Plane (Open Issue Tool) under Traefik

Has anyone successfully added Traefik (v3) support to the compose file that is generated by the plane setup script?

I have a server up and running, I have existing services like wordpress, matomo and phpmyadmin successfully working, including https redirect. I want to add the plane tool as well, in parallel, but I can seem to get it working properly.

I do seem to get a https redirect to some aspect of the server, as a webpage loads with a spinning icon appears that can only come from the above tool.

This is typically what I add the the web app in the compose file, it is obviously lifted from what I have working for my wordpress instances:

networks:
  - traefik
labels:
  # The labels are usefull for Traefik only
  - "traefik.enable=true"
  - "traefik.docker.network=traefik"
  # Get the routes from http
  - "traefik.http.routers.plane.rule=Host(`${PLANE_DOMAIN}`)"
  - "traefik.http.routers.plane.entrypoints=web"
  # Redirect these routes to https
  - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
  - "traefik.http.routers.plane.middlewares=redirect-to-https@docker"
  # Get the routes from https
  - "traefik.http.routers.plane-secured.rule=Host(`${PLANE_DOMAIN}`)"
  - "traefik.http.routers.plane-secured.entrypoints=web-secure"
  # Apply autentificiation with http challenge
  - "traefik.http.routers.plane-secured.tls=true"
  - "traefik.http.routers.plane-secured.tls.certresolver=myhttpchallenge"

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

Check simple Traefik example for some simplifications, like setting http-to-https redirect globally on web entrypoint and TLS globally on websecure entrypoint.

Check browsers developer tools network tab to see what URLs it's trying to load.

This is my treafik config, I have checked that the domain name can be served with wordpress first. The traefik dashboard suggests that the domain name is successful

version: "3.8"

networks:
    # Allow the use of traefik in other docker-compose.yml files
    traefik:
        external: true

services:

  traefik:
    image: "traefik:v2.10"
#     image: "traefik:latest"
    container_name: "traefik"
    restart: always
    logging:
      # Configure the logs retention according to your needs
      options:
        max-size: "10m"
        max-file: "3"
    env_file:
      - ./.env
    command:
      # Only for development environment
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      # Get Docker as the provider
      - "--providers.docker=true"
      # Avoid that all containers are exposed
      - "--providers.docker.exposedbydefault=false"
      # Settle the ports for the entry points
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web-secure.address=:443"
      # Settle the autentification method to http challenge
      - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
      - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
      # Uncomment this to get a fake certificate when testing
      #- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      # Settle letsencrypt as the certificate provider
      - "--certificatesresolvers.myhttpchallenge.acme.email=${USER_MAIL}"
      - "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
      - "--entryPoints.smtp.address=:25"
      - "--entryPoints.smtp-ssl.address=:465"
      - "--entryPoints.imap-ssl.address=:993"
      - "--entryPoints.sieve.address=:4190"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
      - "25:25"
      - "465:465"
      - "993:993"
      - "4190:4190"
    networks:
      - "traefik"
    volumes:
      # Store certificates in ./letsencrypt/acme.json
      - "./letsencrypt:/letsencrypt"
      # Connect to Doker socket
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  inner-whoami:
    image: "containous/whoami"
    container_name: "inner-whoami"
    logging:
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - "traefik"
    env_file:
      - ./.env
    labels:
      - "traefik.enable=true"
      # Get the routes from http
      - "traefik.http.routers.inner-whoami.rule=Host(`${INNER_WHOAMI_URL}`)"
      - "traefik.http.routers.inner-whoami.entrypoints=web"
      # Redirect these routes to https
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.inner-whoami.middlewares=redirect-to-https@docker"
      # Get the routes from https
      - "traefik.http.routers.inner-whoami-secured.rule=Host(`${INNER_WHOAMI_URL}`)"
      - "traefik.http.routers.inner-whoami-secured.entrypoints=web-secure"
      # Apply autentificiation with http challenge
      - "traefik.http.routers.inner-whoami-secured.tls=true"
      - "traefik.http.routers.inner-whoami-secured.tls.certresolver=myhttpchallenge"

Check browsers developer tools network tab to see what URLs the page with the spinning wheel is trying to load.

Why didn't I think of that?

OK it looks like it is a strict-origin-when-cross-origin problem

plane is built on django so it uses CORS_ALLOWED_ORIGINS I have set it as per instructions but it looks like I'll have to go back to those guys and see if anyone has solved it there.

I tried to add in the CORS header middleware as per CORS Headers I still am stuck with strict-origin-when-cross-origin problems

Nice to know the error, but

check browsers developer tools network tab to see what URLs the page with the spinning wheel is trying to load.

Is it changing the domain?

I'm trying this as well.

Sorry I have moved back to their forum, as i was not sure all the things that needed to be exposed. I am trying to capture the feedback in this github discussion:

However I am struggling to get them to respond. My current thinking is that it is CORS related. It is not clear to me how to set that up, is it for one app, or do all the apps needs to be setup for CORS.

I have also asked them is it possible to disable CORS for debug purposes.

Looked at it (doc), but it feels really strange to download a shell script to download a compose file that downloads a bunch of images, of which most fail:

Installing Plane..........
[+] Pulling 10/10
 ✔ beat-worker Skipped - Image is already being pulled by api                                                       0.0s 
 ✔ worker Skipped - Image is already being pulled by api                                                            0.0s 
 ✔ migrator Skipped - Image is already being pulled by api                                                          0.0s 
 ✘ proxy Error                                                                                                      1.2s 
 ✘ plane-db Error                                                                                                   1.2s 
 ✘ api Error                                                                                                        1.2s 
 ✘ plane-redis Error                                                                                                1.2s 
 ✘ web Error                                                                                                        1.2s 
 ✘ space Error                                                                                                      1.2s 
 ✘ plane-minio Error                                                                                                1.2s 
Error response from daemon: manifest for makeplane/plane-proxy:master not found: manifest unknown: manifest unknown

I don't know what is happening there, i think they did a new release over the past day or two. I have successfully downloaded all of them about a week ago and have a running system accessable as localhost, it is exposing it via traefik is the last hurdle.

Totally agree on the setup to docker-compose, I haven't seen it any where else, but (I think) once setup the first time you can use it like a standard docker-compose file.