I'm trying to make a secure docker proxy as a proof of concept. This seems like it's close to working (port 80 works and the "It Works!" page comes up for b.example.com). However, the console shows an error on generating keys.
docker-compose.yml:
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./certs:/etc/nginx/certs:ro
- /etc/nginx/vhost.d
- /usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
volumes:
- ./certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes_from:
- nginx-proxy:rw
environment:
- LETSENCRYPT_TEST=true
site-b:
image: httpd
networks:
- reverse-proxy
- back
environment:
- VIRTUAL_PORT=1234
- VIRTUAL_HOST=b.example.com
- LETSENCRYPT_HOST=b.example.com
Error:
nginx-letsencrypt_1 | 2018-04-27 11:41:40,244:ERROR:simp_le:1446: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-v01.api.letsencrypt.org/acme/authz/HsDmBtfcqucZ2j7gT5rGkCf1ESqHaxbkNxZRRWwXfFQ
Related
I'm trying to create some kind of reverse proxy server that would serve a port running on my local network (192.168.0.15:5083) through either another port (192.168.0.15:<ANOTHER PORT>) or through another path on the IP address (192.168.0.15/pathname). I want this to be reachable from other computers on the same network.
I'm trying to achieve this using Traefik with Docker through a docker-compose.yml file. Currently I have it set up like this:
lms:
container_name: lms
image: epoupon/lms
user: ${PUID}:${PGID}
ports:
- 5083:5082
volumes:
- ${USERDIR}/docker/lms:/var/lms
- /media/music:/music:ro
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
labels:
- "traefik.enable=true"
- "traefik.http.routers.lms.rule=Path(`/lms`)"
restart: unless-stopped
reverse-proxy:
image: traefik:v2.6
command: --api.insecure=true --providers.docker
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
What I'm trying to do here is to create a path on the servers IP address (192.168.0.15/lms) that would serve port 5083 (192.168.0.15:5083). The purpose of this is to then be able to apply CORS headers to the proxy server.
When visiting 192.168.0.15/lms from another machine on the same network as the server, I get this error message:
Fatal error: failed loading /js/jquery-1.10.2.min.js
I interpret this as if it gets a connection to port 5083, but the assets/resources being used on the front end on that port is not loading correctly.
Am I doing this right or should I do it in a different way to succeed?
So I'm currently building a docker setup with a REST API and a separate frontend. My backend consists of Symfony 5.2.6 as REST API and my frontend is a simple Vue application.
When I try to call my API from the vue application via localhost or 127.0.0.1, I get a "Connection refused" error. When I try to call the API via the external IP of my server, I run into CORS issues. This is my first setup like this, so I'm kind of at a loss.
This is my docker setup:
version: "3.8"
services:
# VUE-JS Instance
client:
build: client
restart: always
logging:
driver: none
volumes:
- ./client:/app
- /app/node_modules
environment:
- CHOKIDAR_USEPOLLING=true
- NODE_ENV=development
ports:
- 8080:8080
# SERVER
php:
build: php-fpm
restart: always
ports:
- "9002:9000"
volumes:
- ./server:/var/www/:cached
- ./logs/symfony:/var/www/var/logs:cached
# WEBSERVER
nginx:
build: nginx
restart: always
ports:
- "80:80"
volumes_from:
- php
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./logs/nginx/:/var/log/nginx:cached
So what is the correct way to establish the connection between those two containers?
The client app runs on port 8080 but nginx on 80 is a different URL and it should be a CORS error.
To avoid it, in the PHP app, you have to add response header:
Access-Control-Allow-Origin: http://localhost:8080 or
Access-Control-Allow-Origin: *.
Another solution is to configure all in one domain on this same port.
I am trying to follow the community documentation on mailcow dockerized and I am using Traefik as my load balancer.
I have successfully obtained a SSL certificate and the certdump is working as expected when I check the logs.
