Hello,
I'm pretty new to Traefik so apologies if this issue has an obvious solution, however, I'm at my wits end trying to fix this minor issue. Basically, I'm trying to configure Traefik so that it uses HTTPS, including on the dashboard. In the documentation, It's shown as being as simple as just enabling the dashboard. Alas, this has not worked, and online guides and help topics on here have proven no dice either.
For the most part, everything works as expected, and a valid SSL cert is issued and can be seen when viewing traefik.mydomain.com. However, when trying to do so for the dashboard, it comes back as a connection refused. As a bonus, the dashboard is somewhat viewable, albeit in a broken state, when accessing traefik.mydomain.com:8080 as shown here: https://i.imgur.com/CoYatTq.png
Interestingly, when disabling secure mode (--api.insecure=true
), the dashboard works just as expected, minus auth capabilities which I'd assume only kick in when it's in secure mode. Everything else is still accessible via HTTPS as well.
Another interesting thing is the fact that the labels I set for forcing HTTPS via a redirect don't work whatsoever, but I assume they don't exist and/or are incorrect as the dashboard when viewed via insecure mode kicks up a fuss about them.
Here is my docker-compose.yml
file. Apologies for the mess, furious googling and forum-searching have left it looking a bit like a warzone
version: "3.8"
services:
traefik:
image: traefik:v2.5
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=REMOVED@EXAMPLE.COM" #1
- "--certificatesresolvers.myresolver.acme.storage=/acme.json"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--log.level=DEBUG"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./acme.json:/acme.json"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.MYDOMAIN.uk`)"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect,basic-auth-global"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.MYDOMAIN.uk`)"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=myresolver"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "traefik.http.routers.traefik_https.middlewares=basic-auth-global"
- "traefik.http.middlewares.basic-auth-global.basicauth.users=REMOVED:REMOVED"
- "traefik.http.middlewares.no-http.redirectscheme.scheme=https"
- "traefik.http.routers.redirect-to-https.rule=HostRegexp({host:.+})"
- "traefik.http.routers.redirect-to-https.entrypoints=http"
- "traefik.http.routers.redirect-to-https.middlewares=no-http"
networks:
default:
external:
name: web
Some help with explanations so I can learn and know for next time would be appreciated!
Thanks.