Uptime Kuma Docker Compose file to run in a Docker Swarm with Traefik reverse proxy.

docker-compose.monitor-swarm.yml

version: '3.6'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:latest
    container_name: uptime-kuma
    volumes:
      - data:/app/data
    restart: always
    networks:
      - traefik-public
    deploy:
      placement:
        constraints:
          - node.labels.monitor == true
      labels:
          - traefik.enable=true
          - traefik.docker.network=traefik-public
          - traefik.constraint-label=traefik-public
          - traefik.http.routers.uptime-kuma-http.rule=Host(`monitor.${PRIMARY_DOMAIN?Variable not set}`)
          - traefik.http.routers.uptime-kuma-http.entrypoints=http
          - traefik.http.routers.uptime-kuma-http.middlewares=https-redirect
          - traefik.http.routers.uptime-kuma-https.rule=Host(`monitor.${PRIMARY_DOMAIN?Variable not set}`)
          - traefik.http.routers.uptime-kuma-https.entrypoints=https
          - traefik.http.routers.uptime-kuma-https.tls=true
          - traefik.http.routers.uptime-kuma-https.tls.certresolver=le
          - traefik.http.services.uptime-kuma.loadbalancer.server.port=3001
networks:
  traefik-public:
    external: true

volumes:
  data:

I tried with a simple nginx service but the worker 1 cannot access service running on any other worker or manager

and I cannot see all the containers running on traefik-public , all nodes show different containers ( only the container running on their particular node)

docker network inspect traefik-public -- from manager node
[
    {
        "Name": "traefik-public",
        "Id": "rzjip2e6swqvjwlo1c1k5gnvk",
        "Created": "2024-04-10T13:51:59.545083422Z",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.11.0/24",
                    "Gateway": "10.0.11.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "8712a5d3dec503b1202ae96f124d94df482902ee5d48990f0cb67a50d81c69fc": {
                "Name": "portainer_portainer.1.rv2lp342z0sck4datww5xapva",
                "EndpointID": "695762636a73a8d5c6a197fbe94e809eccf1ec9515fcbec07e86a2c159d69744",
                "MacAddress": "02:42:0a:00:0b:06",
                "IPv4Address": "10.0.11.6/24",
                "IPv6Address": ""
            },
            "d70c7097c459cc13e9cfe9ba448619bda1b7a0da881c61862f26ed042a83a4e7": {
                "Name": "traefik_traefik.1.l65qlwvapadztavbcqbd1ie00",
                "EndpointID": "bc55c0a221a0457bc926f73a22f3cc4e5d740cfa957f5606213cb48d2ead0b3d",
                "MacAddress": "02:42:0a:00:0b:07",
                "IPv4Address": "10.0.11.7/24",
                "IPv6Address": ""
            },
            "lb-traefik-public": {
                "Name": "traefik-public-endpoint",
                "EndpointID": "e80130764e2939b10a21a06251a7b8f9d4560a5c933193bd3face8a03d57f9d4",
                "MacAddress": "02:42:0a:00:0b:09",
                "IPv4Address": "10.0.11.9/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.driver.overlay.vxlanid_list": "4108"
        },
        "Labels": {},
        "Peers": [
            {
                "Name": "f3399340f093",
                "IP": "192.168.0.44"
            },
            {
                "Name": "ea2cc75fbf59",
                "IP": "192.168.0.43"
            },
            {
                "Name": "6a679237cf2f",
                "IP": "192.168.0.50"
            }
        ]
    }
]

