Unable to activate Secure dashboard on traefik 2.2.1

rgvargas29 · May 25, 2020, 10:36pm

Hi Folks,
I'm new to this traefik, and i'm trying to make the secure dashboard work but so far no luck
I've read many solutions over the internet here in this very same forum and still none of those worked for me, so I'm here asking for your wisdom as maybe im the problem here.

The only way it works its on insecure mode.

I have a MX record traefik.mydomain.com that points to my manager ip address.
Im trying to deploy on swarm
If there is already some solution and i couldnt find it im sorry beforehand for opening this thread but im crazy about this dashboard.

Here is my compose file

version: '3.3'

services:

traefik:
    image: traefik:2.2.1
    command:
        - "--api.insecure=true"
        - "--api.dashboard=true"
        - "--api.debug=true"
        - "--log.level=DEBUG"
        - "--providers.docker=true"
        - "--providers.docker.swarmMode=true"
        - "--providers.docker.exposedbydefault=false"
        - "--providers.docker.network=frontend"
        - "--providers.file.filename=/traefik_conf.yaml"
        - "--entryPoints.web.address=:80"
        - "--entryPoints.websecure.address=:443"
        - "--certificatesResolvers.le.acme.email=rgvargas@rickyflix.xyz"
        - "--certificatesResolvers.le.acme.storage=/letsencrypt/acme.json"
        - "--certificatesResolvers.le.acme.tlsChallenge=true"
        - "--certificatesResolvers.le.acme.httpChallenge=true"
        - "--certificatesResolvers.le.acme.httpChallenge.entryPoint=web"
    ports:
        - 80:80
        - 443:443
        - 8080:8080
    networks:
        - frontend
    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - type: bind
          source: /dockers/swarm/traefik/traefik_conf.yaml
          target: /traefik_conf.yaml
        - type: bind
          source: /dockers/swarm/letsencrypt
          target: /letsencrypt
    labels:
        # Dashboard
        - "traefik.enable=true"
        - "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
        - "traefik.http.routers.api.entrypoints=web"
        - "traefik.http.routers.traefik-secure.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
        - "traefik.http.routers.traefik-secure.entrypoints=websecure"
        - "traefik.http.routers.traefik-secure.tls=true"
        - "traefik.http.routers.traefik-secure.tls.certresolver=le"
        - "traefik.http.routers.api.service=api@internal"
        - "traefik.http.routers.api.middlewares=auth"
        - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
        # Docker swarm need a dummy service for port detection
        - "traefik.http.services.dummy-service.loadbalancer.server.port=59999"
    deploy:
      placement:
        constraints: [node.role == manager]
      restart_policy:
        condition: on-failure

networks:
frontend:
external: true

cakiwi · May 27, 2020, 2:28pm

Can you expand on how this is specifically not working/ what is working?

You have this which sets up the dashboard on port 8080. Is this just a backup while you get this working on on the other entryPoints?

rgvargas29:

        - "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
...
...
        - "traefik.http.routers.traefik-secure.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"

You have this setup on both web and websecure entrypoints ?

Auth is only setup on the router using the web entrypoint.

rgvargas29 · May 27, 2020, 4:41pm

Hi there
as per the solutions i've tried, this is the most complete one, still have seen other forum post in here but didnt bookmarked all
Solution 1

regarding the api.insecure=true i have it activated beacase is the only way i can get in the dashboard for now; when testing the secure dashboard that line and the port 8080 are commented out.

on the entrypoints, yes i have them both i havent been able to redirect http to https so, in all my services i enable them both and do the redirection on the service itself.

Auth: you mean i have to add the auth middlware to the traefik-secure router as well?

Thanks for your time

cakiwi · May 29, 2020, 12:54pm

Hi @rgvargas29

I just took another look at this. Your labels section is not nested under the deploy: label which is where it need to be for swarm mode.

rgvargas29 · May 29, 2020, 5:04pm

Hi cakiwi
Thanks for your input indeed the labels were misplaced still im getting 404 error then trying to access http://traefik.mydomain.com https://traefik.mydomain.com http://traefik.mydomain.com/dashboard/ https://traefik.mydomain.com/dashboard/

Good thing though is that the certificate for the https was generated by the ACME letsencrypt

attached is my "new" labels

If you happend to see something else wrong please do let me know

cakiwi · May 29, 2020, 5:09pm

I think is is because you are referencing middleware auth but have only defined test-auth

rgvargas29 · May 29, 2020, 5:58pm

Thank you , got it working already
hope this post help some others out in the wild
Have a nice one.

Regards

Topic		Replies	Views
No way to get dashboard to work in secure mode Traefik v2 (latest) dashboard-api	3	828	October 15, 2020
Installation problem on docker compose Traefik v2 (latest) docker-swarm , dashboard-api	7	1442	June 9, 2023
Traefik doesn't seem to work with api@internal service Traefik v2 (latest) docker-swarm , dashboard-api , middleware	7	8222	December 9, 2023
Can not access dashboard with traefik in docker swarm Traefik v2 (latest) letsencrypt-acme	17	2315	September 13, 2021
Unable to configure dashboard in secure mode Traefik v2 (latest) docker , dashboard-api	5	1444	August 10, 2023

Unable to activate Secure dashboard on traefik 2.2.1

Related Topics