Traefik with nginx container - docker

I spend so much time on it and I didn't found any solution.
I already setup Traefik and the nginx container, here is my docker-compose.yml
version: '3'
networks:
proxy:
external: true
internal:
external: false
services:
mysql:
image: 'mysql:5.7'
environment:
MYSQL_ROOT_PASSWORD: null
networks:
- internal
labels:
- traefik.enable=false
adminer:
image: 'adminer:latest'
labels:
- traefik.backend=adminer
- 'traefik.frontend.rule=Host:db-admin.xxxx.xyz'
- traefik.docker.network=proxy
- traefik.port=8080
networks:
- internal
- proxy
depends_on:
- mysql
portainer:
image: portainer/portainer
networks:
- internal
- proxy
labels:
- "traefik.frontend.rule=Host:portainer.xxxx.xyz"
- "traefik.port=9000"
- "traefik.backend=portainer"
- traefik.docker.network=proxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
restart: unless-stopped
Nginx-Pro:
image: nginx:latest
container_name: Nginx-Pro
labels:
- traefik.backend=Nginx-Pro
- traefik.frontend.rule=Host:new.xxxx.fr
- traefik.docker.network=proxy
- "traefik.port=80"
- "traefix.port=443"
- "traefik.frontend.entryPoints=http"
networks:
- internal
- proxy
depends_on:
- mysql
volumes:
- /var/www/nginx-pro/:/var/www/
- /etc/nginx/nginx-pro/:/etc/nginx
So I also setup vhost on the server in /etc/nginx/sites-enabled
I also add log to traefik conf but nothing is appening.
Here is my vhost config :
server {
listen *:80;
root /var/www/new.xxx.fr;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name new.xxx.fr www.new.xxx.fr;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args;
}
location ~ /\.ht {
deny all;
}
}
And the problem is that i always have Bad Gateway message from Traefik.

You need to add traefik.frontend.passHostHeader so nginx can match the Host header with the server_name.
But as this nginx is only for the one domain you match already with traefik.frontend.rule=Host:new.xxxx.fr you can also leave the server_name out of the nginx vhost config and use the default config.
Also remove "traefix.port=443" as you only use http between traefik and nginx, what you want is "traefik.frontend.entryPoints=http,https", you can also add "traefik.frontend.headers.SSLRedirect=true" to always redirect http to https.

Related

How do I configure/ reconfigure an existing NGINX server to proxy to a docker container?

I have an existing NGINX server hosting 2 websites, one as standard and one on a node server. I want to run 3 docker containers as well on this.
All of the tutorials suggest running NGINX in a container, however this would conflict with my existing set up.
nodejs server, ports 3030:3030
mysql, ports 3360:3360
phpmyadmin, ports 8080:80
They run on localhost on my local machine fine, but I cant get NGINX on the remote server to host them.
I want to be able to access the node server at http://publicIP:3030
I have tried to follow this answer but NGINX is giving me 404 error when trying to access.
my nginx config is:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /paragon/ {
proxy_pass http://localhost:3030/;
# proxy_set_header X-SRV paragon;
}
location /phpmyadmin {
proxy_pass http://localhost:8080/;
# proxy_set_header X-SRV phpmyadmin;
}
location /mysql {
proxy_pass http://localhost:3360/;
# proxy_set_header X-SRV mysql;
}
I have tried it with the X-SRV headers uncommented as well.
My docker-compose.yml config is:
services:
web:
container_name: paragon_web
build: .
command: npm run
depends_on:
- db
volumes:
- ./:/app
- /node_modules
networks:
- paragon_net
ports:
- "3030:3030"
db:
container_name: paragon_db
image: mysql:8.0
command:
--default-authentication-plugin=mysql_native_password
--init-file ./src/data/db_init.sql
restart: unless-stopped
volumes:
- ./src/data/db_init.sql:/docker-entrypoint-initdb.d/
- mysql-data:/var/lib/mysql
ports:
- "3360:3306"
expose:
- "3306"
environment:
MYSQL_DATABASE: paragon
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: admin
MYSQL_PASSWORD: paragon99
SERVICE_TAG: dev
SERVICE_NAME: paragon_db
networks:
- paragon_net
# volumes:
phpmyadmin:
container_name: sql_admin
image: phpmyadmin:5.2.0-apache
restart: always
depends_on:
- db
ports:
- "8090:80"
networks:
- paragon_net
networks:
paragon_net:
driver: bridge
The location of the new site on the server are at /var/www/newsite