docker network inspect -- from worker node

docker network inspect traefik-public
[
    {
        "Name": "traefik-public",
        "Id": "rzjip2e6swqvjwlo1c1k5gnvk",
        "Created": "2024-04-10T13:51:50.69893543Z",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.11.0/24",
                    "Gateway": "10.0.11.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "1d25441fc115302bfdab4850941ae4fcdba2b4c49b1a92ad079b339ba627e948": {
                "Name": "kuma_kuma.1.usa7hookwh5kcvudd17pya2e1",
                "EndpointID": "279f50cfce6392e51871af168b4afc65fa898b42d42a3828df799db3181149af",
                "MacAddress": "02:42:0a:00:0b:03",
                "IPv4Address": "10.0.11.3/24",
                "IPv6Address": ""
            },
            "lb-traefik-public": {
                "Name": "traefik-public-endpoint",
                "EndpointID": "6ed97c4ab54f5c6309e097e31b83c4845619fb98f4f90b9783091ea5f1ce2241",
                "MacAddress": "02:42:0a:00:0b:04",
                "IPv4Address": "10.0.11.4/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.driver.overlay.vxlanid_list": "4108"
        },
        "Labels": {},
        "Peers": [
            {
                "Name": "6a679237cf2f",
                "IP": "192.168.0.50"
            },
            {
                "Name": "ea2cc75fbf59",
                "IP": "192.168.0.43"
            },
            {
                "Name": "f3399340f093",
                "IP": "192.168.0.44"
            }
        ]
    }
]

Im not sure if you created your Docker Swarm correctly. Also I don't know if using a folder for letsencrypt/acme.json works as you did it.
For me, I had to do it like I explained in the previously mentioned articles. Also I had to change the permissions of acme.json file to 600.
Then I do not see any constraints for uptime kuma but I see absolute volume paths which will create the volumes on the worker where i t is deployed. Maybe change to use relative paths so that container volumes will be created in docker folder (/var/lib/docker/volumes).

I would try to use production lets encrypt server instead of staging.
Sorry but I cannot help more. Try to use the same prerequisite I did in my tutorial. Then it should work. To know how to set up a Docker Swarm environment correctly check this article which contains every needed step to set up a Docker Swarm in ~15 minutes: https://www.paulsblog.dev/docker-swarm-in-a-nutshell/

followed your tutorial to create the swarm and deploy the swarm
permissions for acme.json is set to 600
regarding the volumes, I would want them to share a common volume (NFS) that is why /mnt/nfs/docker
all the nodes have access to this share and is configured correctly -- checked by login into each node

If I have a look at the readme on Uptime Kuma repository at https://github.com/louislam/uptime-kuma it says that NFS is not supported. So please test without using an NFS.

From Uptime Kuma:

Warning
File Systems like NFS (Network File System) are NOT supported. Please map to a local directory or volume.

still no good

version: '3.7' 
services: 
  kuma: 
    image: louislam/uptime-kuma:latest
    networks:
      - traefik-public
    volumes: 
      - data:/app/data
    deploy:
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.kuma-http.rule=Host(`time.bitsandbots.cc`)
        - traefik.http.routers.kuma-http.entrypoints=http
        - traefik.http.routers.kuma-http.middlewares=https-redirect
        - traefik.http.routers.kuma-https.rule=Host(`time.bitsandbots.cc`)
        - traefik.http.routers.kuma-https.entrypoints=https
        - traefik.http.routers.kuma-https.tls=true
        - traefik.http.routers.kuma-https.tls.certresolver=le
        - traefik.http.services.kuma.loadbalancer.server.port=3001

networks:
  traefik-public:
    external: true

volumes:
  data:

I just copied your docker-compose file and adjusted the URL to up.paulsblog.dev and deployed it in my Docker Swarm. It work out of the box. I guess you did not follow my tutorial or have something broken in your server cluster setup.
Sorry, I don't see any error in your

I will shut down Uptime Kuma in 10 minutes, it was just a fast test :)

update: the setup did work on AWS , seems like there is issue with the overlay network. Would you have any idea on how to check for issues in overlay network
H/W setup: ESXI -8 and VMs on it

the problem was with overlay networks in virtual machines that are running on the ESXI.
It seems like there is a bug in the virtual network driver. In my case it helped to disable the checksum verification, and it started to work as I needed it.
"sudo ethtool -K eth0 rx off tx off"
and it worked