxx23@gmail.com"
    storage = "acme.json"
      [certificatesResolvers.letsencrypt.acme.httpChallenge]
      entryPoint = "web"

dynamic_conf.toml

[http]
  [http.routers]
    [http.routers.redirect-to-https]
      entryPoints = ["web"]
      middlewares = ["https-redirect"]
      rule = "HostRegexp(`{host:.+}`)"
      service = "noop"

    [http.routers.hass]
      entrypoints = ["web-secure"]
      rule = "Host(`xxxxxx23.myqnapcloud.com`)" # you probably want to customize this rule
      service = "hass"
      [http.routers.hass.tls]
        certResolver = "letsencrypt"
        [[http.routers.hass.tls.domains]]
          main = "xxxxxx23.myqnapcloud.com"
          sans = ["*.xxxxxx23.myqnapcloud.com"]

  [http.middlewares]
    [http.middlewares.https-redirect.redirectScheme]
      scheme = "https"
    [http.middlewares.auth.basicAuth]
      users = ["xxxxxx22:$apr1$JUiccccccccccccccccccccccccQUFlhyrH5y7Upw."]
      
  [http.services]
    [http.services.hass.loadBalancer]
      [[http.services.hass.loadBalancer.servers]]
        url = "http://192.168.1.112:8123" # 172.17.0.1 is the docker0 interface: a way to communicate outside of docker (ie with home assistant on the host network)

    # noop service, the URL will be never called
    [http.services.noop.loadBalancer]
      [[http.services.noop.loadBalancer.servers]]
        url = "http://192.168.0.1"

To get wildcard certificates you have to use the DNS challenge

1 Like

is that relate to certificate the subdomains?
case yes , i dont have subdomain only xxxxxx23.myqnapcloud.com.
I comment "sans" part and got some progress...
commet sans:

      [http.routers.hass.tls]
        certResolver = "letsencrypt"
        [[http.routers.hass.tls.domains]]
          main = "xxxxxx23.myqnapcloud.com"
#          sans = ["*.xxxxxx23.myqnapcloud.com"]

