404 When using portainer (standalone) behind traefik

I am using traefik2 with the following configuration:

version: "3.3"

services:
  traefik:
    image: traefik:v2.0
    restart: always
    ports:
      - "80:80" 
      - "8080:8080"
      - "443:443"
    command:
      - --api.insecure=false
      - --api.dashboard=true
      - --api.debug=true
      - --log.level=DEBUG
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.file.filename=/dynamic.yaml
      - --entrypoints.web.address=:80 
      - --entrypoints.websecure.address=:443       
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock 
      - ./dynamic.yaml:/dynamic.yaml
    networks:
      - public
    labels:
      - "traefik.enable=true" 
      - "traefik.http.routers.api.rule=Host(`monitor.domain.com`)" 
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=api-auth"
      - "traefik.http.middlewares.api-auth.basicauth.users=admin:HASH."

networks:
  public:
    external: true 

This is my portainer config:

version: "2"

services:
  portainer:
    image: portainer/portainer-ce:2.9.1
    command: -H unix:///var/run/docker.sock
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.routers.docker.rule=Host(`portainer.domain.com`) || (Host(`portainer.chrisgolden.cz`) && PathPrefix(`/api`))"
      - traefik.http.routers.docker.entrypoints=websecure
      - traefik.http.services.docker.loadbalancer.server.port=9000
      - "traefik.http.routers.docker.service=docker"
      - "com.centurylinklabs.watchtower.enable=true"   
    ports:
      - 8000:8000
      - 9000:9000
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data

volumes:
  portainer_data:

I can access portainer on the internal network no problem but I cannot access it on my domain: portainer.domain.com

I just get a 404 error when I curl or visit the site.

What am I doing wrong?

Hello @chrisguk I am getting the same error, I am working on it and I will get back to you as soon as I can thanks,

Michael

Hey there @chrisguk

I think I have this figured out here is what I did:

The following is what my traefik.toml looks like:

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http.redirections.entryPoint]
      to = "websecure"
      scheme = "https"

  [entryPoints.websecure]
    address = ":443"
  [entryPoints.portainer]
    address = ":9000"
#  [entryPoints.portainer-agent]
#    address = ":9001"
#  [entryPoints.portainer-comm]
#    address = ":8000"  
  [api]
    dashboard = true

  [certificatesResolvers.lets-encrypt.acme]
    email = "mcooper@rpihobby.us"
    storage = "acme.json"
  [certificatesResolvers.lets-encrypt.acme.tlsChallenge]

  [providers.docker]
    watch = true
    network = "web"

  [providers.file]
    filename = "traefik_dynamic.toml"

Please let me know if i can help further.
Michael