Traefik with Docker, shows 404 for HTTPS

I want to use traefik to manage ingress to various docker containers. However so far I'm starting with a very basic config:

services:
  traefik:
    image: traefik:v3.0
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    command:
      - "--api=true"
      - "--api.dashboard=true"
      - "--serversTransport.insecureSkipVerify=true"
      - "--log.level=DEBUG"
      - "--providers.docker=true"
      - "--providers.docker.network=proxy"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"      
      - "--entrypoints.web.address=:80"

  whoami:
    image: traefik/whoami:latest
    container_name: whoami
    command:
      - "--verbose"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.my.domain`)"
      - "traefik.http.routers.whoami.entrypoints=web"
      - "traefik.http.routers.whoami-secure.rule=Host(`whoami.my.domain`)"
      - "traefik.http.routers.whoami-secure.entrypoints=websecure"

    networks:
      - proxy
      
networks:
  proxy:
    external: true

My problem is that access to http://whoami.my.domain works as expected, but accessing https://whoami.my.domain shows a 404 page not foundonly.

I am not sure what I am doing wrong. If I understand the documentation correctly, I wouldn't even need to define the entrypoints for the whoami service, since by default all HTTP and HTTPS entrypoints should point to the first exposed port of the container.

Indeed the following works just as fine:

  whoami:
    image: traefik/whoami:latest
    container_name: whoami
    command:
      - "--verbose"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.my.domain`)"
    networks:
      - proxy

But the symptoms are the same. Port 80 works, port 443 returns a 404.

What am I missing?

You set the router to only use entrypoint web, not websecure. So requests with https to router websecure have no rule to match.

Compare to simple Traefik example.

Turns out the problem is that no TLS configuration was added. This was deliberate since I wanted to use Traefik's self signed certificate while figuring things out. The trick is to simply set --entrypoints.websecure.http.tls=true.

For completeness, here is a working configuration:

services:
  traefik:
    image: traefik:v3.0
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    command:
      - "--api=true"
      - "--api.dashboard=true"
      - "--serversTransport.insecureSkipVerify=true"
      - "--log.level=DEBUG"
      - "--providers.docker=true"
      - "--providers.docker.network=proxy"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      - "--entrypoints.web.address=:80"

  whoami:
    image: traefik/whoami:latest
    container_name: whoami
    command:
      - "--verbose"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.my.domain`)"

    networks:
      - proxy
      
networks:
  proxy:
    external: true

The above makes the first exposed port of the whoami image available via HTTP and HTTPs (the latter with a self signed certificate).

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.