I cannot use WordPress on Docker with Traefik

Traefik Traefik v2
1

Problematic:

I cannot use WordPress on Docker with Traefik. WordPress communicates a lot with the servers of the Word Press organization. For example when I open the WordPress admin page it looks for events near my city. WordPress also uses CURL and if there are strange answers it crashes.
I think Traefik blocks Wordpress. Does anyone on this forum use WordPress with Traefik? How did you solve this problem?
I saw that there is a specific WordPress image for Docker but I don't want to use it because the configuration I create on this CMS I want to save and reproduce for different sites. I prefer to manage the cms php files directly inside a folder that defines a Docker volume.

Error description:

I can install WordPress by manually adding wp-config.php (the cms doesn't do this for me because it can't). When I log into the control panel I get these problems:
1) Application is very slow;
2) When logging into the control panel I get this error:

Warning: Si è verificato un errore inaspettato. C'è qualche cosa di sbagliato con WordPress.org o con la configurazione di questo server. Se continui ad avere problemi, chiedi aiuto sul forum di supporto. (WordPress non può stabilire una connessione sicura a WordPress.org. Contatta l’amministratore del server.) in /var/www/html/it/wp-admin/includes/translation-install.php on line 68

Project:

version: "3.9"

services:
  traefik:
    build: ./traefik
    image: image-traefik-eb:v.1.0
    command:
      - --log.level=INFO
      - --log.filePath=/data-log/traefik.log
      - --log.format=json
      - --accesslog=true
      - --api.insecure=false
      - --api.dashboard=true
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certresolver=leresolver
      - --certificatesresolvers.leresolver.acme.tlsChallenge=true
      - --certificatesresolvers.leresolver.acme.email=...
      - --certificatesresolvers.leresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./volumes/data-letsencrypt/:/letsencrypt
      - ./volumes/data-log/:/data-log/
    ports:
      - 80:80
      - 443:443
    labels:
      traefik.enable: true
      traefik.http.routers.dashboard.rule: Host(`www.traefik.localhost`,`www.traefik.localhost`)
      traefik.http.routers.dashboard.service: api@internal
      traefik.http.routers.dashboard.middlewares: auth
      traefik.http.middlewares.auth.basicauth.users: ...:...
      traefik.http.routers.unmatchedwww.rule: HostRegexp(`{name:^www\..*}`) 
      traefik.http.routers.unmatchedwww.service: noop@internal
      traefik.http.routers.unmatchedwww.priority: 2
      traefik.http.routers.matchlast.rule: PathPrefix(`/`)
      traefik.http.routers.matchlast.priority: 1
      traefik.http.routers.matchlast.middlewares: addwww
      traefik.http.middlewares.addwww.redirectregex.regex: ^https://(?:www\.)?(.*)
      traefik.http.middlewares.addwww.redirectregex.replacement: https://www.$${1}
    restart: always
    networks:
      - eb
      - traefik-network

  mysql:
    build: ./mysql
    image: image-mysql-eb:v.1.0
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: ...
      MYSQL_DATABASE: ...
      MYSQL_USER: ...
      MYSQL_PASSWORD: ...
    depends_on:
      - traefik
    volumes:
      - mysql-volume:/var/lib/mysql
    networks:
      - eb

  phpmyadmin:
    build: ./phpmyadmin
    image: image-phpmyadmin-eb:v.1.0
    restart: always
    environment:
      PMA_HOST: mysql
    depends_on:
      - traefik
      - mysql
    labels:
      traefik.enable: 'true'
      traefik.http.services.phpmyadmin.loadbalancer.server.port: 80
      traefik.http.services.phpmyadmin.loadbalancer.server.scheme: http
      traefik.http.routers.phpmyadmin.rule: Host(`www.phpmyadmin.localhost`)
      traefik.http.routers.phpmyadmin.tls.domains[0].main: phpmyadmin.localhost
      traefik.http.routers.phpmyadmin.tls.domains[0].sans: www.phpmyadmin.localhost
      traefik.http.routers.phpmyadmin.tls.certresolver: leresolver
    networks:
      - eb

  php-apache-blog:
    build: ./php-apache-blog
    image: image-php-apache-blog-eb:v.1.0
    restart: always
    depends_on:
      - mysql
    volumes:
      - ./volumes/data-php-blog:/var/www/html/
    depends_on:
      - traefik
      - mysql
    labels:
      traefik.enable: 'true'
      traefik.http.services.php-apache-blog.loadbalancer.server.port: 80
      traefik.http.services.php-apache-blog.loadbalancer.server.scheme: http
      traefik.http.routers.php-apache-blog.rule: Host(`www.blog.localhost`)
      traefik.http.routers.php-apache-blog.tls.domains[0].main: blog.localhost
      traefik.http.routers.php-apache-blog.tls.domains[0].sans: www.blog.localhost
      traefik.http.routers.php-apache-blog.tls.certresolver: leresolver
    networks:
      - eb

volumes:
  mysql-volume:
  
networks:
  eb:
    internal: true
  traefik-network:

Side note 1:

The project that I show has a problem that this forum does not know how to solve but I do not think this problem is the cause of the malfunction.

