Hello,
I am using traefik as reverse proxy in a container with many docker containers running wordpress or web applications. I have got it working for the most part but stuck with an issue where I have a temporary fix but really like to understand what I am missing.
Firstly, the traefik yaml:
version: "3.3"
networks:
traefik:
external: true
services:
traefik:
image: "traefik:v2.9"
container_name: "traefik"
restart: always
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web-secure.address=:443"
# Settle the autentification method to http challenge
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
# Uncomment this to get a fake certificate when testing
#- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
# Settle letsencrypt as the certificate provider
- "--certificatesresolvers.myhttpchallenge.acme.email=me@mail.com"
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
#- "8080:8080"
networks:
- "traefik"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
wordpress docker-compose:
version: '3'
networks:
traefik:
external: true
backend:
services:
db:
image: mariadb:10.6.4-focal
#image: mysql:8.0.27
command: '--default-authentication-plugin=mysql_native_password'
restart: always
environment:
- MYSQL_ROOT_PASSWORD=wordpress
- MYSQL_DATABASE=wordpress
- MYSQL_USER=wordpress
- MYSQL_PASSWORD=wordpress
volumes:
- ./db:/var/lib/mysql
networks:
- backend
wordpress:
image: wordpress:latest
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
- /var/www/mydomain/html:/var/www/html
networks:
- traefik
- backend
depends_on:
- db
- redis
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
# Get the routes from http
- "traefik.http.routers.mydomain-wp.rule=Host(`mydomain.com`,`www.mydomain.com`)"
- "traefik.http.routers.mydomain-wp.entrypoints=web"
# Redirect these routes to https
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.mydomain-wp.middlewares=redirect-to-https@docker"
# Get the routes from https
- "traefik.http.routers.mydomain-wp-secured.rule=Host(`mydomain.com`,`www.mydomain.com`)"
- "traefik.http.routers.mydomain-wp-secured.entrypoints=web-secure"
# Apply autentificiation with http challenge
- "traefik.http.routers.mydomain-wp-secured.tls=true"
- "traefik.http.routers.mydomain-wp-secured.tls.certresolver=myhttpchallenge"
If I use the two rules under # Redirect these routes to https, there is an infinite loop and commenting this out the https version of the site does not show properly. The css and some files does not work. The fix I found is adding $_SERVER['HTTPS'] = 'on'; in wp-config.php which solves this.
I believe this is an issue with the headers not being forwarded and need to use --entryPoints.web.forwardedHeaders but I cant seem to figure out what needs to go where to solve this.