no error but no change in acme.json
I've waited few minute till it drop

time="2020-03-31T22:43:20Z" level=debug msg="Creating middleware" serviceName=hass middlewareName=pipelining middlewareType=Pipelining entryPointName=web-secure routerName=hass@file
time="2020-03-31T22:43:20Z" level=debug msg="Creating load-balancer" entryPointName=web-secure routerName=hass@file serviceName=hass
time="2020-03-31T22:43:20Z" level=debug msg="Creating server 0 http://192.168.1.112:8123" routerName=hass@file serviceName=hass serverName=0 entryPointName=web-secure
time="2020-03-31T22:43:20Z" level=debug msg="Added outgoing tracing middleware hass" routerName=hass@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=web-secure
time="2020-03-31T22:43:20Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery entryPointName=web-secure middlewareType=Recovery
time="2020-03-31T22:43:20Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T22:43:20Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T22:43:22Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme
time="2020-03-31T22:43:23Z" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxxx23.myqnapcloud.com\"]..." providerName=letsencrypt.acme
time="2020-03-31T22:43:23Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme
time="2020-03-31T22:43:34Z" level=debug msg="Building ACME client..." providerName=letsencrypt.acme
time="2020-03-31T22:43:34Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
time="2020-03-31T22:43:36Z" level=info msg=Register... providerName=letsencrypt.acme
time="2020-03-31T22:43:36Z" level=debug msg="legolog: [INFO] acme: Registering account for xxxxxx23@gmail.com"
time="2020-03-31T22:43:36Z" level=debug msg="Using HTTP Challenge provider." providerName=letsencrypt.acme
time="2020-03-31T22:43:36Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] acme: Obtaining bundled SAN certificate"
time="2020-03-31T22:43:37Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3682157083"
time="2020-03-31T22:43:37Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] acme: Could not find solver for: tls-alpn-01"
time="2020-03-31T22:43:37Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] acme: use http-01 solver"
time="2020-03-31T22:43:37Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] acme: Trying to solve HTTP-01"
time="2020-03-31T22:43:37Z" level=debug msg="Unable to split host and port: address xxxxxx23.myqnapcloud.com: missing port in address. Fallback to request host." providerName=letsencrypt.acme
time="2020-03-31T22:43:37Z" level=debug msg="Retrieving the ACME challenge for token gpe8ugnmXaaIsiMNk1_9ZCuQBzWe3JnYXW8BNQ3OnNo..." providerName=letsencrypt.acme
time="2020-03-31T22:43:38Z" level=debug msg="Unable to split host and port: address xxxxxx23.myqnapcloud.com: missing port in address. Fallback to request host." providerName=letsencrypt.acme
time="2020-03-31T22:43:38Z" level=debug msg="Retrieving the ACME challenge for token gpe8ugnmXaaIsiMNk1_9ZCuQBzWe3JnYXW8BNQ3OnNo..." providerName=letsencrypt.acme
time="2020-03-31T22:43:38Z" level=debug msg="Unable to split host and port: address xxxxxx23.myqnapcloud.com: missing port in address. Fallback to request host." providerName=letsencrypt.acme
time="2020-03-31T22:43:38Z" level=debug msg="Retrieving the ACME challenge for token gpe8ugnmXaaIsiMNk1_9ZCuQBzWe3JnYXW8BNQ3OnNo..." providerName=letsencrypt.acme
time="2020-03-31T22:43:38Z" level=debug msg="Unable to split host and port: address xxxxxx23.myqnapcloud.com: missing port in address. Fallback to request host." providerName=letsencrypt.acme
time="2020-03-31T22:43:38Z" level=debug msg="Retrieving the ACME challenge for token gpe8ugnmXaaIsiMNk1_9ZCuQBzWe3JnYXW8BNQ3OnNo..." providerName=letsencrypt.acme
time="2020-03-31T22:43:43Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] The server validated our request"
time="2020-03-31T22:43:43Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] acme: Validations succeeded; requesting certificates"
time="2020-03-31T22:43:51Z" level=debug msg="legolog: [INFO] [xxxxxx23.myqnapcloud.com] Server responded with a certificate."
time="2020-03-31T22:43:51Z" level=debug msg="Certificates obtained for domains [xxxxxx23.myqnapcloud.com]" providerName=letsencrypt.acme
time="2020-03-31T22:43:51Z" level=debug msg="Configuration received from provider letsencrypt.acme: {\"http\":{},\"tls\":{}}" providerName=letsencrypt.acme
time="2020-03-31T22:43:51Z" level=debug msg="Adding certificate for domain(s) xxxxxx23.myqnapcloud.com"
time="2020-03-31T22:43:51Z" level=debug msg="No default certificate, generating one"
time="2020-03-31T22:43:53Z" level=debug msg="Creating middleware" entryPointName=web serviceName=noop middlewareName=pipelining middlewareType=Pipelining routerName=redirect-to-https@file
time="2020-03-31T22:43:53Z" level=debug msg="Creating load-balancer" entryPointName=web serviceName=noop routerName=redirect-to-https@file
time="2020-03-31T22:43:53Z" level=debug msg="Creating server 0 http://192.168.0.1" serviceName=noop serverName=0 routerName=redirect-to-https@file entryPointName=web
time="2020-03-31T22:43:53Z" level=debug msg="Added outgoing tracing middleware noop" entryPointName=web middlewareName=tracing middlewareType=TracingForwarder routerName=redirect-to-https@file
time="2020-03-31T22:43:53Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=web routerName=redirect-to-https@file middlewareName=https-redirect@file
time="2020-03-31T22:43:53Z" level=debug msg="Setting up redirection to https " middlewareName=https-redirect@file middlewareType=RedirectScheme entryPointName=web routerName=redirect-to-https@file
time="2020-03-31T22:43:53Z" level=debug msg="Adding tracing to middleware" routerName=redirect-to-https@file entryPointName=web middlewareName=https-redirect@file
time="2020-03-31T22:43:53Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-03-31T22:43:53Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T22:43:53Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-03-31T22:43:53Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal middlewareType=StripPrefix
time="2020-03-31T22:43:53Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik middlewareName=dashboard_stripprefix@internal routerName=dashboard@internal
time="2020-03-31T22:43:53Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex
time="2020-03-31T22:43:53Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlereName=dashboard_redirect@internal
time="2020-03-31T22:43:53Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-03-31T22:43:53Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-03-31T22:43:53Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=web-secure routerName=hass@file serviceName=hass middlewareName=pipelining
time="2020-03-31T22:43:53Z" level=debug msg="Creating load-balancer" entryPointName=web-secure routerName=hass@file serviceName=hass
time="2020-03-31T22:43:53Z" level=debug msg="Creating server 0 http://192.168.1.112:8123" entryPointName=web-secure routerName=hass@file serviceName=hass serverName=0
time="2020-03-31T22:43:53Z" level=debug msg="Added outgoing tracing middleware hass" middlewareName=tracing entryPointName=web-secure routerName=hass@file middlewareType=TracingForwarder
time="2020-03-31T22:43:53Z" level=debug msg="Creating middleware" entryPointName=web-secure middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2020-03-31T22:43:53Z" level=debug msg="Looking for provided certificate(s) to validate [\"xxxxxx23.myqnapcloud.com\"]..." providerName=letsencrypt.acme
time="2020-03-31T22:43:53Z" level=debug msg="No ACME certificate generation required for domains [\"xxxxxx23.myqnapcloud.com\"]." providerName=letsencrypt.acme
time="2020-03-31T22:45:40Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept-Encoding\":[\"gzip\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0\"],\"X-Forwarded-Host\":[\"xxxxxx23.myqnapcloud.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e9c361978130.xxxxxx23.myqnapcloud.com\"],\"X-Real-Ip\":[\"179.43.169.182\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"xxxxxx23.myqnapcloud.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"179.43.169.182:47256\",\"RequestURI\":\"/\",\"TLS\":null}"
time="2020-03-31T22:45:40Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept-Encoding\":[\"gzip\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0\"],\"X-Forwarded-Host\":[\"xxxxxx23.myqnapcloud.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e9c361978130.xxxxxx23.myqnapcloud.com\"],\"X-Real-Ip\":[\"179.43.169.182\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"xxxxxx23.myqnapcloud.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"179.43.169.182:47256\",\"RequestURI\":\"/\",\"TLS\":null}" ForwardURL="http://192.168.1.112:8123"
time="2020-03-31T22:45:40Z" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept-Encoding\":[\"gzip\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0\"],\"X-Forwarded-Host\":[\"xxxxxx23.myqnapcloud.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"e9c361978130.xxxxxx23.myqnapcloud.com\"],\"X-Real-Ip\":[\"179.43.169.182\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"xxxxxx23.myqnapcloud.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"179.43.169.182:47256\",\"RequestURI\":\"/\",\"TLS\":null}"

