Traefik is filtering traefik docker container

I'm trying to access dashboard and I have set "traefik.enable=true" for service: traefik under labels but In the logs I'm getting level=debug msg="Filtering disabled container" providerName=docker container=traefik-traefik-x0vc6akmqhzh6q2ttyhnr4jgi. Hence unable to create a LetsEncrypt cert. Not getting any error in logs.

config

version: '3.8'

services:

  traefik:
    image: "traefik:v2.2"
    hostname: traefik
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 5
      placement:
        constraints:
          - node.hostname == mynode
    command:
      - --api=true
      - --api.dashboard=true
      - --api.debug=true
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.swarmMode=true
      - --providers.docker.exposedbydefault=false
      - --log.level=DEBUG
      - --accesslog=false
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesResolvers.letsencrypt.acme.tlsChallenge=true
      - --certificatesresolvers.letsencrypt.acme.email=myemail@gmail.com
      - --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
        #- --certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=auth"

      ## Middlewares
      - "traefik.http.middlewares.auth.basicauth.users=alpha:$$apr1$$Bz.UZC1x$$.joBaPFxh5M64dzTYMiNv0"
      ### host header
      - "traefik.http.middlewares.hosthdr.headers.stsseconds=31536000"
      - "traefik.http.middlewares.hosthdr.headers.stsincludesubdomains=true"
      - "traefik.http.middlewares.hosthdr.headers.stspreload=true"

      # global redirect http to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=httpsalways"

      # middleware redirect http to https
      - "traefik.http.middlewares.httpsalways.redirectscheme.scheme=https"
      - "traefik.http.middlewares.httpsalways.redirectscheme.permanent=true"
      - "traefik.http.middlewares.httpsalways.redirectscheme.port=443"

      # enable https for api/dashboard
      - "traefik.http.routers.api.tls=true"
      - "traefik.http.routers.api.tls.certresolver=letsencrypt"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.api.tls.domains[0].main=traefik.example.com"
      # dummy port
      - "traefik.http.services.dummyservice.loadbalancer.server.port=1111" # In swarm mode, traefik requires a dummy Port

    ports:
      - target: 80
        published: 80
        mode: host

      - target: 443
        published: 443
        mode: host

    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./letsencrypt:/letsencrypt"
#- "./basicauth:/basicauth:ro"
    networks:
      - proxy	

Please help. I'm using version: 3.8

Move the labels section to nest under deploy: that is where they need to be for the swarm mode.

Thanks a lot @cakiwi . I don't know how I missed it.

You're welcome @metadata , experience is the key. I've done it myself.

@cakiwi I have one more query. I want to redirect traefik.example.com to https://traefik.example.com because I have to explicitly add https:// as a prefix in url when trying to access dashboard via browser. Please help

Looks like your http to https redirect should take care of that. I don't see an problem with it myself.

I'm a fan of the new default redirect on the entrypoint with the latest traefik.

1 Like

@cakiwi yes i have added these lines and disabled all the middlewares under labels but when I'm using traefik.example.com/dashboard/ then I'm getting connection timeout error. using https works fine. Using traefik:v2.2.1

command:
      - --entryPoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --entryPoints.websecure.address=:443

final config under labels

labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.routers.api.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
        - "traefik.http.routers.api.service=api@internal"
        - "traefik.http.routers.api.middlewares=auth" #Auth is only setup on the router using the web entrypoint

        ## Middlewares
        - "traefik.http.middlewares.auth.basicauth.users=alpha:$$1$$SEjVHN0z$$Apa3.iHJAW2dbAi6OuwDe/"
        ### host header
        #- "traefik.http.middlewares.hosthdr.headers.stsseconds=31536000"
        #- "traefik.http.middlewares.hosthdr.headers.stsincludesubdomains=true"
        #- "traefik.http.middlewares.hosthdr.headers.stspreload=true"

        # global redirect http to https
        #- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
        #- "traefik.http.routers.http-catchall.entrypoints=web"
        #- "traefik.http.routers.http-catchall.middlewares=httpsalways"

        # middleware redirect http to https
        #- "traefik.http.middlewares.httpsalways.redirectscheme.scheme=https"
        #- "traefik.http.middlewares.httpsalways.redirectscheme.permanent=true"
        #- "traefik.http.middlewares.httpsalways.redirectscheme.port=443"

          #- "traefik.http.middlewares.httptohttps.redirectregex.regex=^https?://(?:www\.)?(.+)"
          #- "traefik.http.middlewares.httptohttps.redirectregex.replacement=https://$${1}"
          #- "traefik.http.middlewares.httptohttps.redirectregex.permanent=true"

        # enable https for api/dashboard
        - "traefik.http.routers.api.tls=true"
        - "traefik.http.routers.api.tls.certresolver=letsencrypt"
        - "traefik.http.routers.api.entrypoints=websecure"
        - "traefik.http.routers.api.tls.domains[0].main=traefik.example.com"
        # dummy port
        - "traefik.http.services.dummyservice.loadbalancer.server.port=1111" # In swarm mode, traefik requires a dummy Port