I've two containers setup from separate docker-compose.yml files.
Traefik:
version: "3.3"
services:
traefik:
image: "traefik:v2.3"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--api=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=MY@EMAIL.COM"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
networks:
- web
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`monitor.MYDOMAIN.COM`)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.tls.certresolver=myresolver"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.docker.network=web"
- "traefik.http.middlewares.auth.basicauth.users=USER:PASS"
networks:
web:
external: true
And strapi:
version: '3'
services:
strapi:
image: strapi/strapi
environment:
DATABASE_CLIENT: mongo
DATABASE_NAME: strapi
DATABASE_HOST: mongo
DATABASE_PORT: 27017
DATABASE_USERNAME: strapi
DATABASE_PASSWORD: strapi
links:
- mongo:mongo
volumes:
- ./app:/srv/app
ports:
- "1337:1337"
labels:
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.basic.port=1337"
- "traefik.basic.protocol=https"
- "traefik.http.routers.strapi.rule=Host(`cms.MYDOMAIN.COM`)"
- "traefik.http.routers.strapi.entrypoints=websecure"
- "traefik.http.routers.strapi.tls.certresolver=myresolver"
- "traefik.tcp.routers.strapi.tls.passthrough=true"
networks:
- web
mongo:
image: mongo
environment:
MONGO_INITDB_ROOT_USERNAME: USER
MONGO_INITDB_ROOT_PASSWORD: PASS
volumes:
- ./data/db:/data/db
ports:
- '27017:27017'
networks:
- web
labels:
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.basic.port=27017"
- "traefik.basic.protocol=http"
networks:
web:
external: true
Everything works fine (correct certificates, connection via https) until I try to set a secure cookie from strapi. Than I have following error:
strapi_1_8d6726e61bc7 | [2021-01-17T17:09:24.915Z] error Error: Cannot send secure cookie over unencrypted connection
strapi_1_8d6726e61bc7 | at Cookies.set (/srv/app/node_modules/cookies/index.js:94:11)
strapi_1_8d6726e61bc7 | at Object.callback (/srv/app/extensions/users-permissions/controllers/Auth.js:136:21)
strapi_1_8d6726e61bc7 | at async /srv/app/node_modules/strapi/lib/middlewares/router/utils/routerChecker.js:79:22
strapi_1_8d6726e61bc7 | at async module.exports (/srv/app/extensions/users-permissions/config/policies/permissions.js:88:3)
strapi_1_8d6726e61bc7 | at async /srv/app/node_modules/strapi-utils/lib/policy.js:68:5
strapi_1_8d6726e61bc7 | at async /srv/app/node_modules/strapi/lib/middlewares/parser/index.js:48:23
strapi_1_8d6726e61bc7 | at async /srv/app/node_modules/strapi/lib/middlewares/xss/index.js:26:9
Is there any solution for this?
I feel stupid now, but adding "proxy:true" to strapi configuration fixed the problem 