Nextcloud AIO with Traefik allows only external access

🚧 Installation
, ,
21

Here I find, that traefik returns error 404 when:

  1. no active service configured, response code 404 always
  2. a request via the HTTP protocol was sent to the HTTPS only router, the response code is 404
  3. a request via the HTTPS protocol was sent to the HTTP only router, the response code is 404
  4. location not found on existing service, response code 404

So I have to find out, which of the 4 possibilities is the problem when calling the traefik dashboard - or Nextcloud. But I am new to traefik, so it can take some time…

22

Maybe someone can give me a hint, how to analyse further? We can concentrate on Nextcloud, but I guess, the problem with opening the Traefik Dashboard is related to the Nextcloud problem.

Here is the docker-compose.yml for starting the Traefik-Container:

version: '3.9'
services:
  traefik:
    container_name: traefik
    image: traefik:latest
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme_letsencrypt.json:/acme_letsencrypt.json
      - ./data/conf/dynamic_conf.yml:/dynamic_conf.yml                                       
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.rule=Host(`traefik.xxx.xx`)"
      - "traefik.http.routers.traefik.middlewares=traefikAuth@file,default@file"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=http"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.services.traefik.loadbalancer.server.port=80"
      - "traefik.http.services.traefik.loadbalancer.sticky.cookie.httpOnly=true"
      - "traefik.http.services.traefik.loadbalancer.sticky.cookie.secure=true"
      - "traefik.docker.network=proxy"
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      proxy:
    hostname: traefik
    ports:
      - "880:80"
      - "443:443"
networks:
  proxy:
    name: proxy
    driver: bridge
    attachable: true

And here is the dynamic_conf.yml:

tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
      sniStrict: true
http:
  middlewares:
    traefikAuth:
      basicAuth:
        users:
          - "xxx:XXX"

    default:
      chain:
        middlewares:
          - default-security-headers
          - gzip
    secHeaders:
      chain:
        middlewares:
          - default-security-headers
          - gzip
    default-security-headers:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        frameDeny: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customFrameOptionsValue: "SAMEORIGIN"
    gzip:
      compress: {}

For test I remove the label “traefik.http.services.traefik.loadbalancer.server.port=80” in the Traefik-Container, because to my opinion Entrypoint https doesn’t match to port 80. But the result is the same: 404 page not found.

Any hints?

Matthias

23

I solved the problem with displaying the Traefik Dashboard. I added “insecure: true” for API in the traefik.yml:

api:
  dashboard: true
  insecure: true

I can now open the dashboard with http://192.168.178.57:8083/dashboard/#/

But I still get “404 page not found” when I try to open Nextcloud AIO. Any hint is welcome.

Matthias