Hello, I run 1-2 MSSQL databases in Docker on a VServer.
These are not that important, but security should not be taken lightly.
These are currently running alongside Traefik, so I would like Traefik to secure this connection for me.
I read here in the forum that the attitude
"traefik.tcp.routers.mssql.tls=true" should be switched off. Because the client encrypts its data itself.
I still can't connect to the database
Here my files:
docker-compose.yml from Traefik:
version: "3.3"
volumes:
letsencrypt-data:
driver: local-persist
driver_opts:
mountpoint: ${CONTAINERVOLUMES}/letsencrypt
services:
traefik:
image: "traefik:v2.6"
container_name: ${COMPOSE_PROJECT_NAME}
command:
- "--api=true"
- "--api.dashboard=true"
- "--log.level=INFO"
- "--accesslog=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.mssql.address=:1433"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=${LETSENCRYPT_EMAIL}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/${COMPOSE_PROJECT_NAME}.json"
ports:
- "80:80"
- "443:443"
- "1433:1433"
volumes:
- letsencrypt-data:/letsencrypt
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- "${PROXY_NETWORK}"
- "default"
labels:
- traefik.enable=true
# Routers
- traefik.http.routers.http-catchall.entrypoints=web
- traefik.http.routers.http-catchall.middlewares=redirect-to-https
- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
- traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=${HOSTRULE}
- traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure
- traefik.http.routers.${COMPOSE_PROJECT_NAME}.service=api@internal
- traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=myresolver
- traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=${COMPOSE_PROJECT_NAME}_Auth
- traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Auth.basicauth.removeheader=true
# Passwort beachten - $ muss mit einen 2ten $ versehen werden
- traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Auth.basicauth.users= - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
networks:
traefik_proxy:
external:
name: ${PROXY_NETWORK}
default:
driver: bridge
docker-compose.yml from MSSQL
version: "3.7"
volumes:
mssql-data:
driver: local-persist
driver_opts:
mountpoint: ${CONTAINERVOLUMES}/mssql/datenbank
mssql-backup:
driver: local-persist
driver_opts:
mountpoint: ${CONTAINERVOLUMES}/mssql/backup
services:
db:
container_name: JTL-${COMPOSE_PROJECT_NAME}-2017
image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
user: root
labels:
- traefik.tcp.services.mssql.loadbalancer.server.port=${SQL_PORT}
- traefik.tcp.routers.mssql.entrypoints=mssql
- traefik.tcp.routers.mssql.rule=${HOST}
- traefik.tcp.routers.mssql.service=mssql
environment:
ACCEPT_EULA: Y
MSSQL_SA_PASSWORD: ${MSSQL_ROOT_PASSWORD}
# "Developer" or "Express" or "Standard"
MSSQL_PID: Developer
MSSQL_LCID: 1031
MSSQL_COLLATION: Latin1_General_CI_AS
TZ: Europe/Berlin
MSSQL_DATA_DIR: /var/opt/mssql/data
MSSQL_LOG_DIR: /var/opt/mssql/log
# ports:
# - ${SQL_PORT}:1433
# - ${SQL_PORT2}:1433
volumes:
- mssql-data:/var/opt/mssql
- mssql-backup:/backup
backup:
container_name: JTL-${COMPOSE_PROJECT_NAME}-Backup
image: bbtsoftwareag/mssql-backup
# for using the cleanup feature, use the backup volume from db.
volumes:
- mssql-backup:/backup
environment:
TZ: Europe/Berlin
DB_SERVER: db
DB_USER: SA
DB_PASSWORD: ${MSSQL_ROOT_PASSWORD}
DB_NAMES: eazybusiness
BACKUP_AGE: 2
CRON_SCHEDULE: 00 06,12,18 * * *
networks:
- default