Traefik and docker redirect

Grafana Configuration
1

Hey,

I’ve been trying to configure grafana in a docker swarm configuration for the past 3 hours I can’t figure it out. The idea is that I manage my vps with bunch of service all in a docker swarm managed with docker stack, and everything is behind a reverse proxy traefik. And this is the configuration for my file with traefik and grafana

services:
  reverse-proxy:
    image: traefik:v3.3
    command:
      - "--api.dashboard=true"
      - "--log.level=DEBUG"
      - "--accesslog.format=json"
      - "--providers.docker"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=pro@example.dev"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.web.http.redirections.entrypoint.to=websecure"
      - "--entryPoints.web.http.redirections.entrypoint.scheme=https"
      - "--providers.file.watch=true"
      - "--entryPoints.metrics.address=:9100"
      - "--metrics.prometheus=true"
      - "--metrics.prometheus.entryPoint=metrics"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik.rule=Host(`traefik.example.dev`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:[REDACTED]"
      - "traefik.http.routers.traefik.middlewares=traefik-auth"
    deploy:
      update_config:
        order: start-first
    ports:
      - mode: host
        protocol: tcp
        published: 80
        target: 80
      - mode: host
        protocol: tcp
        published: 443
        target: 443
      - mode: host
        protocol: tcp
        published: 9100
        target: 9100
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - traefik

  loki:
    image: grafana/loki:3.4.2
    command:
      - "-config.file=/loki/loki_config.yml"
    configs:
      - source: loki_config
        target: /loki/loki_config.yml
    volumes:
      - loki-data:/loki
    ports:
      - mode: host
        protocol: tcp
        published: 3100
        target: 3100
    networks:
      - traefik

  promtail:
    image: grafana/promtail:3.4.2
    command:
      - "-client.url=http://loki:3100/loki/api/v1/push"
      - "-config.file=/etc/promtail/config.yml"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      # Inline config as a volume with a string (minimal config)
      - type: tmpfs
        target: /etc/promtail
        tmpfs:
          size: 1000000  # 1MB, sufficient for small config
    configs:
      - source: promtail_config
        target: /etc/promtail/config.yml
    deploy:
      mode: global
    networks:
      - traefik

  prometheust:
    image: prom/prometheus:v3.2.1
    volumes:
      - prometheus-data:/prometheus
      - type: tmpfs
        target: /etc/prometheus
        tmpfs:
          size: 1000000
    configs:
      - source: prometheus_config
        target: /etc/prometheus/prometheus.yml
    command:
      - "--config.file=/etc/prometheus/prometheus.yml"
      - "--storage.tsdb.path=/prometheus"
      - "--web.enable-lifecycle"
    ports:
      - mode: host
        protocol: tcp
        published: 9090
        target: 9090
    networks:
      - traefik

  grafana:
    image: grafana/grafana:11.5.2
    environment:
      - GF_AUTH_ANONYMOUS_ENABLED=false
      - GF_SECURITY_ADMIN_USER=admin
      - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana-password
      - GF_DATASOURCES_PROMETHEUS_URL=http://prometheus:9090
      - GF_DATASOURCES_LOKI_URL=http://loki:3100
      - GF_SERVER_ROOT_URL=https://dashboard.example.dev/
      - GF_SERVER_DOMAIN=dashboard.example.dev
      - GF_SERVER_SERVE_FROM_SUB_PATH=false
    ports:
      - mode: host
        protocol: tcp
        published: 3000
        target: 3000
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.tls.certresolver=myresolver"
      - "traefik.http.routers.dashboard.rule=Host(`dashboard.example.dev`)"
      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
    secrets:
      - grafana-password

volumes:
  letsencrypt:
  loki-data:
  prometheus-data:

networks:
  traefik:
    external: true

secrets:
  grafana-password:
    external: true

configs:
  promtail_config:
    file: ./promtail_config.yml
  prometheus_config:    
    file: ./prometheus_config.yml
  loki_config:
    file: ./loki_config.yml

With this configuration, the problem is that I keep getting redirect, and reach a too many redirect error when I try to go the main page dashboard.example.dev after login. And the redirect happen between / and /login. I tried with anonymous login or password in clear instead of docker secret, but same result.

What is wrong with this config ?