for dashboard,
The link to dashboard (on qnap container station) shows as
http://192.168.1.112:80/
but when i open it shows "404 page not found"

is there an option to define the dashboard address and port?
something like( i tried it didnt work)

[api]
  dashboard = true
  insecure = true
  address=192.168.1.112:8888

version: '3.7'

networks:
  rev_traefik_proxy:
    external: true

services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    networks:
      - rev_traefik_proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt/
      - ./log/:/etc/traefik/log/
    command:
    - --global.checkNewVersion=true
    - --global.sendAnonymousUsage=true

    - --log.filePath=/traefik.log
    - --log.level=INFO
    - --accessLog.filePath=/access.log
    - --accessLog.bufferingSize=100.0

    - --api.insecure=true

    - --entryPoints.web.address=:80
    - --entrypoints.web.http.redirections.entryPoint.to=web-secure
    - --entryPoints.web-secure.address=:443

    - --providers.docker.exposedByDefault=false
    - --providers.docker.network=rev_traefik_proxy

    - --certificatesResolvers.letsencrypt.acme.email=xxxxxx23@gmail.com
    - --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
    - --certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web
    labels:
      traefik.enable: true

      # Dashboard
      traefik.http.routers.traefik.rule: Host(`traefik.myqnapcloud.com`)
      traefik.http.routers.traefik.entrypoints: web-secure
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.tls.certresolver: letsencrypt
      traefik.http.routers.traefik.middlewares: auth

      traefik.http.middlewares.auth.basicauth.users: user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/ # user/password

  homeassistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:latest
    # ports:
    #   - 8123:8123
    volumes:
      - "./HA/:/config"
      - /etc/localtime:/etc/localtime:ro
    restart: always
    network_mode: "host"
    labels:
      traefik.enable: true

      traefik.http.routers.hass.rule: Host(`xxxxxx23.myqnapcloud.com`)
      traefik.http.routers.hass.entrypoints: web-secure
      traefik.http.routers.hass.tls.certresolver: letsencrypt

Thanks a lot @ldez ,
can u please go back to version using toml files?
i'd like to understand whats the right conifiguration as I already start with such configuration..
now i don't really see the relation of router, middlewares
it is very confusing casue seems most of the thing were in toml - u remove it from the docker-compose.
thanks again !

