24.10 RC1: Traefik - Address already in use error

jjsme · October 4, 2024, 3:11pm

I’m trying to get traefik working on 24.10 RC1 using dockge / docker-compose but i keep running into a error of address already in use.

ERR Command error error="command traefik error: error while building entryPoint http: error preparing server: error opening listener: listen tcp :8000: bind: address already in use'

I have moved the truenas scale ui to 81 and 8443
I’ve tried running traefik on ports 80,443 and also 8000,8444

Here’s the compose file I’m using:


version: "3.8"
services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik
    ports:
      - 8000:8000
      - 8444:8444
      - 8080:8080
    volumes:
      - /mnt/pool/Traefik/eConfig/traefik.yml:/etc/traefik/traefik.yml:ro
      - /mnt/pool//Traefik/data/acme.json:/acme.json
      - /mnt/pool/Traefik/eConfig/config.yml:/config.yml:ro
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro

networks:
  traefik:
    external: true

truenas[~]$ sudo netstat -ltnp | grep ':844'

tcp        0      0 0.0.0.0:8444            0.0.0.0:*               LISTEN      200616/docker-proxy 
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      44078/nginx: master 
tcp6       0      0 :::8444                 :::*                    LISTEN      200622/docker-proxy 
tcp6       0      0 :::8443                 :::*                    LISTEN      44078/nginx: master

with traefik container stopped:

truenas[~]$ sudo netstat -ltnp | grep ':844'
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      44078/nginx: master 
tcp6       0      0 :::8443                 :::*                    LISTEN      44078/nginx: master

Tyler_Shield · October 4, 2024, 6:44pm

I have this working

networks:
  traefik:
    external: true
services:
  traefik:
    container_name: traefik
    image: traefik:v3.1
    hostname: traefik
    ports:
      - 80:80
      - 443:443
    expose:
      - 8080
    restart: unless-stopped
    environment:
      - TZ=${TZ}
      - CF_DNS_API_TOKEN=${CFT}
    networks:
      - traefik
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=websecure
      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DN}`)
      - traefik.http.routers.traefik.tls=true
      - traefik.http.routers.traefik.tls.certresolver=cloudflare
      - traefik.http.routers.traefik.tls.domains[0].main=${FQDN}
      - traefik.http.routers.traefik.tls.domains[0].sans=${SDN}
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.services.traefik.loadbalancer.server.port=8080
      - traefik.http.routers.traefik.middlewares=authelia@docker
    volumes:
      - /var/run/docker.sock:/run/docker.sock:ro
      - ${TRAEFIK_YAML}:/etc/traefik/traefik.yaml:ro
      - ${TRAEFIK_CONFIG}:/etc/traefik/config.yaml:ro
      - ${TRAEFIK_CERTS}:/etc/traefik/certs/

I am getting to the web Ui with its own labels on 8080

jjsme · October 5, 2024, 7:46am

Can you also share how you’ve configured your traefik.yml and confg.yml.

I’m still unable to reach the traefik ui.

jjsme · October 5, 2024, 8:07am

This is what I have in my config

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  cloudflare:
    acme:
      email: youremail@email.com
      storage: acme.json
      # caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

jjsme · October 5, 2024, 11:06am

So after working on things a bit here is what I have

Compose


networks:
  proxy:
    external: true
services:
  traefik:
    container_name: traefik
    image: traefik:v3.1
    ports:
      - 80:80
      - 443:443
    expose:
      - 8080
    restart: unless-stopped
    environment:
      TZ: ${TZ}
      CF_DNS_API_TOKEN: ${CFT}
      #TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    env_file: .env # use .env
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=http
      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DN}`)
      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
      - traefik.http.routers.traefik-secure.entrypoints=https
      - traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DN}`)
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.certresolver=cloudflare
      - traefik.http.routers.traefik-secure.tls.domains[0].main=${FQDN}
      - traefik.http.routers.traefik-secure.tls.domains[0].sans=${SDN}
      - traefik.http.routers.traefik.service=api@internal
    volumes:
      - /var/run/docker.sock:/run/docker.sock:ro
      - ${TRAEFIK_YAML}:/etc/traefik/traefik.yaml:ro
      - ${TRAEFIK_CONFIG}:/etc/traefik/config.yaml:ro
      - ${TRAEFIK_CERTS}:/acme.json

traefik.yml


  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
 # file:
  #  filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: email@email.com
      storage: acme.json
      #caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authori>
        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

But now while trying to access dashboard I’m getting the error:

Now I don’t get any errors while running sudo docker logs traefik

Traefik has also fetched certs through letsencrypt using cloudflare api confirmed through the cert being provided while trying to access random subdomains through traefik

sikruger · March 24, 2025, 4:54pm

hey, did you manage to get it working? currently also on the “cannot bind port already in use” part

jjsme · May 5, 2025, 11:30am

Had this working a while ago. Might have to change version of traefik to a newer one. Haven’t spent time on this recently.

