zugang
August 20, 2023, 9:18am
1
Hi @all ,
I have the follwing docker file. With this it is possible to get to traefik dashboard via "http". With https it says "404 page not found". My dashboard also says: "There is no TLS configured".
Can somebody help me what the problem is? Actually I'm a newbie and do not have a lot of experience. So please describe it in an easy way. Thanks in advance!!
version: '3'
services:
traefik:
image: traefik:v2.4
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=mymail@myprovider.de"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./letsencrypt:/letsencrypt
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`myserver.myddns.net`) && PathPrefix(`/`)"
- "traefik.http.routers.traefik.service=api@internal"
nextcloud:
image: nextcloud
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.rule=Host(`myserver.myddns.net`) && PathPrefix(`/nextcloud`)"
- "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
mattermost:
image: mattermost/mattermost-preview
labels:
- "traefik.enable=true"
- "traefik.http.routers.mattermost.rule=Host(`myserver.myddns.net`) && PathPrefix(`/mattermost`)"
- "traefik.http.routers.mattermost.entrypoints=websecure"
- "traefik.http.routers.mattermost.tls.certresolver=myresolver"
Use 3 backticks in front and after code, or select code and press </> button. In yaml every space matters.
Use a current Traefik version, not a 1 year old version.
Compare with simple Traefik example .
zugang
August 20, 2023, 3:20pm
3
Thanks! This helped.
Now it is working. Dashboard is popping up....but Im not able to access nextcloud.
# Not Found
The requested URL was not found on this server.
Apache/2.4.52 (Debian) Server at natune-server.ha5fhv1ccw3h6gx8.myfritz.net Port 80"
My config file looks now like this:
version: "3.3"
services:
traefik:
image: "traefik:v2.10"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=my.mail@mail.de"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`myserver.dns.net`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.routers.traefik.service=api@internal"
networks:
- traefik_network
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`myserver.dns.net`) && PathPrefix(`/whoami`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
networks:
- traefik_network
nextcloud:
image: nextcloud:latest
container_name: "nextcloud"
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.rule=Host(`myserver.dns.net`) && PathPrefix(`/nextcloud`)"
- "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
volumes:
- "/containers/cloud/nextcloud/apps:/var/www/html/apps"
- "/containers/cloud/nextcloud/config:/var/www/html/config"
- "/containers/cloud/nextcloud/data:/var/www/html/data"
depends_on:
- db
networks:
- traefik_network
db:
container_name: "maria-db"
restart: unless-stopped
image: mariadb
command: --innodb-read-only-compressed=OFF #Maria-DB fix
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: ncdb
MYSQL_USER: nextcloudUSER
MYSQL_PASSWORD: nextcloudPASSWORD
volumes:
- "/containers/cloud/mariadb:/var/lib/mysql"
networks:
- traefik_network
networks:
traefik_network:
You try to access your service with Host() && PathPrefix(). But is your target service actually responding to the path /nextcloud? Did you configure it to have that base path?
Usually you want (complex) services to be available on their own domain. PathPrefix always makes trouble for interactive web applications, because they mostly respond with fixed links like /login or /static/js/script.js.
You could use various (paid for) subdomains and use CNAME to your DynDNS name.
PS: recently posted a config for NextCloud
zugang
August 21, 2023, 11:06am
5
Hi,
I did now some changes, because I found out, that nextcloud ist not working with "myserver.com/nextcloud " (PathPrefix) . It needs a subdomain like nextcloud.myserver.com .