I report the link for concern:

Side note 2:

If I remove the Traefik proxy from my services everything works perfectly so I am sure that the malfunctions depend exclusively on Traefik.

2

Traefik enables you to route incoming requests to your Docker containers. If you run Wordpress in a container and it has issues with outgoing connections via curl, then I don't see how this is related to Traefik.

If you do have outgoing connection problems, please check the IP addresses within Docker. There are default networks a container is attached to and potential own created Docker networks with IP addresses and also the servers IP addresses. We had issues with overlapping of IP configuration before.

1 Like
3

I don't know how to solve this problem but I assure you that if I remove Traefik from my Docker Compose configuration, Wordpress works perfectly.

4

I would use a dedicated network for service routing, add to service.traefik

providers.docker.network=traefik-network

and attach all relevant web-containers to it (or just use network eb).

1 Like
5

A full example, uses:

  1. port :80 to redirect to :443 to force TLS/SSL
  2. :8080/dashboard/ for the Traefik dashboard (user/pass: test/test)
  3. network traefik to route requests from Traefik to service
  4. example service whoami.example.com with LetsEncrypt TLS/SSL
  5. volume to store LetsEncrypt certificates

You probably need to docker create network proxy if you are not running Swarm and adapt the email and subdomain to run the example.

# docker-compose.yml
version: '3.8'

services:
  traefik:
    image: traefik:v2.8.4
    container_name: traefik
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
      - target: 8080
        published: 8080
        mode: host
    command:
      - --providers.docker.exposedByDefault=false  
      - --providers.docker.network=proxy
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls.certResolver=leresolver
      - --entrypoints.traefik.address=:8080
      - --certificatesresolvers.leresolver.acme.email=user@example.com
      - --certificatesresolvers.leresolver.acme.storage=/certificates/acme.json
      - --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
      - --log.level=DEBUG
      - --accesslog=true
      - --api.dashboard=true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-certificates:/certificates
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)
      - traefik.http.routers.dashboard.entrypoints=traefik
      - traefik.http.routers.dashboard.service=api@internal
      - traefik.http.routers.dashboard.middlewares=dashboard-auth
      - 'traefik.http.middlewares.dashboard-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'

  whoami:
    image: traefik/whoami:v1.8.1
    container_name: whoami
    networks:
      - proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.services.whoami.loadbalancer.server.port=80'
      - 'traefik.http.routers.whoami.rule=Host(`whoami.example.com`)'
      - 'traefik.http.routers.whoami.entrypoints=websecure'
      - 'traefik.http.routers.whoami.tls=true'
      - 'traefik.http.routers.whoami.tls.certresolver=leresolver'

networks:
  proxy:
    name: proxy
    driver: overlay
    attachable: true

volumes:
  traefik-certificates:
    name: traefik-certificates
1 Like
6

Thanks for your code. I don't use Docker Swarm, I didn't know it but it seems very interesting because it is a tool that allows you to combine the performances of different physical machines. Docker swarm may need me in the future.

I have tested your Traefik code with Wordpress. Below you will find the complete code.

version: '3.8'

services:
  traefik:
    build: ./traefik
    image: image-traefik-proxy:v.1.0
    container_name: container-traefik-proxy
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
      - target: 8080
        published: 8080
        mode: host
    command:
      - --providers.docker.exposedByDefault=false  
      - --providers.docker.network=proxy
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls.certResolver=leresolver
      - --entrypoints.traefik.address=:8080
      - --certificatesresolvers.leresolver.acme.email=user@example.com
      - --certificatesresolvers.leresolver.acme.storage=/certificates/acme.json
      - --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
      - --log.level=DEBUG
      - --accesslog=true
      - --api.dashboard=true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-certificates:/certificates
    networks:
      - proxy
    labels:
      # http://localhost:8080/dashboard/
      - traefik.enable=true
      - traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)
      - traefik.http.routers.dashboard.entrypoints=traefik
      - traefik.http.routers.dashboard.service=api@internal
      - traefik.http.routers.dashboard.middlewares=dashboard-auth
      - 'traefik.http.middlewares.dashboard-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'

