24.10 RC1: Traefik - Address already in use error

jjsme · October 4, 2024, 3:11pm

I’m trying to get traefik working on 24.10 RC1 using dockge / docker-compose but i keep running into a error of address already in use.

ERR Command error error="command traefik error: error while building entryPoint http: error preparing server: error opening listener: listen tcp :8000: bind: address already in use'

I have moved the truenas scale ui to 81 and 8443
I’ve tried running traefik on ports 80,443 and also 8000,8444

Here’s the compose file I’m using:


version: "3.8"
services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik
    ports:
      - 8000:8000
      - 8444:8444
      - 8080:8080
    volumes:
      - /mnt/pool/Traefik/eConfig/traefik.yml:/etc/traefik/traefik.yml:ro
      - /mnt/pool//Traefik/data/acme.json:/acme.json
      - /mnt/pool/Traefik/eConfig/config.yml:/config.yml:ro
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro

networks:
  traefik:
    external: true

truenas[~]$ sudo netstat -ltnp | grep ':844'

tcp        0      0 0.0.0.0:8444            0.0.0.0:*               LISTEN      200616/docker-proxy 
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      44078/nginx: master 
tcp6       0      0 :::8444                 :::*                    LISTEN      200622/docker-proxy 
tcp6       0      0 :::8443                 :::*                    LISTEN      44078/nginx: master

with traefik container stopped:

truenas[~]$ sudo netstat -ltnp | grep ':844'
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      44078/nginx: master 
tcp6       0      0 :::8443                 :::*                    LISTEN      44078/nginx: master

Tyler_Shield · October 4, 2024, 6:44pm

I have this working

networks:
  traefik:
    external: true
services:
  traefik:
    container_name: traefik
    image: traefik:v3.1
    hostname: traefik
    ports:
      - 80:80
      - 443:443
    expose:
      - 8080
    restart: unless-stopped
    environment:
      - TZ=${TZ}
      - CF_DNS_API_TOKEN=${CFT}
    networks:
      - traefik
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=websecure
      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DN}`)
      - traefik.http.routers.traefik.tls=true
      - traefik.http.routers.traefik.tls.certresolver=cloudflare
      - traefik.http.routers.traefik.tls.domains[0].main=${FQDN}
      - traefik.http.routers.traefik.tls.domains[0].sans=${SDN}
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.services.traefik.loadbalancer.server.port=8080
      - traefik.http.routers.traefik.middlewares=authelia@docker
    volumes:
      - /var/run/docker.sock:/run/docker.sock:ro
      - ${TRAEFIK_YAML}:/etc/traefik/traefik.yaml:ro
      - ${TRAEFIK_CONFIG}:/etc/traefik/config.yaml:ro
      - ${TRAEFIK_CERTS}:/etc/traefik/certs/

I am getting to the web Ui with its own labels on 8080

jjsme · October 5, 2024, 7:46am

Can you also share how you’ve configured your traefik.yml and confg.yml.

I’m still unable to reach the traefik ui.

jjsme · October 5, 2024, 8:07am

This is what I have in my config

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  cloudflare:
    acme:
      email: youremail@email.com
      storage: acme.json
      # caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

jjsme · October 5, 2024, 11:06am

So after working on things a bit here is what I have

Compose


networks:
  proxy:
    external: true
services:
  traefik:
    container_name: traefik
    image: traefik:v3.1
    ports:
      - 80:80
      - 443:443
    expose:
      - 8080
    restart: unless-stopped
    environment:
      TZ: ${TZ}
      CF_DNS_API_TOKEN: ${CFT}
      #TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    env_file: .env # use .env
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=http
      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DN}`)
      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
      - traefik.http.routers.traefik-secure.entrypoints=https
      - traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DN}`)
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.certresolver=cloudflare
      - traefik.http.routers.traefik-secure.tls.domains[0].main=${FQDN}
      - traefik.http.routers.traefik-secure.tls.domains[0].sans=${SDN}
      - traefik.http.routers.traefik.service=api@internal
    volumes:
      - /var/run/docker.sock:/run/docker.sock:ro
      - ${TRAEFIK_YAML}:/etc/traefik/traefik.yaml:ro
      - ${TRAEFIK_CONFIG}:/etc/traefik/config.yaml:ro
      - ${TRAEFIK_CERTS}:/acme.json

traefik.yml


  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
 # file:
  #  filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: email@email.com
      storage: acme.json
      #caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authori>
        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

But now while trying to access dashboard I’m getting the error:

Now I don’t get any errors while running sudo docker logs traefik

Traefik has also fetched certs through letsencrypt using cloudflare api confirmed through the cert being provided while trying to access random subdomains through traefik

sikruger · March 24, 2025, 4:54pm

hey, did you manage to get it working? currently also on the “cannot bind port already in use” part