Nextcloud in Docker with Caddy proxy

I’m trying to install Nextcloud on my server with Docker using a Caddy reverse proxy. Caddy is working for other services so I will just copy the Caddyfile here.
There are 3 ways I tried accessing it on the Docker host machine:
localhost:8080 - working
IP of host machine - it says it is not a trusted domain
domain - 502 Bad Gateway
Please help I’ve already tried multiple configurations but can not get it working.
Caddyfile:
{domain} {
tls {email}
tls {
dns godaddy
}
# Enable basic compression
gzip
# Service discovery via well-known
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
proxy / http://nextcloud:8080 {
# X-Forwarded-For, etc...
transparent
# Nextcloud best practices and security
header_downstream Strict-Transport-Security "max-age=15552000;"
header_downstream Referrer-Policy "strict-origin-when-cross-origin"
header_downstream X-XSS-Protection "1; mode=block"
header_downstream X-Content-Type-Options "nosniff"
header_downstream X-Frame-Options "SAMEORIGIN"
}
}
docker-compose file:
version: '3.7'
services:
db:
container_name: nextcloud-db
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- db:/var/lib/mysql
env_file:
- ./nextcloud/config/db.env
environment:
- MYSQL_ROOT_PASSWORD={pw}
networks:
- db
app:
container_name: nextcloud
image: nextcloud
ports:
- 8080:80
volumes:
- nextcloud:/var/www/html
env_file:
- ./nextcloud/config/db.env
environment:
- MYSQL_HOST=db
- NEXTCLOUD_TRUSTED_DOMAINS="localhost {host ip} {domain}"
restart: always
networks:
- proxy
- db
depends_on:
- db
volumes:
db:
nextcloud:
networks:
db:
Figured it out.
In the Caddyfile the nextcloud port should be 80 instead of 8080 as it is in the inner network.

Problem with nginx reverse proxy and docker. Only one proxy_path is working

I am completly lost.. So i have two proxy_paths in my nginx conf: '/' and '/api'. '/' redirects to my frontend and is working perfectly but the '/api' proxy path is not working at all. The proxy server is logging requests to '/api/' but not forwarding them to my actual api-server. I'm missing something. Is the '/' proxy_path some sort of catch all that overrides any other proxy paths? Any assistance would be invaluable! Thanks! Here are my configs:
nginx reverse proxy conf:
server {
listen 80;
server_name proxy;
location / {
proxy_pass http://frontend_prod:3000/;
}
location /api {
proxy_pass http://api_prod:3333/;
}
}
docker-compose:
version: '3.1'
services:
proxy:
build: ./proxy/
ports:
- '9000:80'
restart: always
depends_on:
- frontend_prod
- api_prod
frontend_prod:
build: ./frontend/nginx/
ports:
- '3000'
depends_on:
- api_prod
restart: always
db:
image: mariadb
restart: always
environment:
MYSQL_ROOT_PASSWORD: hunter2
api_prod:
build: ./backend/api/
command: npm run production
ports:
- '3333'
depends_on:
- db

