Hello, I am a new user of Traefik and I recently installed it a few weeks ago and it has been working great until the past couple of days. I have done an endless search for an answer, but the similar topics regarding this did not yield any resolution or apply to my situation. Bare with me as I normally do not post often on support forums. So if I miss anything please let me know and I can provide that information.
I am running Traefik v3.3.5 in a Docker container on a Proxmox VM with Linux 22.04. When I attempt to go to traefik.mydomain.com/dashboard/ it no longer loads and I am presented with a "404 page not found" message. I have also attempted to access via IP and get the same message. I feel it is probably just a misconfiguration or I am forgetting something that needs the dashboard to load. With that said, Traefik otherwise is working and is routing traffic properly and other containers such as Portainer, Pihole, etc that are behind Traefik load without any issues.
As I mentioned I was able to access the dashboard without any issues until just the other day. Prior to upgrading to v3.3.5 and setting up Authentik and TLS certs for Docker sockets. Even after that time I could access the dashboard and out of no where it just stopped. I do not feel the above caused it but thought I would included in case it may be relevant. I did restart the VM and I am not sure that is when it stopped working or not so it was working prior to doing the above, but maybe after the restart that is when it stopped. So I need another set of eyes that could help out to what might be causing the dashboard to no longer load as I have gone through it with great detail, but since I am new to Traefik I am positive it is something I have missed due to being inexperienced and still learning this application.
Docker Compose
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true # helps to increase security
secrets:
- cf-token # the secret at the bottom of this file
env_file:
- .env # store other secrets e.g., dashboard password
networks:
proxy:
ports:
- 80:80
- 443:443
# - 10000:10000 # optional
# - 33073:33073 # optional
environment:
- TRAEFIK_DASHBOARD_CREDENTIALS=${TRAEFIK_DASHBOARD_CREDENTIALS}
- CF_API_EMAIL=nick@ranchmc.com # Cloudflare email
# - CF_DNS_API_TOKEN=YOUR-TOKEN # Cloudflare API Token
- CF_DNS_API_TOKEN_FILE=/run/secrets/cf-token # see https://doc.traefik.io/traefik/https/acme/#providers
# token file is the proper way to do it
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
- ./data/config.yml:/config.yml:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./logs:/var/log/traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.mydomain.net`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.mydomain.net`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=mydomain.net"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.mydomain.net"
- "traefik.http.routers.traefik-secure.service=api@internal"
secrets:
cf-token:
file: ./cf-token
networks:
proxy:
external: true
Traefik config
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
# middlewares: # uncomment if using CrowdSec - see my video
# - crowdsec-bouncer@file
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
# http:
# middlewares: # uncomment if using CrowdSec - see my video
# - crowdsec-bouncer@file
# tcp:
# address: ":10000"
# apis:
# address: ":33073"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml # example provided gives A+ rating https://www.ssllabs.com/ssltest/
certificatesResolvers:
cloudflare:
acme:
caServer: https://acme-v02.api.letsencrypt.org/directory # production (default)
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging (testing)
email: nick@ranchmc.com # Cloudflare email (or other provider)
storage: acme.json
dnsChallenge:
provider: cloudflare # change as required
# disablePropagationCheck: true # Some people using Cloudflare note this can solve DNS propagation issues.
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
log:
level: DEBUG
filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"
Dynamic config
http:
middlewares:
default-security-headers:
headers:
customBrowserXSSValue: 0 # X-XSS-Protection=1; mode=block
contentTypeNosniff: true # X-Content-Type-Options=nosniff
forceSTSHeader: true # Add the Strict-Transport-Security header even when the connection is HTTP
frameDeny: false # X-Frame-Options=deny
referrerPolicy: "strict-origin-when-cross-origin"
stsIncludeSubdomains: true # Add includeSubdomains to the Strict-Transport-Security header
stsPreload: true # Add preload flag appended to the Strict-Transport-Security header
stsSeconds: 3153600 # Set the max-age of the Strict-Transport-Security header (63072000 = 2 years)
contentSecurityPolicy: "default-src 'self'"
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
https-redirectscheme:
redirectScheme:
scheme: https
permanent: true
routers:
portainer:
entryPoints:
- "https"
rule: "Host(`portainer.mydomain.net`)"
middlewares:
- default-security-headers
- https-redirectscheme
tls: {}
service: portainer
pihole:
entryPoints:
- "https"
rule: "Host(`pihole2.mydomain.net`)"
middlewares:
- default-security-headers
- https-redirectscheme
- addprefix-pihole
- redirectregex-pihole
tls: {}
service: pihole
services:
portainer:
loadBalancer:
servers:
- url: "https://10.1.20.100:9000"
passHostHeader: true
pihole:
loadBalancer:
servers:
- url: "https://10.1.20.100:85"
passHostHeader: true