To create routing for containers, I recommend to not use the file provider.
Like that:

  • you don't have to expose your container's ports
  • you don't have to manage IPs

The main goal of Traefik is to manage dynamic architecture:

  • a container appears, Traefik detect it and create the configuration (based on labels)
  • a container disappears, Traefik detect it and remove the configuration

The file provider breaks this dynamic behavior.

The file provider, for the routing, has been introduced for only old architecture (VMs, bare metal servers, ...)

So I will not give you a TOML version but just a kind of "translation" that I recommend to not use:

Traefik Dashboard
# Dashboard
traefik.http.routers.traefik.rule: Host(`traefik.myqnapcloud.com`)
traefik.http.routers.traefik.entrypoints: web-secure
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.traefik.tls.certresolver: letsencrypt
traefik.http.routers.traefik.middlewares: auth

traefik.http.middlewares.auth.basicauth.users: user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/ # user/password

==>

# Dashboard
[http.routers.traefik]
  rule = "Host(`traefik.myqnapcloud.com`)"
  entrypoints = "web-secure"
  service = "api@internal"
  middlewares = "auth"
  [http.routers.traefik.tls]
    certresolver= "letsencrypt"

[http.middlewares.auth.basicauth]
  users = ["user:$apr1$q8eZFHjF$Fvmkk//V6Btlaf2i/ju5n/"] # user/password
hass
traefik.http.routers.hass.rule: Host(`xxxxxx23.myqnapcloud.com`)
traefik.http.routers.hass.entrypoints: web-secure
traefik.http.routers.hass.tls.certresolver: letsencrypt

==>

[http.routers.hass]
  rule = "Host(`xxxxxx23.myqnapcloud.com`)"
  entrypoints = "web-secure"
  service = "hass"
  [http.routers.hass.tls]
    certresolver = "letsencrypt"

[http.services.hass.loadBalancer]
  [[http.services.hass.loadBalancer.servers]]
    url = "URL_INSIDE_THE_CONTAINER"
1 Like

Thanks @ldez

So in what condition the file provider is required?
for the traefik dynamic architecture -
thanks for the tip - surely will take ur recommendation and will not use any provider file but will base on labels.

I got little delay updating this post as as i got too blocked temporarily by letsencrypt ,

I added the line :

    - --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory

and re try,
seems the homeassitant container must have the port define , other wise it throwing error.
so i un-comment it .

im confuse about this line :

traefik.http.routers.traefik.rule: Host(`traefik.myqnapcloud.com`)

please note ,my domain is ######23.myqnapcloud.com and not myqnapcloud.com
the domain doesn't support sub domain.
So i guess i can only access traefik dashboard internally right?
i tried below configuration (which some worked in 1.74):

version: '3.7'

networks:
  rev_traefik_proxy:
    external: true

services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    networks:
      - rev_traefik_proxy
    ports:
      - 80:80
      - 443:443
      - 8888:8888

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt/
      - ./traefik/log/:/etc/traefik/log/
    command:
    - --global.checkNewVersion=true
    - --global.sendAnonymousUsage=true

    - --log.filePath=etc/traefik/log/traefik.log
    - --log.level=DEBUG
    - --accessLog.filePath=etc/traefik/log/access.log
    - --accessLog.bufferingSize=100
    - --api.dashboard=true
    - --api.insecure=true
    - --entryPoints.dashboard.address=:8888
    
    - --entryPoints.web.address=:80
    - --entrypoints.web.http.redirections.entryPoint.to=websecure
    - --entryPoints.websecure.address=:443

    - --providers.docker.exposedByDefault=false
    - --providers.docker.network=rev_traefik_proxy