nginx/docker routing config

I have a digital ocean droplet. In the root of it are the following files
apps/
-main/
-index.html
nginx.conf
docker-compose.yml
My docker-compose.yml file has the following
version: '3'
networks:
proxy:
external: true
internal:
external: false
services:
traefik:
image: traefik:alpine
ports:
- "8080:8080"
- "80:80"
- "443:443"
restart: always
labels:
- logLevel="DEBUG"
- "traefik.backend=monitor"
- "traefik.frontend.rule=Host:monitor.domain.com"
- "traefik.port=8080"
- "traefik.frontend.entryPoints=http,https"
- "traefik.enable=true"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
expose:
- "8080"
networks:
- internal
- proxy
custom-badge:
image: user/app
environment:
PORT: 3000
ports:
- "3000:3000"
labels:
- traefik.enabled=true
- traefik.backend=app
- traefik.frontend.rule=Host:app.domain.com
- traefik.docker.network=proxy
- traefik.port=3000
networks:
- internal
- proxy
server:
image: nginx:alpine
labels:
- traefik.enabled=true
- traefik.backend=
- traefik.frontend.rule=Host:domain.com
- traefik.docker.network=proxy
- traefik.port=80
volumes:
- "./apps:/etc/nginx/html:ro"
- "./nginx.conf:/etc/nginx/nginx.conf:ro"
command: [nginx-debug, '-g', 'daemon off;']
depends_on:
- traefik
and my nginx.conf
events {
worker_connections 1024; ## Default: 1024
}
http {
server {
listen 80;
server_name domain.com www.domain.com;
location / {
root /etc/nginx/html/main;
proxy_pass domain.com:8080/;
}
}
}
Problem is, when I run docker-compose up everything starts up and I can see all 3 containers started but when I go to domain.com I am not seeing my index.html file. What have I done wrong ?
The other domains work fine: app.domain.com & monitor.domain.com which makes me think it must be something wrong with the nginx config and what files need to be served.
You have a loop - remove proxy_pass. Nginx should serve the data from root folder, not proxy the requests to another service.

Use nginx on route and traefik for subdomain

How would the docker-compose file and nginx configuration look if I want to use traefik to proxy requests for my subdomains and use nginx on my root.
So, i want to serve up some static files to: domain.com using nginx
but i want traefik to handle traffic to: app.domain.com, app2.domain.com
here is what i have in my composer file....
version: '3'
networks:
proxy:
external: true
internal:
external: false
services:
traefik:
image: traefik:alpine
ports:
- "8080:8080"
- "80:80"
- "443:443"
restart: always
labels:
- logLevel="DEBUG"
- "traefik.backend=monitor"
- "traefik.frontend.rule=Host:monitor.domain.com"
- "traefik.port=8080"
- "traefik.frontend.entryPoints=http,https"
- "traefik.enable=true"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
expose:
- "8080"
networks:
- internal
- proxy
custom-badge:
image: app
environment:
PORT: 3000
ports:
- "3000:3000"
labels:
- traefik.enabled=true
- traefik.backend=custom-badge
- traefik.frontend.rule=Host:app.domain.com
- traefik.docker.network=proxy
- traefik.port=3000
networks:
- internal
- proxy
server:
image: nginx:alpine
ports:
- "80:80"
labels:
- traefik.enabled=true
- traefik.backend=
- traefik.frontend.rule=domain.com
- traefik.docker.network=proxy
- traefik.port=80
volumes:
- "./apps/root:/etc/nginx/html:ro"
- "./nginx.conf:/etc/nginx/nginx.conf:ro"
environment:
- NGINX_HOST=domain.com
- NGINX_PORT=80
command: [nginx-debug, '-g', 'daemon off;']
depends_on:
- traefik
and my nginx.conf
http {
server {
listen 80;
server_name domain.com www.domain.com;
location / {
proxy_pass domain.com:80/;
}
}
}
Im getting port conflict errors, what am i doing wrong?
You cannot have two services - traefik and nginx use same host port.
You must have only one service listening on 80 port.
I would suggest configuring traefik to proxy all communication and in case of lack of subdomain forward to nginx - and what I can see - you did.
To fix your error simply remove port section from server (nginx) service definition.

Resources