  whoami:
    image: traefik/whoami:v1.8.1
    container_name: whoami
    networks:
      - proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.services.whoami.loadbalancer.server.port=80'
      - 'traefik.http.routers.whoami.rule=Host(`www.whoami.localhost`)'
      - 'traefik.http.routers.whoami.entrypoints=websecure'
      - 'traefik.http.routers.whoami.tls=true'
      - 'traefik.http.routers.whoami.tls.certresolver=leresolver'

  mysql:
    build: ./mysql
    image: image-mysql-proxy:v.1.0
    container_name: container-mysql-proxy
    restart: always
    networks:
      - proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.services.mysql.loadbalancer.server.port=80'
      - 'traefik.http.routers.mysql.rule=Host(`www.mysql.localhost`)'
      - 'traefik.http.routers.mysql.entrypoints=websecure'
      - 'traefik.http.routers.mysql.tls=true'
      - 'traefik.http.routers.mysql.tls.certresolver=leresolver'
    environment:
      MYSQL_ROOT_PASSWORD: root_password
      MYSQL_DATABASE: database_name
      MYSQL_USER: user_name
      MYSQL_PASSWORD: password
    volumes:
      - mysql-volume:/var/lib/mysql
      
  php-apache:
    build: ./php-apache
    image: image-php-apache-proxy:v.1.0
    container_name: container-php-apache-proxy
    restart: always
    networks:
      - proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.services.php-apache.loadbalancer.server.port=80'
      - 'traefik.http.routers.php-apache.rule=Host(`www.blog.localhost`)'
      - 'traefik.http.routers.php-apache.entrypoints=websecure'
      - 'traefik.http.routers.php-apache.tls=true'
      - 'traefik.http.routers.php-apache.tls.certresolver=leresolver'
    user: ${CURRENT_UID}
    depends_on:
      - mysql
    volumes:
      - ./volumes/data-php:/var/www/html
      - ./volumes/data-php-config/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
      
  phpmyadmin:
    build: ./phpmyadmin
    image: image-phpmyadmin-proxy:v.1.0
    container_name: container-phpmyadmin-proxy
    restart: always
    networks:
      - proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.services.phpmyadmin.loadbalancer.server.port=80'
      - 'traefik.http.routers.phpmyadmin.rule=Host(`www.phpmyadmin.localhost`)'
      - 'traefik.http.routers.phpmyadmin.entrypoints=websecure'
      - 'traefik.http.routers.phpmyadmin.tls=true'
      - 'traefik.http.routers.phpmyadmin.tls.certresolver=leresolver'
    environment:
      PMA_HOST: mysql
    depends_on:
      - mysql

networks:
  proxy:
    name: proxy
    driver: overlay
    attachable: true

volumes:
  traefik-certificates:
    name: traefik-certificates
  mysql-volume:

#
FROM mysql:8.0.30-debian
#
FROM php:7.4-apache
RUN docker-php-ext-install mysqli && docker-php-ext-enable mysqli
#
FROM phpmyadmin:5.2.0
#
FROM traefik:v2.8.4

cd /.../Docker-Wordpress-MySQL-Traefik-01
docker compose down --volumes
docker create network proxy
CURRENT_UID=$(id -u):$(id -g) docker compose up -d --build

Schermata del 2022-09-23 14-33-31
Schermata del 2022-09-23 14-33-311835Ă—393 28.6 KB

Wordpress is installed but it does not work correctly in fact I cannot create the articles. Wordpress tells me that I may be offline. Without Traefik I can create and delete articles.
In your code I find other problems that are not present in my code but I think they can be fixed by adding the missing rules so I am not worried:

  1. Redirect to www
  2. The dashboard is not accessible with test / test
  3. The dashboard is not reachable on https
  4. The certificates are not accessible

See you

CMS: Scarica | WordPress.org Italia

7

Thank you very much, your code is gorgeous. All solved, I had some problems because php plugins were missing, Traefik works perfectly. I haven't had time to try it on the real server yet, but I'll be doing it soon. Everything works perfectly locally. You were number 1!

8

I noticed some differences between your code and mine. Except for the 'providers.docker.network' string that I added, should the other lines of code be added to my code?
I solved with 'providers.docker.network' and with your way of defining the network.

    image: traefik:v2.8.4

    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
      - target: 8080
        published: 8080
        mode: host

    networks:
      - proxy

    command:
      - --providers.docker.network=proxy
      - --entrypoints.traefik.address=:8080
      - --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web

    volumes:
      - traefik-certificates:/certificates

    labels:
      - traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)
      - traefik.http.routers.dashboard.entrypoints=traefik

networks:
  proxy:
    name: proxy
    driver: overlay
    attachable: true

volumes:
  traefik-certificates:
    name: traefik-certificates
9

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.