    - --certificatesResolvers.letsencrypt.acme.email=xxxxxxxx23@gmail.com
    - --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
    - --certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web
    # test mode
    - --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
    - --entrypoints.web.http.redirections.entryPoint.to=websecure
    - --entryPoints.websecure.address=:443    


  homeassistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:latest
    ports:
       - 8123:8123
    volumes:
      - "./HA/:/config"
      - /etc/localtime:/etc/localtime:ro
    restart: always
    network_mode: host
    labels:
      traefik.enable: true
      traefik.http.routers.hass.rule: Host(`xxxxxxxx23.myqnapcloud.com`)
      traefik.http.routers.hass.entrypoints: websecure
      traefik.http.routers.hass.tls.certresolver: letsencrypt

basically , i expect access the dashboard on server IP (host) in port 8888.

getting error :

tail -f /share/Avi/traefik/traefik/log/traefik.log
time="2020-04-10T11:30:54Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2020-04-10T11:30:54Z" level=debug msg="Creating middleware" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-04-10T11:30:54Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-04-10T11:30:54Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2020-04-10T11:30:54Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-04-10T11:30:54Z" level=debug msg="Added outgoing tracing middleware noop@internal" routerName=web-to-websecure@internal middlewareType=TracingForwarder middlewareName=tracing entryPointName=web
time="2020-04-10T11:30:54Z" level=debug msg="Creating middleware" middlewareName=redirect-web-to-websecure@internal routerName=web-to-websecure@internal entryPointName=web middlewareType=RedirectScheme
time="2020-04-10T11:30:54Z" level=debug msg="Setting up redirection to https 443" routerName=web-to-websecure@internal entryPointName=web middlewareType=RedirectScheme middlewareName=redirect-web-to-websecure@internal
time="2020-04-10T11:30:54Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
time="2020-04-10T11:30:54Z" level=debug msg="Creating middleware" entryPointName=web middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2020-04-10T11:31:27Z" level=debug msg="Serving default certificate for request: \"\""
time="2020-04-10T11:31:27Z" level=debug msg="http: TLS handshake error from 192.168.1.130:2550: remote error: tls: unknown certificate"
time="2020-04-10T11:31:27Z" level=debug msg="Serving default certificate for request: \"\""
time="2020-04-10T11:31:28Z" level=debug msg="http: TLS handshake error from 192.168.1.130:2551: remote error: tls: unknown certificate"
time="2020-04-10T11:32:36Z" level=debug msg="Serving default certificate for request: \"\""
time="2020-04-10T11:32:36Z" level=debug msg="http: TLS handshake error from 192.168.1.130:2560: remote error: tls: unknown certificate"
time="2020-04-10T11:32:37Z" level=debug msg="Serving default certificate for request: \"\""
time="2020-04-10T11:32:37Z" level=debug msg="http: TLS handshake error from 192.168.1.130:2561: remote error: tls: unknown certificate"
version: '3.7'

networks:
  rev_traefik_proxy:
    external: true

services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    networks:
      - rev_traefik_proxy
    ports:
      - 80:80
      - 443:443
      - 8888:8888
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt/
      - ./traefik/log/:/etc/traefik/log/
    command:
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true

      - --log.filePath=etc/traefik/log/traefik.log
      - --log.level=INFO
      - --accessLog.filePath=etc/traefik/log/access.log
      - --accessLog.bufferingSize=100

      - --api

      - --entrypoints.dashboard.address=:8888
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.websecure.address=:443
  
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=rev_traefik_proxy

      - --certificatesresolvers.letsencrypt.acme.email=xxxxxxxx23@gmail.com
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.letsencrypt.acme.httpChallenge.entryPoint=web
      # test mode
      - --certificatesresolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
    labels:
      traefik.enable: true

      # Dashboard
      traefik.http.routers.traefik.rule: Host(`xxxxxxxx23.myqnapcloud.com`)
      traefik.http.routers.traefik.entrypoints: dashboard
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: auth

      traefik.http.middlewares.auth.basicauth.users: user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/ # user/password

  homeassistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:latest
    volumes:
      - "./HA/:/config"
      - /etc/localtime:/etc/localtime:ro
    restart: always
    network_mode: host
    labels:
      traefik.enable: true

      traefik.http.routers.hass.rule: Host(`xxxxxxxx23.myqnapcloud.com`)
      traefik.http.routers.hass.entrypoints: websecure
      traefik.http.routers.hass.tls.certresolver: letsencrypt
1 Like

@ldez ,

I configure the docker-compose exactly as you mention ,
dashboard is not accessible in:
http://192.168.1.112:8888/dashboard/
getting "404 page not found"
I verified port 8888 is not occupied by other process

log:

