Traefik v2 Dashboard 404 - Without insecure=true, dashboard is not working

Traefik Traefik v2 (latest)
1

Issue: Dashboard is not working (Getting 404 error). It's working with insecure but I want it with secure.
Traefik version/image: traefik:2.4.8

We are using our own self signed certificates.

Here is my Ingress Configuration:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
  namespace: public
spec:
  entryPoints:
    - traefik
  routes:
  - match: Host(`dashboard.manu.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
    kind: Rule
    services:
    - name: api@internal
      kind: TraefikService
    middlewares:
      - name: auth
  tls:
    secretName: traefik-wildcard-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: auth
  namespace: public
spec:
  basicAuth:
    secret: dashboard-secret
    namespace: public

As per the document, it looks like we need not create any separate service to access dashboard but if we mention TraefikService, then it should work.

Additional information (toml file)

  traefik.toml: |
    [entryPoints]
      [entryPoints.web]
        address = ":80"
      [entryPoints.websecure]
        address = ":443"
          [entryPoints.websecure.http.tls]
            certResolver = "default"
      [entryPoints.traefik]
        address = ":9000"

    [providers]
      providersThrottleDuration = "2s"
      [providers.kubernetesIngress]
        throttleDuration = "0s"
      [providers.file]
        filename = "/ssl-toml/ssl.toml"

    [api]
      dashboard = true

    [[tls.certificates]]
       certFile = "/ssl/tls.crt"
       keyFile = "/ssl/tls.key"

    [tls.options]
      [tls.options.default]
        minVersion = "VersionTLS12"
        cipherSuites = [
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
          "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
          "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        ]

Not sure, what I am doing wrong. Can someone please suggest.

2

Hi @Manmohan,

Thanks for your interest in Traefik !

In the doc, it is explained that:

  • Start by enabling the dashboard by using the following option from Traefik's API on the static configuration: --api.dashboard=true
  • Then define a routing configuration on Traefik itself, with a router attached to the service api@internal in the dynamic configuration: traefik.http.routers.traefik.service=api@internal
1 Like
3

Thanks for your response but didn't I do the same thing?

I followed:

4

You'll find here a working example of exposing the dashboard using the internal service : traefik-demo/kubernetes/ingressroute/dashboard at v2.4 · tomMoulard/traefik-demo · GitHub

1 Like
5

Thank you Tom for checking on that.

Instead of Kubernetes CRDs, I updated in the toml file and it started working.

[http.routers.my-api]
  rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
  service = "api@internal"
  middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
  users = [
    "test:$apr1$H6uskaa$IgXLP6ewTrSuBkTrqE8dfasj/",
  ]
6

Is there a reason that adding something like traefik.http.routers.traefik.service=api@internal to the static-configuration does not trigger an error/warning (for at least the dashboard)?

Would have saved me some time at least; but glad I came across this.

1 Like