Unable to Access the Dashboard from my Domain

Hi Everyone,

This is my first time trying to set up Traefik in a docker container on my Synology NAS. Everything seems to be functioning correctly on my local network and I can access it from my WAN IP as well, but I can't get it to work from my domain. I am just getting 404's. I have tried countless combinations of labels and commands, but I haven't been able to progress any further. I wondered if someone could please offer some advice on how to proceed.

Thanks in advance.

version: "3.9"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    environment:
      - "CF_API_EMAIL=${CF_API_EMAIL}"
      - "CF_API_KEY=${CF_API_KEY}"
      - "TZ=${TZ}"
    volumes:
      - "/volume1/docker/traefik/data:/data"
      - "/var/run/docker.sock:/var/run/docker.sock"
    command:
      - --api.insecure=true # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION
      - --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc.
      - --api.debug=true # <== Enabling additional endpoints for debugging and profiling
      - --log.level=DEBUG # <== Setting the level of the logs from traefik
      - --providers.docker=true # <== Enabling docker as the provider for traefik
      - --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik
      # - --providers.file.filename=/dynamic.yaml # <== Referring to a dynamic configuration file
      - --providers.docker.network=web # <== Operate on the docker network named web
      - --entrypoints.web.address=:80 # <== Defining an entrypoint for port :80 named web
      - --entrypoints.web-secured.address=:443 # <== Defining an entrypoint for https on port :443 (not really needed)
    networks:
      - macvlan_network
      - web
    labels:
      - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to$
      - "traefik.http.routers.api.rule=Host(`monitor.mitchcomp.au`)" # <== Setting the domain for the d$
      - "traefik.http.routers.api.service=api@internal" # <== Enablin

networks:
  macvlan_network:
    name: macvlan_network
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: "192.168.0.0/24"
          ip_range: "192.168.0.240/32"
          gateway: "192.168.0.1"
  web:
    external: true

I should also mention that I have forwarded port 8080 to 8080 on 192.168.0.240.

Disable --api.insecure=true, and check simple Traefik example.

Thanks @bluepuma77. I tried this, but because my NAS makes use of 80 and 443 ports I couldn't use the simple example. I made changes to run over a macvlan, however I now get a ERR_TOO_MANY_REDIRECTS error even using the local ip. But I had to comment out the proxy and whoami portions otherwise it threw:

Error response from daemon: driver failed programming external connectivity on endpoint traefik-traefik-1 (9abdeb1b021ebd85e63861f20c30d756afa40d765a00651c0c822831e933d6a1): Error starting userland proxy: listen tcp4 0.0.0.0:443: bind: address already in use

I don’t understand macvlan. Why not just use

ports:
  - 8080:80
  - 8443:443

Or use 8080:8080 and change the port inside entrypoints config.

version: '3.9'

services:
  traefik:
    image: traefik:v3.0
    ports:
      - 80:80
      - 443:443
    networks:
      - macvlan_network
      # - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - letsencrypt:/letsencrypt
      #- /var/log:/var/log
    command:
      - --api.dashboard=true
      - --log.level=INFO
      #- --log.filepath=/var/log/traefik.log
      - --accesslog=true
      #- --accesslog.filepath=/var/log/traefik-access.log
      - --providers.docker.network=proxy
      - --providers.docker.exposedByDefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls.certresolver=myresolver
      - --certificatesresolvers.myresolver.acme.email=${EMAIL_ADDRESS}
      - --certificatesresolvers.myresolver.acme.tlschallenge=true
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.rule=Host(`traefik.${DOMAIN}`)
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth
      - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

  # whoami:
  #   image: traefik/whoami:v1.8
  #   networks:
  #     - proxy
  #   labels:
  #     - traefik.enable=true
  #     - traefik.http.routers.mywhoami.rule=Host(`whoami.${DOMAIN}`) || Host(`www.whoami.${DOMAIN}`)
  #     - traefik.http.services.mywhoami.loadbalancer.server.port=80

  #     - traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
  #     - traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://$${1}
  #     - traefik.http.routers.mywhoami.middlewares=mywwwredirect

networks:
  macvlan_network:
    name: macvlan_network
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: "192.168.0.0/24"
          ip_range: "192.168.0.240/30"
          gateway: "192.168.0.1"
  # proxy:
  #   name: proxy

volumes:
  letsencrypt:
    name: letsencrypt

Which results in ERR_CONNECTION_REFUSED

I tried using alternative ports initially, but I still couldn't get it to work. Plus, I read that macvlan was the best way to deal with port conflict. I will try the method you suggested, using the modified ports.

I can't use 8080 though, isn't that for the Dashboard?

When you use api.insecure, Traefik automatically uses port 8080, otherwise you can just use a normal router with regular host and port.

Ahhhh ok.

So this time I did the following:

version: '3.9'

services:
  traefik:
    image: traefik:v3.0
    ports:
      - 8080:8080
      - 8443:8443
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - letsencrypt:/letsencrypt
      #- /var/log:/var/log
    command:
      - --api.dashboard=true
      - --log.level=INFO
      #- --log.filepath=/var/log/traefik.log
      - --accesslog=true
      #- --accesslog.filepath=/var/log/traefik-access.log
      - --providers.docker.network=proxy
      - --providers.docker.exposedByDefault=false
      - --entrypoints.web.address=:8080
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:8443
      - --entrypoints.websecure.http.tls.certresolver=myresolver
      - --certificatesresolvers.myresolver.acme.email=${EMAIL_ADDRESS}
      - --certificatesresolvers.myresolver.acme.tlschallenge=true
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.rule=Host(`traefik.${DOMAIN}`)
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth
      - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

  whoami:
    image: traefik/whoami:v1.8
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.mywhoami.rule=Host(`whoami.${DOMAIN}`) || Host(`www.whoami.${DOMAIN}`)
      - traefik.http.services.mywhoami.loadbalancer.server.port=80

      - traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
      - traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://$${1}
      - traefik.http.routers.mywhoami.middlewares=mywwwredirect

networks:
  proxy:
    name: proxy

volumes:
  letsencrypt:
    name: letsencrypt

Going to http://whoami.${DOMAIN}/ results in the following error:

image1954×970 104 KB

I have forwarded ports 8080 to 8080 and 8443 to 8443 on my router and pointed to my Synology ip.

@bluepuma77 - I noticed this post you replied to earlier and tried using the docker-compose you included in your reply. This also results in a 522 error from Cloud flare.

Try without Cloudflare tunnel/proxy first, it has a lot of configuration that can go wrong. When basic Traefik works, then you can go the next step and add another component in front.

Ok mate. Thank you. I will try that.