Search code examples
dockerdocker-composedocker-swarmtraefik

Traefik 2 configured with docker labels and cloudflare https, 404 page not found

I can't get the Traefik v2 dashboard (or any other service) to get passed 404 page not found. I'm trying to avoid a traefik.yml file and configure everything using command and labels in docker compose file. Https works, but content does not show up.

Here's the compose file which defines the traefik service:

version: '3.3'
services:
  traefik:
    image: traefik:v2.2.1
    command:
     - --entrypoints.web.address=:80
     - --entrypoints.websecure.address=:443
     - --providers.docker
     - --providers.docker.swarmmode=true
     - --api
     - --entrypoints.websecure.http.tls.certresolver=myresolver
     - --certificatesresolvers.myresolver.acme.dnschallenge=true
     - --certificatesresolvers.myresolver.acme.email=${CF_API_EMAIL}
     - --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
     - --certificatesresolvers.myresolver.acme.storage=acme.json
     - --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare
    labels:
      traefik.http.routers.traefik.tls.certresolver: myresolver
      traefik.http.services.traefik.loadbalancer.server.port: '8080'
      traefik.http.routers.http-catchall.middlewares: redirect-to-https
      traefik.http.middlewares.authtraefik.basicauth.users: user://V6Btlaf2i/ju5n/
      traefik.http.routers.http-catchall.rule: hostregexp(`{host:.+}`)
      traefik.http.routers.traefik.middlewares: authtraefik
      traefik.http.routers.traefik.entrypoints: websecure
      traefik.http.routers.traefik.service: api@internal
      traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
      traefik.http.routers.http-catchall.entrypoints: web
      traefik.http.routers.traefik.rule: Host(`traefik.example.com`)
    environment:
      CF_API_EMAIL: ${CF_API_EMAIL}
      CF_API_KEY: ${CF_API_KEY}
    ports:
     - 80:80
     - 443:443
    volumes:
     - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
     - external
    logging:
      driver: json-file
networks:
  external:
    external: true

Any suggestion would be hugely appreciated.

Resources

Solution

  • Got it working by a few changes:

    • Needed to specify the network since it was external: traefik.docker.network: external
    • Labels should go under deploy in swarm mode
    • In Cloudflare, token should be taken from "My Profile > API Tokens > Global API Key"
    version: '3.3'
services:
  traefik:
    image: traefik:v2.2.1
    command:
     - --api
     - --api.insecure=true
     - --accessLog
     - --providers.docker
     - --providers.docker.swarmmode=true
     - --providers.docker.exposedbydefault=false
     - --entrypoints.web.address=:80
     - --entrypoints.websecure.address=:443
     - --certificatesresolvers.myresolver.acme.dnschallenge=true
     - --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare
    environment:
      CF_API_EMAIL_FILE: /run/secrets/cf_api_email
      CF_API_KEY_FILE: /run/secrets/cf_api_key
    ports:
     - 80:80
     - 443:443
    volumes:
     - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
     - external
    logging:
      driver: json-file
    deploy:
      labels:
        traefik.http.services.traefik.loadbalancer.server.port: '8080'
        traefik.http.routers.traefik.middlewares: auth
        traefik.http.routers.traefik.entrypoints: web
        traefik.http.middlewares.auth.basicauth.users: admin:2y05.ibkghcHaj6ala4xCsgJiww1/uCFB9w.
        traefik.docker.network: external
        traefik.enable: 'true'
        traefik.http.routers.traefik.rule: Host(`traefik.example.com`)
networks:
  external:
    external: true