The issue I have having is that the nginx-mailcow container is not receiving the requests when I visit mail.example.com. My Traefik logs show this:
level=error msg="entryPoint \"secure\" doesn't exist" routerName=moo#docker entryPointName=secure
level=error msg="no valid entryPoint for this router" routerName=moo#docker
My docker-compose.override.yml looks like this (not much different to the community documentation):
version: '2.1'
services:
nginx-mailcow:
networks:
traefik:
web:
labels:
- traefik.enable=true
- traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
- traefik.http.routers.moo.tls=true
- traefik.http.routers.moo.tls.certresolver=godaddy
- traefik.http.routers.moo.middlewares=redirect#file
- traefik.http.routers.moo.service=nginx-mailcow
- traefik.http.services.moo.loadBalancer.passHostHeader=true
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.moo.middlewares=https-redirect
- traefik.http.services.moo.loadbalancer.server.port=80
- traefik.http.routers.moo.entrypoints=secure
- traefik.docker.network=web
certdumper:
image: humenius/traefik-certs-dumper
container_name: traefik_certdumper
network_mode: none
volumes:
- acme:/traefik:ro
- ./data/assets/ssl/:/output:rw
environment:
- DOMAIN=${MAILCOW_HOSTNAME}
networks:
traefik:
external: true
web:
external: true
volumes:
acme:
name: "traefik_acme"
Can anyone see what I am doing wrong?
I have also tried with only:
labels:
- traefik.enable=true
- traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
- traefik.http.routers.moo.tls=true
- traefik.http.routers.moo.tls.certresolver=godaddy
- traefik.http.services.moo.loadbalancer.server.port=80
- traefik.http.routers.moo.entrypoints=secure
- traefik.docker.network=web
This still did not work.
When you define a name for a service, you must use the same name in your service configuration, like this:
traefik.http.routers.moo.service=nginx-mailcow
traefik.http.services.moonginx-mailcow.loadBalancer.passHostHeader=true
The loadBalancer.servers (notice the s in servers) doesn't have a port key, only url:
traefik.http.services.moo.loadbalancer.server.port=80
traefik.http.services.nginx-mailcow.loadbalancer.servers.url=['http://nginx-mailcow:80']
But as you are using defaults, you can omit all of the above =)
One more thing, I don't know how your Traefik container is configured but if your Traefik is running with a defined traefik network (internal) and a web network (public), you should use the traefik network in your Mailcow container as you want to route all external traffic through Traefik.
traefik.docker.network=web
labels:
- traefik.enable=true
- traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
- traefik.http.routers.moo.tls=true
- traefik.http.routers.moo.tls.certresolver=godaddy
- traefik.http.routers.moo.middlewares=redirect#file
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.moo.middlewares=https-redirect
- traefik.http.routers.moo.entrypoints=secure
- traefik.docker.network=traefik
#30daysofstackoverflow
I am trying to host a few different websites on a single Raspberry Pi using Docker. I was told that I would need to use something like Traefik to route everything properly.
I tried using the Docker Basic Example under User Guides in their documentation as a test. I followed along with the example and created the docker-compose.yml file and copied in the example from the docs:
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
# - "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
- "traefik.http.routers.whoami.entrypoints=web"
Using this example going to the devices local IP I recieve a page that simply says:
404 Page not found
I've tried changing the Traefik container image version, and editing the example with my relevant information as well as recreating the example on another host and still I receive the above 404.
Am I doing something incorrect with Traefik to receive this 404?
In the user guide you have mentioned, there is this note:
Replace whoami.localhost by your own domain within the traefik.http.routers.whoami.rule label of the whoami service.
So, after you replace whoami.localhost with you local IP, you should be able to see whoami service responding correctly.
I'm currently configuring Traefik with Let's encrypt.
But I have an issue : Each time I restart the container, Traefik regenerate all certificate. Even those already in the acme.json file :(.
But my server do automatic restart sometimes. So, within a day, Let's encrypt does not want to give me more certificates.
Do any way exist to rsolve this issue ? :(
My docker-compose.yml file :
services:
traefik:
image: traefik:alpine
restart: always
container_name: traefik
networks:
- default
- traefik_proxy
ports:
- "80:80"
- "443:443"
- "8000:8080"
volumes:
# traefik configuration files
- ${TRAEFIK_CONTAINERS_CONFIG_DIR}/traefik.toml:/etc/traefik/traefik.toml
- ${TRAEFIK_CONTAINERS_CONFIG_DIR}/acme.json:/acme.json
- ${TRAEFIK_CONTAINERS_CONFIG_DIR}/log:/var/log/traefik/
- ${TRAEFIK_CONTAINERS_CONFIG_DIR}/shared:/shared/
# Docker
- /var/run/docker.sock:/var/run/docker.sock
# We have to link the authentification dir to use the differents .htpasswd
- ${AUTHENTIFICATION_FILES_DIRECTORY}:/htpasswd/
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:reverse.${DOMAIN_NAME}"
- "traefik.port=8080"
- "traefik.frontend.auth.basic.usersFile=${TRAEFIK_DEFAULT_AUTHENTIFICATION_FILE}"
- "traefik.tags=proxy"
- "traefik.docker.network=traefik_proxy"