Hi,
I have been trying to get my Traefik container to work with Wordpress (doesn't matter - just used for testing).
I have looked all online, looked here and none of the solutions seem to help me with my issues (errors in docker logs). Please don't be a smart*ss and tell me it's simple and to look at examples at traefik's webpage, I've done that already, thank you.
I'm following Ibracorp's tutorial on Youtube at "https://www.youtube.com/watch?v=pU7JvIrthxg&t=1917s" and written documentation at: "Docker Compose | Traefik v2.6+".
I've tried removing entry points from my fileConfig.yml file and vice versa from my wordpress docker-compose.yml file. No matter what I do, I get the same errors. Also, Wordpress gets redirected to the webgui of Traefik, never gets directed to wordpress.*******.com.
Also, getting error about CertificatesResolver (myresolver). However, nowhere in any of my files am I referencing myresolver, I'm referencing letsencrypt.
Please see my traefik docker-compose.yml, traefik.yml, fileConfig.yml for Traefik. See docker-compose.yml for Wordpress.
I've deleted, removed all files and reinstalled and same errors.
If wordpress docker-compose.yml is shutdown, I get no errors.
Error messages from docker logs:
2025-04-09T22:24:11Z INF Starting provider aggregator *aggregator.ProviderAggregator
2025-04-09T22:24:11Z INF Starting provider *file.Provider
2025-04-09T22:24:11Z INF Starting provider *traefik.Provider
2025-04-09T22:24:11Z INF Starting provider *docker.Provider
2025-04-09T22:24:11Z INF Starting provider *acme.Provider
2025-04-09T22:24:11Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme
2025-04-09T22:24:11Z INF Starting provider *acme.ChallengeTLSALPN
2025-04-09T22:24:14Z =websecure routerName=wordpress@docker
2025-04-09T22:24:14Z ERR No valid entryPoint for this router routerName=wordpress@docker
2025-04-09T22:24:14Z ERR EntryPoint doesn't exist entryPointName=websecure routerName=wordpress@docker
2025-04-09T22:24:14Z ERR No valid entryPoint for this router routerName=wordpress@docker
2025-04-09T22:24:14Z ERR Router uses a nonexistent certificate resolver certificateResolver=myresolver routerName=wordpress@docker
1). Traefik docker-compose.yml:
version: '3'
services:
traefik:
container_name: traefik
image: traefik:latest
ports:
- 7480:80
- 7443:443
- 8080:8080 # Dashboard port
volumes:
- /opt/appdata/traefik/:/etc/traefik/
- /var/run/docker.sock:/var/run/docker.sock:ro # ro = read-only access to the docker.sock
networks:
- ibranet # rename this to your custom docker network
labels:
traefik.http.routers.api.rule: Host(traefik.xxxxxx.com) # Define the subdomain for the traefik dashboard.
traefik.http.routers.api.entryPoints: https # Set the Traefik entry point.
traefik.http.routers.api.service: api@internal # Enable Traefik API.
traefik.enable: true # Enable Traefik reverse proxy for the Traefik dashboard.
environment:
DOCKER_HOST: dockersocket
CF_DNS_API_TOKEN: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
restart: unless-stopped
depends_on:
- dockersocket
dockersocket:
container_name: dockersocket
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- ibranet
environment:
CONTAINERS: 1
POST: 0
privileged: true
restart: unless-stopped
networks:
ibranet:
driver: bridge
external: true
- fileConfig.yml:
http:
EXTERNAL ROUTING EXAMPLE - Only use if you want to proxy something manually
routers:
# Wordpress routing example - Remove if not used
wordpress:
entryPoints:
- https
rule: 'Host(wordpress.xxxxxxx.xxxx)'
service: wordpress
#middlewares:
# - "auth"
##SERVICES EXAMPLE ##
services:
# Wordpress service example - Remove if not used
wordpress:
loadBalancer:
servers:
- url: http://10.xx.1.xx:80/
MIDDLEWARES
middlewares:
# Only Allow Local networks
local-ipwhitelist:
ipWhiteList:
sourceRange:
- 127.0.0.1/32 # localhost
- 192.168.1.1/24 # LAN Subnet
auth: #for Authentik
forwardauth:
address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
# Authelia guard
#auth:
# forwardauth:
# address: http://auth:9000/api/verify?rd=https://auth.domain.com/ # replace auth with your authelia container name
# trustForwardHeader: true
#authResponseHeaders:
# - Remote-User
#- Remote-Groups
#- Remote-Name
#- Remote-Email
# Authelia basic auth guard
#auth-basic:
