Hello,
I have set up a Docker container with Squidex. To login, Squidex attempts to access the OpenID configuration address (/identity-server/.well-known/openid-configuration) from the Base URL.
Squidex is setup via docker-compose with the following labels:
- "traefik.enable=true"
- "traefik.http.routers.headless-secured.entrypoints=websecure"
- "traefik.http.routers.headless-secured.rule=Host(`base-url`)"
- "traefik.http.routers.headless-secured.tls.certresolver=httpchallenge"
- "traefik.http.routers.headless-secured.tls=true"
- "traefik.http.routers.headless.entrypoints=web"
- "traefik.http.routers.headless.rule=Host(`base-url`)"
- "traefik.http.middlewares.compress.compress=true"
- "traefik.http.middlewares.redirect.redirectscheme.scheme=https"
- "traefik.http.routers.headless.middlewares=compress,headings"
- "traefik.http.routers.headless-secured.middlewares=compress,headings"
I can access the site via both HTTP and HTTPS from my browser.
When the Base URL of Squidex is set to use HTTP, the OpenID configuration is accessible. However, I have to disable the HTTPS redirection of Traefik, and this leaves my connection unsecured.
When the Base URL of Squidex is set the use HTTPS, I cannot login as the docker container cannot find the Open ID configuration. Note that this configuration is from a URL of the same container.
I have tried to curl from inside the Squidex container via docker exec -it container_name bash. When attempting curl via HTTP, everything works great. However, when trying to curl the HTTPS address, the connection is refused.
So, from within the container with traefik router squidex.host-url:
curl http://squidex.host-url = HTML file output
curl https://squidex.host-url = <connection refused>
The same curl command can access other Traefik routed containers:
curl https://other-container-subdomain.host-url = <works fine>
Is there a way to allow the container to access its own HTTPS path from Traefik?
Many thanks!