networks:
  crowdsec:
    name: crowdsec
  proxytraefik:
    external: true
services:
  traefik:
    container_name: traefik
    image: traefik:v3.1
    ports:
      - 80:80
      - 443:443
    expose:
      - 8080
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    environment:
      TZ: ${TZ}
      CF_DNS_API_TOKEN: ${CFT}
      TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    env_file: .env # use .env
    networks:
      - proxytr
      - crowd1
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=http
      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DN}`)
      - traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}
      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
      - traefik.http.routers.traefik-secure.entrypoints=https
      - traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DN}`)
      - traefik.http.routers.traefik-secure.middlewares=traefik-auth
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.certresolver=cloudflare
      - traefik.http.routers.traefik-secure.tls.domains[0].main=${FQDN}
      - traefik.http.routers.traefik-secure.tls.domains[0].sans=${SDN}
      - traefik.http.routers.traefik-secure.service=api@internal
    volumes:
      - /var/run/docker.sock:/run/docker.sock:ro
      - ${TRAEFIK_YAML}:/etc/traefik/traefik.yml:ro
      - ${TRAEFIK_CONFIG}:/etc/traefik/config.yml:ro
      - ${TRAEFIK_CERTS}:/acme.json
      - ${TRAEFIK_LOGS}:/var/log/traefik
      - ${TRAEFIK_PLUGINS}:/plugins-local

Env file

# VARIABLE=value #comment
TRAEFIK_DASHBOARD_CREDENTIALS= # use password without special characters like ! $ have had problems with those
TRAEFIK_YAML=/mnt/.../Appdata/Traefik/eConfig/traefik.yml
TRAEFIK_CONFIG=/mnt/.../Appdata/Traefik/eConfig/config.yml
TRAEFIK_CERTS=/mnt/.../Appdata/Traefik/data/acme.json
TRAEFIK_LOGS=/mnt/.../Appdata/Traefik/logs
TRAEFIK_PLUGINS=/mnt/.../Appdata/Traefik/data/plugins

#change yourdomain to what your actual domain you want to use this with to
TRAEFIK_DN=traefik-dashboard.yourdomain 
FQDN=local.yourdomain 
SDN=*.local.yourdomain 
CFT: #use your cloudflare token here

TZ=

Regarding the password for traefik dashboard do take a look at these links:

jjsme · May 5, 2025, 11:40am

config.yml

http:
 #region routers 
 # routers:
 #   proxmox:
 #     entryPoints:
 #       - "https"
 #     rule: "Host(`proxmox.local.example.com`)"
 #     middlewares:
 #      - default-headers
 #       - https-redirectscheme
 #     tls: {}
 #     service: proxmox
 #   pihole:
 
#endregion
#region services
 # services:
 #   proxmox:
 #     loadBalancer:
 #       servers:
 #         - url: "https://192.168.0.17:8006"
 #       passHostHeader: true
#endregion
  middlewares:
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true
    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

   # default-whitelist:
   #   ipAllowList:
   #     sourceRange:
   #     - "10.0.0.0/8"
   #     - "192.168.0.0/16"
   #     - "172.16.0.0/12"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

    crowdsec:
      plugin:
        crowdsec-bouncer-traefik-plugin:
          enabled: true
          logLevel: INFO
          updateIntervalSeconds: 15
          updateMaxFailure: 0
          defaultDecisionSeconds: 15
          httpTimeoutSeconds: 10
          crowdsecMode: stream
          crowdsecAppsecEnabled: true
          crowdsecAppsecHost: crowdsec:7422
          crowdsecAppsecFailureBlock: true
          crowdsecAppsecUnreachableBlock: true
          crowdsecLapiKey:                                    # Replace CrowdSec API key (docker exec crowdsec cscli bouncers add crowdsecBouncer)
#          crowdsecLapiKeyFile: /etc/traefik/cs-privateKey-foo
          crowdsecLapiHost: crowdsec:8080
          crowdsecLapiScheme: http
          forwardedHeadersTrustedIPs:
#            - 10.0.35.4/32                                                              # Cloudflare tunnel IP address
#            - 172.30.0.0/24                                                            # Reverse Proxy IP address 
          clientTrustedIPs:
#            - 10.20.10.0/24                                                              # Internal LAN IP addresses 
#            - 10.20.15.0/24                                                              # Internal LAN IP addresses
#            - 10.20.20.0/24                                                              # Internal LAN IP addresses
#            - 10.20.25.0/24                                                              # Internal LAN IP addresses
#          forwardedHeadersCustomName: CF-Connecting-IP                                 # Cloudflare IP address header

traefik.yml

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      middlewares:                                                                   # CHANGE MADE HERE (BOUNCER ENABLED) !!!
        - "crowdsec@file"
      redirections:
        entryPoint:
          to: https
          scheme: https

  https:
    address: ":443"
    http:                                                                            # CHANGE MADE HERE (BOUNCER ENABLED) !!!
      middlewares:                                                                   # CHANGE MADE HERE (BOUNCER ENABLED) !!!
        - "crowdsec@file"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /etc/traefik/config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: youremail@email.com #enter your email here
      storage: acme.json
      #caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
experimental:
  plugins:
    crowdsec-bouncer-traefik-plugin:
      moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
      version: "v1.3.4"

afrosheen · May 6, 2025, 9:56pm

Nginx proxy manager may not be as sexy but it works well for me. Then again if something is on port 8000, nothing is gonna work on that port until it changes.

Okedokey · May 6, 2025, 11:04pm

Would it not be worth upgrading to the final release to see if any issue is resolved?

Topic		Replies	Views
Switching to Traefik in Dockge on TrueNAS Scale After Nginx Stopped Working Apps and Virtualization	21	949	October 12, 2025
Traefik Docker Backend Apps and Virtualization	1	591	December 3, 2024
Docker apps, in EE, Fangtooth, and beyond Apps and Virtualization SCALE	64	2618	June 12, 2025
Traefik in the app store? Apps and Virtualization	9	269	September 17, 2025
Traefik Ingress for Tube Archivist Apps and Virtualization SCALE	2	249	February 25, 2025

24.10 RC1: Traefik - Address already in use error

Related topics