[/share/Avi/traefik/traefik/log] # tail -f traefik.log
time="2020-04-10T18:20:55Z" level=info msg="Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration."
time="2020-04-10T18:20:55Z" level=info msg="Help us improve Traefik by leaving this feature on :)"
time="2020-04-10T18:20:55Z" level=info msg="More details on: https://docs.traefik.io/contributing/data-collection/"
time="2020-04-10T18:20:55Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-04-10T18:20:55Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"rev_traefik_proxy\",\"swarmModeRefreshSeconds\":15000000000}"
time="2020-04-10T18:20:55Z" level=info msg="Starting provider *acme.Provider {\"email\":\"xxxxx23@gmail.com\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"},\"ResolverName\":\"letsencrypt\",\"store\":{},\"ChallengeStore\":{}}"
time="2020-04-10T18:20:55Z" level=info msg="Testing certificate renew..." providerName=letsencrypt.acme
time="2020-04-10T18:20:55Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-04-10T18:20:56Z" level=warning msg="Could not find network named 'rev_traefik_proxy' for container '/homeassistant'! Maybe you're missing the project's prefix in the label? Defaulting to first available network." container=homeassistant-traefik-132a5af943fe4dec5d71f2866d03a4bad29fce761002059533b24bbafa737df5 serviceName=homeassistant-traefik providerName=docker
time="2020-04-10T18:20:56Z" level=error msg="service \"homeassistant-traefik\" error: port is missing" container=homeassistant-traefik-132a5af943fe4dec5d71f2866d03a4bad29fce761002059533b24bbafa737df5 providerName=docker

version: '3.7'

networks:
  rev_traefik_proxy:
    external: true

services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    networks:
      - rev_traefik_proxy
    ports:
      - 80:80
      - 443:443
      - 8888:8888
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt/
      - ./traefik/log/:/etc/traefik/log/
    command:
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true

      - --log.filePath=etc/traefik/log/traefik.log
      - --log.level=INFO
      - --accessLog.filePath=etc/traefik/log/access.log
      - --accessLog.bufferingSize=100

      - --api

      - --entrypoints.dashboard.address=:8888
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.websecure.address=:443
  
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=rev_traefik_proxy

      - --certificatesresolvers.letsencrypt.acme.email=xxxxxxxx23@gmail.com
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.letsencrypt.acme.httpChallenge.entryPoint=web
      # test mode
      - --certificatesresolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
    labels:
      traefik.enable: true

      # Dashboard
      traefik.http.routers.traefik.rule: Host(`xxxxxxxx23.myqnapcloud.com`)
      traefik.http.routers.traefik.entrypoints: dashboard
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: auth

      traefik.http.middlewares.auth.basicauth.users: user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/ # user/password

  homeassistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:latest
    volumes:
      - "./HA/:/config"
      - /etc/localtime:/etc/localtime:ro
    restart: always
    network_mode: host
    labels:
      traefik.enable: true

      traefik.http.routers.hass.rule: Host(`xxxxxxxx23.myqnapcloud.com`)
      traefik.http.routers.hass.entrypoints: websecure
      traefik.http.routers.hass.tls: true
      traefik.http.routers.hass.tls.certresolver: letsencrypt
      traefik.http.services.myservice.loadbalancer.server.port: 8123

Thanks @ldez,

I added the line for the port :

    traefik.http.services.myservice.loadbalancer.server.port: 8123

delete cache from browser.

from internal network ,i'm able to access HA via http://192.168.1.112:8123
but with http://xxxxxxxx23.myqnapcloud.com:8888
Getting " This site can’t be reached".
No message in access.log

https://xxxxxxxx23.myqnapcloud.com --> takes me my router home page.

when connecting from outside the network using
https://xxxxxxxx23.myqnapcloud.com
getting "bad gateway"
from access.log:

46.19.86.40 - - [11/Apr/2020:00:51:11 +0000] "GET / HTTP/2.0" 502 11 "-" "-" 26 "hass@docker" "http://127.0.0.1:8123" 15ms

@ldez
Thanks a lot for ur assistance man - I really appreciate it !

i couldn't solve it , my server probably marked by some attackers as in the second i start it i got hundred of calls from unknown addresses.
I decided to change domain so i bought new domain and register it to CF,
hopefully this will make it safer.

I open new post for traefik+ CL:

(Although it very interesting to know what was wrong in this setup)