Reverse Proxy Traefik - no Login

[SkalCore]

have the problem here that mstream works locally, however it should work outside my home network. When I set it up via Traefik, I see the login page, but I always get Login Failed. Same credentials work on the local network.

my docker compose file

  mstream:
    image: lscr.io/linuxserver/mstream:latest
    container_name: mstream
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=Europe/London
    volumes:
      - $DOCKERDIR/mstream:/config
      - /share/Storage/Media/Music:/music
    ports:
      - 3000:3000
    networks:
      - t2_proxy
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.mstream-rtr.entrypoints=https"
      - "traefik.http.routers.mstream-rtr.rule=Host(`mstream.$DOMAINNAME`)"
      - "traefik.http.routers.mstream-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.mstream-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.mstream-rtr.service=mstream-svc"
      - "traefik.http.services.mstream-svc.loadbalancer.server.port=3000"
    restart: unless-stopped

middleware-chains.toml

[http.middlewares]
  [http.middlewares.chain-no-auth]
    [http.middlewares.chain-no-auth.chain]
      middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers"]

middleware.toml

[http.middlewares]
  [http.middlewares.middlewares-basic-auth]
    [http.middlewares.middlewares-basic-auth.basicAuth]
#      username=user, password=mystrongpassword (listed below after hashing)
#      users = [
#        "user:********",
#      ]
      realm = "Traefik2 Basic Auth"
      usersFile = "/shared/.htpasswd" #be sure to mount the volume through docker-compose.yml
  [http.middlewares.middlewares-rate-limit]
    [http.middlewares.middlewares-rate-limit.rateLimit]
      average = 100
      burst = 50
  [http.middlewares.middlewares-secure-headers]
    [http.middlewares.middlewares-secure-headers.headers]
      accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
      accessControlMaxAge = 100
      hostsProxyHeaders = ["X-Forwarded-Host"]
      sslRedirect = true
      stsSeconds = 63072000
      stsIncludeSubdomains = true
      stsPreload = true
      forceSTSHeader = true
#      frameDeny = true #overwritten by customFrameOptionsValue
      customFrameOptionsValue = "allow-from https:********.com" #CSP takes care of this but may be needed for organizr. 
      contentTypeNosniff = true 
      browserXssFilter = true 
#      sslForceHost = true # add sslHost to all of the services
#      sslHost = "******.com"
      referrerPolicy = "same-origin" 
#      Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
#      the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
#      contentSecurityPolicy = "frame-ancestors '*.*******.com:*';object-src 'none';script-src 'none';"
      featurePolicy = "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 
      [http.middlewares.middlewares-secure-headers.headers.customResponseHeaders]
        X-Robots-Tag = "none,noarchive,nosnippet,notranslate,noimageindex,"
        server = ""
  [http.middlewares.middlewares-oauth]
    [http.middlewares.middlewares-oauth.forwardAuth]
      address = "http://oauth:4181" # Make sure you have the OAuth service in docker-compose.yml
      trustForwardHeader = true
      authResponseHeaders = ["X-Forwarded-User"]

Can anyone tell me what I need to change to make it work outside of the local network?

[aroundmyroom]

actually I have no real clue for traefik and docker as I do not use it in that way. I use nginx proxy manager and have it working flawlessly.

inside I have domaina.ltd:3000 where I can access it and for outside i have domainb.ltd where I can access it over port 443 with SSL its wierd that you get the mStream login page but than the username and password is not accepted.. the only thing I can imagine is in the admin config you do not allow connections from outside the network

check what is configured for: Address: I have here: Address: :: it might the solution otherwise @IrosTheBeggar needs to check if there is more logging available.