And thats my problem, because I have a Fritzbox and Im using "myFritz-Freigabe". And it can not handle subdomains for my server. Here is a short sketch:
Now my idea is to rout the adress myserver.abcd.myfritz.net/nextcloud to a adress on my server like "nextcloud.localhost" and myserver.abcd.myfritz.net/whoami to "whoami.localhost"
Do you think this is possible? My current YML-File is looking like this (I tried to use stripprefix)
version: "3.3"
services:
traefik:
image: "traefik:v2.10"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
#- "--entrypoints.websecure.address=:80"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=mymail@gmx.de"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "80:80"
# - "8065:8065"
# - "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`myserver.abcd.myfritz.net`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.routers.traefik.service=api@internal"
networks:
- traefik_network
whoami:
image: traefik/whoami:v1.8
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.rule=Host(`myserver.abcd.myfritz.net`) && PathPrefix(`/whoami`)"
- "traefik.http.middlewares.whoami.stripprefix.prefixes=/whoami"
- "traefik.http.routers.whoami.middlewares=whoami@docker"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
# - "traefik.http.services.whoami.loadbalancer.server.port=80"
networks:
- traefik_network
postgres:
image: postgres:14-alpine
container_name: postgres
restart: always
volumes:
- /data/postgres:/var/lib/postgresql/data
environment:
- TZ=Europe/Berlin
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=<ABC>
networks:
- traefik_network
nextcloud:
image: nextcloud
container_name: nextcloud
hostname: nextcloud
restart: always
volumes:
- /data/nextcloud:/var/www/html
environment:
- TZ=Europe/Berlin
- POSTGRES_HOST=postgres
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=<ABC>
- NEXTCLOUD_ADMIN_PASSWORD=<DEF>
- NEXTCLOUD_ADMIN_USER=ncadmin
- NEXTCLOUD_TRUSTED_DOMAINS=myserver.abcd.myfritz.net
- TRUSTED_PROXIES=traefik
- OVERWRITEPROTOCOL=https
- NC_default_phone_region=<EU>
- APACHE_SERVER_NAME=myserver.abcd.myfritz.net
depends_on:
- postgres
labels:
- 'traefik.enable=true'
#- 'traefik.http.routers.nextcloud.tls=true'
#- 'traefik.http.routers.nextcloud.tls.certresolver=myresolver'
- 'traefik.http.routers.nextcloud.entrypoints=websecure'
- "traefik.http.routers.nextcloud.rule=Host(`myserver.abcd.myfritz.net`) && PathPrefix(`/nextcloud`)"
- "traefik.http.middlewares.nextcloud.stripprefix.prefixes=/nextcloud"
- "traefik.http.routers.nextcloud.middlewares=nextcloud@docker"
- 'traefik.http.routers.nextcloud.middlewares=nextcloud-dav,nextcloud-header'
- 'traefik.http.services.nextcloud.loadbalancer.server.port=80'
- 'traefik.http.middlewares.nextcloud-dav.redirectRegex.regex=https://(.*)/.well-known/(card|cal)dav'
- 'traefik.http.middlewares.nextcloud-dav.redirectRegex.replacement=https://$${1}/remote.php/dav/'
- 'traefik.http.middlewares.nextcloud-dav.redirectRegex.permanent=true'
- "traefik.http.middlewares.nextcloud-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nextcloud-header.headers.stsSeconds=15552000"
- "traefik.http.middlewares.nextcloud-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.nextcloud-header.headers.stsPreload=true"
- "traefik.http.middlewares.nextcloud-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nextcloud-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.nextcloud-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
networks:
- traefik_network
networks:
traefik_network:
I don’t think it’s possible to use PathPrefix with a web application like Nextcloud, as I explained above.
You can use DNS CNAME to use DynDNS with multiple domains. Just set your domain to use CNAME and point to your DynDNS domain.
Your domainNextcloud.example.com CNAME home.fritz.netHome.fritz.net A 1.2.3.4
The domain name resolves to another domain name, that resolves to an IP. But the original domain is sent in the http request, so Traefik can match the domain.
Update: you can set a base path for nextcloud, see for example this post .
zugang
August 23, 2023, 10:19am
7
Hi bluepuma,
Actually I didnt understand the solution you suggested...what and how I have to do it... Im a newbie?
Can you explain a little bit easier for me? Currently i setted up an account for cloudflare
Usually you set the target IP for a (sub-)domain with your DNS provider. It’s called an A record.
Alternatively you can set a CNAME for a (sub-)domain, pointing to another domain instead of pointing to an IP.
You Fritz DynDNS is pointing home.fritz.net to your home IP, probably from your DSL provider.
Now you can set additional (sub-)domains with your DNS provider to point to that fixed domain with dynamic IP.
nextcloud.mydomain.net -> CNAME -> home.fritz.net
Check if Cloudflare support CNAME. There are also free DNS providers like DuckDNS.
