Issues with redirect when setting up Traefik Reverse Proxy in Docker

Question

The following is my docker-compose.yml setup for Traefik with the only goal being access to the traefik dashboard over HTTPS. The error I continue to get is "redirected you too many times". I'm sure there is just something that I need to remove and I can't figure it out. I am able to create the Lets Encrypt Cert and I am using Cloudflare as my DNS. On Cloudflare I have manipulated the SSL/TLS encryption mode and caching to no avail. Any help would be greatly appreciated.

    version: "3.8"

services:

  traefik:
    image: "traefik:v2.11"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.dashboard=true"
      - "--accesslog=true"
      - "--providers.docker.network=web"
      - "--providers.docker.exposedByDefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entryPoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.websecure.http.tls.certresolver=myresolver"
      - "[email protected]"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.storage=/acme.json"
    ports:
      - "443:443"
      - "80:80"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mydashboard.rule=Host(`subdomain.domain.net`)"
      - "traefik.http.routers.mydashboard.tls=true"
      - "traefik.http.routers.mydashboard.service=api@internal"
      - "traefik.http.routers.mydashboard.middlewares=myauth"
      - "traefik.http.middlewares.myauth.basicauth.users=USERNAME:Password12345"
    networks:
      - web
networks:
  web:
    external: true

Answer 1

I couldn't reproduce your redirection issue, but the basicauth configuration you show in your question is invalid. You (a) need to use a hashed password, not a cleartext password, and (b) you need to escape every instance of $ as $$.

With the following configuration (which is based on yours but with the certificate resolver configuration removed):

services:

  traefik:
    image: "traefik:v2.11"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.dashboard=true"
      - "--accesslog=true"
      - "--providers.docker.exposedByDefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entryPoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
    ports:
      - "8443:443"
      - "8080:80"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mydashboard.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.mydashboard.tls=true"
      - "traefik.http.routers.mydashboard.service=api@internal"
      - "traefik.http.routers.mydashboard.middlewares=myauth"
      - "traefik.http.middlewares.myauth.basicauth.users=username:$$2y$$05$$aklMnbLc3fW23sBTFnlcnOvzFGKwDzjKC7KyWTLhAjQWzjuzzF89u"

I am able to successfully access the dashboard in my browser at https://traefik.localhost:8443 with username username and password secret.