I can't use Traefik with PHP

Traefik Traefik v2 (latest)
,
1

I tried to add Traefik to my Java container and I couldn't do it so I tried a different service, PHP to be precise, and I got the same negative result.

What I wrote:

version: "3.9"

services:
  traefik:
    build: ./traefik
    image: image-traefik-eb:v.1.0
    container_name: container-traefik-eb
    command:
      - --log.level=INFO
      - --api.insecure
      - --api.dashboard
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certresolver=leresolver
      - --certificatesresolvers.leresolver.acme.tlsChallenge=true
      - --certificatesresolvers.leresolver.acme.email=myemail@example.com
      - --certificatesresolvers.leresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./volumes/data-letsencrypt/:/letsencrypt
    ports:
      - 8080:8080
      - 80:80
      - 443:443

  php:
    build: ./php-apache
    image: image-php-eb:v.1.0
    container_name: container-php-eb
    labels:
      traefik.enable: 'true'
      traefik.http.routers.training.rule: Host(`localhost`)
    volumes:
      - type: bind
        source: ./volumes/data-php
        target: /appfolder
    restart: on-failure

FROM php:8.1-apache

FROM traefik:v2.8.0

<!doctype html>
<html lang="it">
<head><title>Ciao Mondo!</title></head>
<body>
<h1>Ciao Mondo!</h1>
<p>Questa &egrave; una semplice pagina PHP statica servita con Let's Encrypt.</p>
<h2>Versione di PHP in uso:</h2>
<?php phpinfo(); ?>
</body>
</html>

What I get:

https://localhost/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.53 (Debian) Server at localhost Port 80</address>
</body></html>

What I would like to achieve:

https://localhost/

<!doctype html>
<html lang="it">
<head><title>Ciao Mondo!</title></head>
<body>
<h1>Ciao Mondo!</h1>
<p>Questa &egrave; una semplice pagina PHP statica servita con Let's Encrypt.</p>
<h2>Versione di PHP in uso:</h2>
<?php phpinfo(); ?>
</body>
</html>
2

Hi @Milano2022,
Thanks for your interest in Traefik.

The routing is working properly as the HTML content you are receiving comes from Apache.
So the issue is not related to Traefik, I would suggest creating an issue in Apache related forums.

Thanks,
Maxence

1 Like
3

Thank you for your interest in my question.

Can you recommend the right forum to ask this question?

Traefik is not used with Java, it is not even used with PHP, so what service is it used with? You system analysts of the forum, what programming tools do you use? Perhaps Traefik is more used by programmers who use C# or ASP. Is it right?

4

Traefik is a reverse proxy and only make request forwarding to any application using HTTP, TCP or UDP protocols. The language used to create the application is up to you and is not important, could be Python, Go, Rust, Java, even a netcat in server mode. Just be sure that the dependencies implementing HTTP protocol are carefully respecting the RFC.

From what you posted, I see that there is a permission error accessing your HTML files in your web server. You have to fix this error in your Apache deployment. It could be a specific Apache configuration or a docker volume lacking rights. I'd suggest to post on StackOverflow, where the community is very active.

Thanks,
Maxence

1 Like
6

I reset everything and now everything works perfectly. Thanks for the support

7

You are welcome.
Glad to see you fixed the problem.

Maxence

1 Like
8

Traefik and you subscribers are magnificent!

9

The script works but there is still a small problem, this time it concerns Traefik.

container-traefik-eb | time="2022-07-08T12:53:38Z" level=info msg="Configuration loaded from flags."
container-traefik-eb | time="2022-07-08T12:53:38Z" level=info msg="Traefik version 2.8.0 built on 2022-06-29T15:43:58Z"
container-traefik-eb | time="2022-07-08T12:53:38Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
container-traefik-eb | time="2022-07-08T12:53:38Z" level=error msg="The ACME resolver \"leresolver\" is skipped from the resolvers list because: unable to get ACME account: open /letsencrypt/acme.json: no such file or directory"
container-traefik-eb | time="2022-07-08T12:53:38Z" level=warning msg="Traefik Pilot is deprecated and will be removed soon. Please check our Blog for migration instructions later this year."
container-traefik-eb | time="2022-07-08T12:53:38Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
container-traefik-eb | time="2022-07-08T12:53:38Z" level=info msg="Starting provider *traefik.Provider"
container-traefik-eb | time="2022-07-08T12:53:38Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
container-traefik-eb | time="2022-07-08T12:53:38Z" level=info msg="Starting provider *docker.Provider"
container-traefik-eb | time="2022-07-08T12:53:39Z" level=error msg="the router websecure-training@docker uses a non-existent resolver: leresolver"

Traefik Pilot is deprecated and will be removed soon. Please check our Blog for migration instructions later this year.

