How to Correctly Configure Traefik Dashboard for only port 8080?

Question

I am having trouble with configuring Traefik - I have a feeling this is probably a small configuration error. Below is the docker-compose file. I am trying to make WordPress use port 443, and have the Traefik dashboard on port 8080. However, the dashboard is appearing on both 443 and 8080. What could I be doing wrong here?

version: "3.3"

services:
  ################################################
  ####        Traefik Proxy Setup           #####
  ###############################################
  traefik:
    image: traefik:v2.0
    restart: always
    container_name: traefik
    ports:
      - "80:80" # <== http
      - "8080:8080" # <== :8080 is where the dashboard runs on
      - "443:443" # <== https
    command:
    #### These are the CLI commands that will configure Traefik and tell it how to work! ####
      ## API Settings - https://docs.traefik.io/operations/api/, endpoints - https://docs.traefik.io/operations/api/#endpoints ##
      - --api.insecure=true # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION
      - --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc...
      - --api.debug=true # <== Enabling additional endpoints for debugging and profiling
      ## Log Settings (options: ERROR, DEBUG, PANIC, FATAL, WARN, INFO) - https://docs.traefik.io/observability/logs/ ##
      - --log.level=DEBUG # <== Setting the level of the logs from traefik
      ## Provider Settings - https://docs.traefik.io/providers/docker/#provider-configuration ##
      - --providers.docker=true # <== Enabling docker as the provider for traefik
      - --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik, only expose enabled ones
      - --providers.file.filename=/dynamic.yaml # <== Referring to a dynamic configuration file
      - --providers.docker.network=web # <== Operate on the docker network named web
      ## Entrypoints Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
      - --entrypoints.web.address=:80 # <== Defining an entrypoint for port :80 named web
      - --entrypoints.web-secured.address=:443 # <== Defining an entrypoint for https on port :443 named web-secured
      ## Certificate Settings (Let's Encrypt) -  https://docs.traefik.io/https/acme/#configuration-examples ##
      - --certificatesresolvers.mytlschallenge.acme.tlschallenge=true # <== Enable TLS-ALPN-01 to generate and renew ACME certs
      - --certificatesresolvers.mytlschallenge.acme.email=localhost@localhost.edu # <== Setting email for certs
      - --certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json # <== Defining acme file to store cert information
    volumes:
      - ./letsencrypt:/letsencrypt # <== Volume for certs (TLS)
      - /var/run/docker.sock:/var/run/docker.sock # <== Volume for docker admin
      - ./dynamic.yaml:/dynamic.yaml # <== Volume for dynamic conf file, **ref: line 27
    networks:
      - web # <== Placing traefik on the network named web, to access containers on this network
    labels:
    #### Labels define the behavior and rules of the traefik proxy for this container ####
      - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to view it
      - "traefik.http.routers.api.rule=Host(`portal.localhost.org`)" # <== Setting the domain for the dashboard
      - "traefik.http.routers.api.service=api@internal" # <== Enabling the api to be a service to access

  ################################################
  ####         WordPress Setup Container     #####
  ##############################################
  wordpress: # <== we aren't going to open :80 here because traefik is going to serve this on entrypoint 'web'
  ## :80 is already exposed from within the container ##
    image: wordpress
    restart: always
    container_name: wp
    environment:
      WORDPRESS_DB_HOST: db
      WORDPRESS_DB_USER: ${MYSQL_WP_USER}
      WORDPRESS_DB_PASSWORD: ${MYSQL_WP_PASSWORD}
      WORDPRESS_DB_NAME: ${MYSQL_WP_DATABASE}
    volumes:
      - wordpress:/var/www/html
    networks:
      - web
      - backend
    labels:
      #### Labels define the behavior and rules of the traefik proxy for this container ####
      - "traefik.enable=true" # <== Enable traefik to proxy this container
      - "traefik.http.routers.wordpress-web.rule=Host(`portal.localhost.org`)" # <== Your Domain Name goes here for the http rule
      - "traefik.http.routers.wordpress-web.entrypoints=web" # <== Defining the entrypoint for http, **ref: line 30
      - "traefik.http.routers.wordpress-web.middlewares=redirect@file" # <== This is a middleware to redirect to https
      - "traefik.http.routers.wordpress-secured.rule=Host(`portal.localhost.org`)" # <== Your Domain Name for the https rule
      - "traefik.http.routers.wordpress-secured.entrypoints=web-secured" # <== Defining entrypoint for https, **ref: line 31
      - "traefik.http.routers.wordpress-secured.tls.certresolver=mytlschallenge" # <== Defining certsresolvers for https

Answer 1

You don't have defined entrypoint for port 8080 and you are not using this entrypoint in traefik dashboard configuration.

For working config, please see my previous answer here: Traefik dashboard only on the http port

If you are just counting on insecure=true to create traefik entrypoint, then I think the problem is, you have same domain for both services.