V2.2.1 not reading middlewares or TLS file

Traefik Traefik v2
,
1

Just dove back in after moving back to NGINX when the 1.x to 2.x shift happened. I am most of the way back to an entirely working setup, sans not being able to leverage custom TLS options or middleware files.

below is my docker-compose.yml

version: "3"

services:
  traefik:
    image: traefik
    container_name: "traefik"
    hostname: "traefik"
    networks:
      - default
    ports:
      - "80:80"
      - "8999:8080"
      - "443:443"
      - "8443:8443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "$PWD/traefik.yml:/etc/traefik/traefik.yml:ro"
      - "$PWD/conf/:/rules:ro"
      - "$PWD/acme/acme.json:/letsencrypt/acme.json"
      - "$PWD/log/traefik.log:/traefik.log"
    environment:
      - CF_API_EMAIL=jobbluth@gmail.com
      - CF_API_KEY=aztectomb
    labels:
      # global redirect to https
      - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
      - traefik.http.routers.http-catchall.entrypoints=web
      - traefik.http.routers.http-catchall.middlewares=redirect-to-https

      #Middleware redirect
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https

      # global wildcard certificates
      - traefik.enable=true
      - traefik.http.routers.traefik.tls.certresolver=lets-encr
      - traefik.http.routers.traefik.tls.domains[0].main=bluthco.com
      - traefik.http.routers.traefik.tls.domains[0].sans=*.bluthco.com

      # dashboard
      - traefik.http.routers.traefik.rule=Host(`traefik.bluthco.com`)
      - traefik.http.routers.traefik.tls=true
      - traefik.http.routers.traefik.entrypoints=websecure
      - traefik.http.routers.traefik.service=api@internal

networks:
  default:
    external:
      name: public

here is the traefik,yml

## STATIC CONFIGURATION
api:
  insecure: true
  dashboard: true

log:
  level: DEBUG
  filePath: "traefik.log"
  format: json

entryPoints:
  web:
    address: ":80"

  websecure:
    address: ":443"

  websecure2:
    address: ":8443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: "public"
file:
  directory: "/rules"
  watch: true
certificatesResolvers:
  lets-encr:
    acme:
      email: buster.bluth@bluthco.com
      storage: /letsencrypt/acme.json
      #caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
        delayBeforeCheck: 0

here is the tls file id like to leverage

tls:
  options:
    TLSv13:
      minVersion: VersionTLS13
      cipherSuites:
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
      sniStrict: true

    TLSv12:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      sniStrict: true

I get the fun TLSv12 not found when applying the

- "traefik.http.routers.droppy.tls.options=TLSv12@file"

to any container with the above label applied, the labels below all redirect TLS with no issue

labels:

- "traefik.enable=true"

- "traefik.http.routers.droppy.rule=Host(`mywebsite.bluthco.com`)"

- "traefik.http.routers.droppy.entrypoints=websecure2"

- "traefik.http.routers.droppy.tls=true

I confirmed the files are redirecting by getting into the container, everything looks like it should

Here is the entry from the log file

"websecure2","level":"debug","middlewareName":"https-redirect@file","middlewareType":"undefined","msg":"Middleware name not found in config (ResponseModifier)

Any assistance is much appreciated.

2

I think you are on the right path.

Look at the debug log and look for the configuration sections dumped from various providers. In particular look for one coming from the file provider it looks like it does not have the options you think it should have. Once confirmed check the way how you supply those options to the provider. Did you put a file in a wrong folder? Did you map your volume incorrectly? Is there a syntax error in one of the files? Etc.

3

Ran all the files through a yaml verifier and no formatting issues, file locations are a good idea, i checked the documentation and didnt find much to the way of those other than they should all be in /etc/traefik, i confirmed they are all located there by going into the container.

file order? I must have missed that part, any chance you can point a direction on that one. Moved the file declaration under providers as the documentation pointed to but that made no difference either.

4

Have you check the configuration that traefik read in the debug log files?

file order? I must have missed that part, any chance you can point a direction on that one.

Sorry, I do not understand the question, can you elaborate. What file order are you referring to?

5

here is the snip from the logs where it picks up the provider and the file

Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/dynamic.yml\"}

past that it doesn't find the options in the config

"entryPointName":"websecure2","level":"debug","msg":"unknown TLS options: TLSv12@file"

6

issue resolved, got rid of the dynamic.yml file since it obviously doesnt work, dropped the configurations into the traefik.yml and then everything came to life, not the best solution as breaking things apart logically is better but looks this is it currently

7

Make sure you do not mix dynamic and static configuration, it could cause you problems in the long run.