10

It is not an issue, Pilot is just deprecated.
If you want to use plugins, you can just remove the pilot from your configuration.
Is there any other problem?

Maxence

1 Like
11

I have been using Traefik for a few days and I would like to start with something updated. Can you explain me how to update the code please? No, there are no other problems.

12

If you are using v2.8, then you are using the latest version available. Traefik Pilot is deprecated and we just added a warning for now. We are still in the process of replacing Pilot. But you can go with what you are using right now, Pilot was mainly here to add custom plugins.

13

Will the code I use with Traefik 2.9 still work? I'm afraid not.

14

Your problem is not related to pilot.

Your problem is here:

You have to run the following commands (before the start of Traefik):

mkdir -p ./volumes/data-letsencrypt/

echo '{}' > ./volumes/data-letsencrypt/acme.json

Note: . is the current directory so you have to run those commands in the same place as your docker-compose.yml.

1 Like
15

Thank you so much for your support.

If I create the acme.json file, Traefik doesn't fill it. If I delete the file before starting Traefik, the proxy creates the file and writes to it but I can't read it.

container-traefik-eb | time="2022-07-08T15:57:45Z" level=error msg="the router websecure-training@docker uses a non-existent resolver: leresolver"

In your opinion, one of the following approaches may make sense:

Approach 1 (I don't create the volume)

# - ./volumes/data-letsencrypt/:/letsencrypt

Approach 2 (I create the volume and change permissions on the acme.json file)

chmod 777 ./volumes/data-letsencrypt/acme.json

In what cases is it useful to be able to read the acme.json file? When is volume essential and when can it be omitted?

16

none of the two approaches.

the router websecure-training@docker uses a non-existent resolver: leresolver

You have this error because the resolver fails during the creation:

The ACME resolver "leresolver" is skipped from the resolvers list because: ...

so:

  1. the directory data-letsencrypt must exist before the start of Traefik
  2. the direction must be mounted
  3. Traefik will create the acme.json for you.

Let's Encrypt has a rate limit, if you don't mount the letsencrypt directory, Traefik will recreate the certificates each time it restarts and you will hit this rate limitation.

Please read the logs, the errors are in the logs.

note: the perm on the acme.json cannot be 777, it must be related to the user inside the container and be 600.

1 Like
17

Perfect, everything works. I still have 2 questions.

  1. How do I get the log file? Can I add another volume?

  2. How do you use Traefik with many services?

If you prefer I create a new post.

I decided to use Traefik to be able to add different services on the same server. I tried to do this but I get '404 page not found'.

  java:
    build: ./java
    image: image-java-eb:v.1.0
    container_name: container-java-eb
    labels:
      traefik.enable: 'true'
      traefik.http.routers.training.rule: Host(`java.localhost`)
    volumes:
      - ./volumes/data-java:/appfolder
    restart: on-failure

  php:
    build: ./php-apache
    image: image-php-eb:v.1.0
    container_name: container-php-eb
    labels:
      traefik.enable: 'true'
      traefik.http.routers.training.rule: Host(`php.localhost`)
    volumes:
      - ./volumes/data-php:/var/www/html
    restart: on-failure

I also tried this but I always get the same error:

  java:
    build: ./java
    image: image-java-eb:v.1.0
    container_name: container-java-eb
    labels:
      traefik.enable: 'true'
      traefik.http.routers.training.rule: Host(`localhost/java`)
    volumes:
      - ./volumes/data-java:/appfolder
    restart: on-failure

  php:
    build: ./php-apache
    image: image-php-eb:v.1.0
    container_name: container-php-eb
    labels:
      traefik.enable: 'true'
      traefik.http.routers.training.rule: Host(`localhost/php`)
    volumes:
      - ./volumes/data-php:/var/www/html
    restart: on-failure
18

For the logs: Traefik Logs Documentation - Traefik

You cannot use build and image at the same time.