# forwardauth:
# address: http://auth:9000/api/verify?auth=basic # replace auth with your authelia container name
# trustForwardHeader: true
#authResponseHeaders:
# - Remote-User
#- Remote-Groups
#- Remote-Name
#- Remote-Email
# Security headers
securityHeaders:
headers:
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
server: ""
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: https
referrerPolicy: "strict-origin-when-cross-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
customRequestHeaders:
X-Forwarded-Proto: "https"
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true
Only use secure ciphers - Mozilla SSL Configuration Generator
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHcomA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- Traefik.yml:
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true
entryPoints:
Not used in apps, but redirect everything from HTTP to HTTPS
http:
address: :80
forwardedHeaders:
trustedIPs: &trustedIps
# Start of Clouflare public IP list for HTTP requests, remove this if you don't use it
- 173.245.48.0/20
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 141.101.64.0/18
- 108.162.192.0/18
- 190.93.240.0/20
- 188.114.96.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 162.158.0.0/15
- 104.16.0.0/12
- 172.64.0.0/13
- 131.0.72.0/22
- 2400:cb00::/32
- 2606:4700::/32
- 2803:f800::/32
- 2405:b500::/32
- 2405:8100::/32
- 2a06:98c0::/29
- 2c0f:f248::/32
# End of Cloudlare public IP list
http:
redirections:
entryPoint:
to: https
scheme: https
HTTPS endpoint, with domain wildcard
https:
address: :443
forwardedHeaders:
# Reuse list of Cloudflare Trusted IP's above for HTTPS requests
trustedIPs: trustedIps
http:
tls:
# Generate a wildcard domain certificate
certResolver: letsencrypt
domains:
- main: xxxxxxxxxxx.com
sans:
- '.xxxxxxxxxxxxx.com'
middlewares:
- securityHeaders@file
providers:
providersThrottleDuration: 2s
File provider for connecting things that are outside of docker / defining middleware
file:
filename: /etc/traefik/fileConfig.yml
watch: true
Docker provider for connecting all apps that are inside of the docker network
docker:
watch: true
network: ibranet # Add Your Docker Network Name Here
# Default host rule to containername.domain.example
defaultRule: "Host({{ index .Labels \"com.docker.compose.service\"}}.xxxxxxxx.com)"
defaultRule: "Host(`{{ lower (trimPrefix '/' .Name)}}.xxxxx.com`)"
#swarmModeRefreshSeconds: 15s #comment out or remove this line if using traefik v3
exposedByDefault: false
endpoint: "tcp://dockersocket:2375" # Uncomment if you are using docker socket proxy
Enable traefik ui
api:
dashboard: true
insecure: true
Log level INFO|DEBUG|ERROR
log:
level: INFO
Use letsencrypt to generate ssl serficiates
certificatesResolvers:
letsencrypt:
acme:
email: xxxxxxxx@.com
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
# Used to make sure the dns challenge is propagated to the rights dns servers
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"com
4) Wordpress docker-compose.yml
services:
db:
# We use a mariadb image which supports both amd64 & arm64 architecture
image: mariadb:10.6.4-focal
# If you really want to use MySQL, uncomment the following line
#image: mysql:8.0.27
command: '--default-authentication-plugin=mysql_native_password'
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
- MYSQL_ROOT_PASSWORD=xxxxxxxxxxxxxxxxxxxxxx
- MYSQL_DATABASE=wordpress
- MYSQL_USER=xxxxxxxxxxxxxx
- MYSQL_PASSWORD=xxxxxxxxxxxxxxxxxx
networks:
- ibranet
wordpress:
image: wordpress:latest
container_name: wordpress
volumes:
- wp_data:/var/www/html
restart: always
ports:
- "80:80"
environment:
- WORDPRESS_DB_HOST=db
- WORDPRESS_DB_USER=xxxxxxx
- WORDPRESS_DB_PASSWORD=xxxxxxxxxxxxxxxxxx
- WORDPRESS_DB_NAME=wordpress
labels:
traefik.enable: true
traefik.http.routers.wordpress.entryPoints: https
traefik.http.services.wordpress.loadbalancer.server.scheme: https
traefik.http.routers.wordpress.rule: Host(wordpress.XXXXXXXXX.com)
traefik.http.routers.wordpress.middlewares: wordpress-stripprefix@docker
traefik.http.routers.wordpress.entryPoints: websecure
traefik.http.routers.wordpress.tls: true
traefik.http.routers.wordpress.tls.certresolver: letsencrypt
ne#tworks:
- ibranet
networks:
ibranet:
external: true
volumes:
db_data:
wp_data:
Thank you, I appreciate any and all help that I may get.