Hello,
I have set up a Docker container with Squidex. To login, Squidex attempts to access the OpenID configuration address (/identity-server/.well-known/openid-configuration
) from the Base URL.
Squidex is setup via docker-compose with the following labels:
- "traefik.enable=true"
- "traefik.http.routers.headless-secured.entrypoints=websecure"
- "traefik.http.routers.headless-secured.rule=Host(`base-url`)"
- "traefik.http.routers.headless-secured.tls.certresolver=httpchallenge"
- "traefik.http.routers.headless-secured.tls=true"
- "traefik.http.routers.headless.entrypoints=web"
- "traefik.http.routers.headless.rule=Host(`base-url`)"
- "traefik.http.middlewares.compress.compress=true"
- "traefik.http.middlewares.redirect.redirectscheme.scheme=https"
- "traefik.http.routers.headless.middlewares=compress,headings"
- "traefik.http.routers.headless-secured.middlewares=compress,headings"
I can access the site via both HTTP and HTTPS from my browser.
When the Base URL of Squidex is set to use HTTP, the OpenID configuration is accessible. However, I have to disable the HTTPS redirection of Traefik, and this leaves my connection unsecured.
When the Base URL of Squidex is set the use HTTPS, I cannot login as the docker container cannot find the Open ID configuration. Note that this configuration is from a URL of the same container.
I have tried to curl
from inside the Squidex container via docker exec -it container_name bash
. When attempting curl
via HTTP, everything works great. However, when trying to curl
the HTTPS address, the connection is refused.
So, from within the container with traefik router squidex.host-url
:
curl http://squidex.host-url = HTML file output
curl https://squidex.host-url = <connection refused>
The same curl
command can access other Traefik routed containers:
curl https://other-container-subdomain.host-url = <works fine>
Is there a way to allow the container to access its own HTTPS path from Traefik?
Many thanks!