A host is a specific part of an URL, the path is not in the host.

url-constructor-components-10

You have different types of matcher: Traefik Routers Documentation - Traefik

I recommend you to follow some tutorials on Docker, docker-compose, and the basics of networking.

And some tutorials about Traefik itself like this one: Traefik Proxy 2.x and TLS 101 [Updated 2022] | Traefik Labs

1 Like
19

I drop a cornerstone! I've always used 'build' and 'image' together. In the 'image' field I put a fantasy name. I use the 'image' field to name the image of a certain service. This helps me manage images and containers.

Local installation:

cd /home/gi/Dropbox/DOCKER/Docker-Traefik-Php-Java
sudo rm -rf /home/gi/Dropbox/DOCKER/Docker-Traefik-Php-Java/volumes/data-letsencrypt/*
sudo mkdir -p /home/gi/Dropbox/DOCKER/Docker-Traefik-Php-Java/volumes/data-letsencrypt/
sudo echo '{}' > /home/gi/Dropbox/DOCKER/Docker-Traefik-Php-Java/volumes/data-letsencrypt/acme.json
sudo chmod 600 /home/gi/Dropbox/DOCKER/Docker-Traefik-Php-Java/volumes/data-letsencrypt/acme.json
docker ps -a
docker stop container-traefik-eb
docker stop container-java-eb
docker stop container-php-eb
docker rm container-traefik-eb
docker rm container-java-eb
docker rm container-php-eb
docker images
docker rmi image-traefik-eb:v.1.0
docker rmi image-java-eb:v.1.0
docker rmi image-php-eb:v.1.0
docker ps -a
docker images
docker volume ls
docker-compose up --build

Update:

cd /home/gi/Dropbox/DOCKER/Docker-Traefik-Php-Java
docker-compose up --force-recreate

Zeroing:

docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)
docker volume rm $(docker volume ls -q)
docker system prune -y
docker system prune -a -y

I added the log file by looking at your link but I can't find any files after starting my service's containers. I also updated my project by reading the page you indicated but I struggle to understand it in detail because it uses a different standard than the one I am used to. Below is the complete code that always gives the same error (404 page not found).

version: "3.9"

services:
  traefik:
    build: ./traefik
    container_name: container-traefik-eb
    command:
      - --log.level=INFO
      - --log.filePath=/data-log/traefik.log
      - --log.format=json
      - --api.insecure
      - --api.dashboard
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certresolver=leresolver
      - --entrypoints.websecure.http.tls.domains.main=localhost
      - --entrypoints.websecure.http.tls.domains.sans=*.localhost
      - --certificatesresolvers.leresolver.acme.tlsChallenge=true
      - --certificatesresolvers.leresolver.acme.email=localhost@gmail.com
      - --certificatesresolvers.leresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
      - --log.filePath=/traefik-log/traefik.log
      - --log.format=json
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./volumes/data-letsencrypt/:/letsencrypt
      - ./volumes/data-log/:/data-log/
    ports:
      - 8080:8080
      - 80:80
      - 443:443
      
  java:
    build: ./java
    container_name: container-java-eb
    labels:
      traefik.enable: 'true'
      traefik.http.routers.training.rule: Host(`java.localhost`)
      traefik.http.routers.training.tls.certresolver: leresolver
    volumes:
      - ./volumes/data-java:/appfolder
    restart: on-failure

  php:
    build: ./php-apache
    container_name: container-php-eb
    labels:
      traefik.enable: 'true'
      traefik.http.routers.training.rule: Host(`php.localhost`)
      traefik.http.routers.training.tls.certresolver: leresolver
    volumes:
      - ./volumes/data-php:/var/www/html
    restart: on-failure


FROM traefik:v2.8.0

FROM php:8.1-apache

My goal is this post.

20

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.