After moving everything to an another machine, unable to connect or 404

I started out with DigitalOcean's guide. Everything was working (even between reboots), I have moved everything to an another machine before, but this time everything is unable to connect and sometimes 404.
I have traefik.domain.tld pointed at the machine for about a week now. Opening it should get me the dashboard, but even that doesn't work.

start.sh

docker run -d \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -v $PWD/traefik.toml:/traefik.toml \
      -v $PWD/acme.json:/acme.json \
      -p 80:80 \
      -p 443:443 \
      -l traefik.frontend.rule=Host:traefik.domain.tld \
      -l traefik.port=8080 \
      --network web \
      --name traefik \
      --restart always \
      traefik:latest

traefik.toml

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.dashboard]
    address = ":8080"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["admin:passwdhashere"]
  [entryPoints.http]
    address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
  [entryPoints.https]
    address = ":443"
      [entryPoints.https.redirect]
      regex = "^https://www.(.*)"
      replacement = "https://$1"
      permanent = true
      [entryPoints.https.tls]
      compress = true
[api]
entrypoint="dashboard"

[acme]
email = "acme@my.email"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"

[docker]
watch = true
network = "web"

#[file]
#        directory = "/conf/"
#        watch = true

Centos 7, same as the previous vm.

It seems that traefik is bootlooping.

$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                        PORTS               NAMES
bdb97bf9132d        traefik:latest      "/entrypoint.sh tr..."   3 days ago          Restarting (1) 19 hours ago                       traefik
$ docker restart traefik
dtraefik
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                  PORTS                                      NAMES
bdb97bf9132d        traefik:latest      "/entrypoint.sh tr..."   3 days ago          Up Less than a second   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   traefik
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                         PORTS               NAMES
bdb97bf9132d        traefik:latest      "/entrypoint.sh tr..."   3 days ago          Restarting (1) 2 seconds ago                       traefik
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                         PORTS               NAMES
bdb97bf9132d        traefik:latest      "/entrypoint.sh tr..."   3 days ago          Restarting (1) 4 seconds ago                       traefik
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                         PORTS               NAMES
bdb97bf9132d        traefik:latest      "/entrypoint.sh tr..."   3 days ago          Restarting (1) 5 seconds ago                       traefik
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                         PORTS               NAMES
bdb97bf9132d        traefik:latest      "/entrypoint.sh tr..."   3 days ago          Restarting (1) 5 seconds ago                       traefik
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                         PORTS               NAMES
bdb97bf9132d        traefik:latest      "/entrypoint.sh tr..."   3 days ago          Restarting (1) 6 seconds ago                       traefik
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                                  PORTS               NAMES
bdb97bf9132d        traefik:latest      "/entrypoint.sh tr..."   3 days ago          Restarting (1) Less than a second ago                       traefik
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                        PORTS               NAMES
bdb97bf9132d        traefik:latest      "/entrypoint.sh tr..."   3 days ago          Restarting (1) 1 second ago                       traefik
$ 

@jtagcat, as this is related to Traefik v1.x, are you able to move the topic to the section "Traefik v1" ?

In order for us to help, can you provide the logs from Traefik's container? As it is restarting in loop, it means there is a fatal error happening, and having it could help a lot to understand

Getting command traefik error: stat /traefik.toml: permission denied
I tried changing the ownership to me, having 600 and 777,

Did it work?

If no, what is the result of:

docker run -ti \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -v $PWD/traefik.toml:/traefik.toml \
      -v $PWD/acme.json:/acme.json \
      -p 80:80 \
      -p 443:443 \
      -l traefik.frontend.rule=Host:traefik.domain.tld \
      -l traefik.port=8080 \
      --network web \
      --name traefik \
      --restart always \
      --entrypoint=ls \
      traefik:latest \
        -l /traefik.toml

and

docker run -ti \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -v $PWD/traefik.toml:/traefik.toml \
      -v $PWD/acme.json:/acme.json \
      -p 80:80 \
      -p 443:443 \
      -l traefik.frontend.rule=Host:traefik.domain.tld \
      -l traefik.port=8080 \
      --network web \
      --name traefik \
      --restart always \
      --entrypoint=cat \
      traefik:latest \
        /traefik.toml

?

chmoding didn't work

First: ls: /traefik.toml: Permission denied

Second: cat: can't open '/traefik.toml': Permission denied

I also tried deleting the file and creating it again.
If I start it without traefik.toml, it creates a directory traefik.toml.

Does it work if you disable (temporarily) apparmor, restart docker engine and re-try?

Disabling SELinux got me outputs, but still nothing on traefik.domain.tld.
I installed httpd for a moment and that works - firewall shouldn't have issues.
First:

-rwxrwxrwx    1 1000     1000           829 Dec  6 13:31 /traefik.toml

(traefik.toml is currently still 777)
Second:

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.dashboard]
    address = ":8080"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["admin:mypasswdhash"]
  [entryPoints.http]
    address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
  [entryPoints.https]
    address = ":443"
      [entryPoints.https.redirect]
      regex = "^https://www.(.*)"
      replacement = "https://$1"
      permanent = true
      [entryPoints.https.tls]
      compress = true
[api]
entrypoint="dashboard"

[acme]
email = "acme@my.email"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"

[docker]
watch = true
network = "web"


#[file]
#        directory = "/conf/"
#        watch = true

I'd note that I didn't know, that I was on Traefik v1, not v2. I'm ok migrating to v2, if there's any guide/help on setting up v2 (DigitalOcean would be great, but they only have a guide on v1).

On the next vm, fresh install again everything just works.
Quite confused.

1 Like

I know this is an ancient post, but I was facing a similar error. I had command traefik error: stat /etc/traefik/traefik.yml: permission denied, and am using Rocky Linux 9 with SELinux. The solution I found after a while is as follows (copied from an IRC chatroom)

Explaination of how it happened- This error occurs when SELinux is added to the docker daemon, enabling SELinux protections over docker containers. Typically this is done by creating the file/adding Line 1: { Line 2: "selinux-enable": true Line 3: } to /etc/docker/daemon.json Personally I did this for Mailcow, but it's also generally recommended if you're using an SELinux distro. It makes it so any file or directory without the label svirt_sandbox_file_t can't be read or written to from docker containers, even when mounted, unless they're privledged (which is bad for your security.

SOLUTION-
sudo chcon -Rt svirt_sandbox_file_t $YOUR_CONTAINER_DIRECTORY (ex: /opt/appdata/traefik)

Only run that commend on a directory/file you KNOW you want to be able to access from docker, you don't want to give it access to something like "/" because then you negate the point of having SELinux.

1 Like