I had a working wordpress configuration until I added LE SSL encryption.
Reviewing traaefik logs I found:
msg="http: TLS handshake error from 104.237.147.18:61000: EOF"
Since LE SSL is working on single tier static pages web1, web2 and whoami I am assuming that for some reason traefik wants wants encryption between webserver, database and PHP.
How do I correct this internal communication error.
version: "3.3"
services:
traefik:
image: "traefik:v2.10"
container_name: "traefik"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.auth.basicauth.users=user1:$$.........,user2:$$.........."
- "traefik.http.routers.traefik.rule=Host(`traefik.MyDomain.com`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
command:
- "--api.dashboard=true"
- "--log.level=DEBUG"
#- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=postmaster@MyDomain.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- CLOUDFLARE_EMAIL=MyAddres@gmail.com
- CLOUDFLARE_DNS_API_TOKEN=jSk.....
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.MyDomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
web1:
image: nginx:latest
container_name: "web1"
labels:
- "traefik.enable=true"
- "traefik.http.routers.web1.rule=Host(`web1.MyDomain.com`)"
- "traefik.http.routers.web1.entrypoints=websecure"
- "traefik.http.routers.web1.tls.certresolver=myresolver"
volumes:
- ./index1.html:/var/www/websites/index.html
- ./default.conf:/etc/nginx/conf.d/default.conf
web2:
image: nginx:latest
container_name: "web2"
labels:
- "traefik.enable=true"
- "traefik.http.routers.web2.rule=Host(`web2.MyDomain.com`)"
- "traefik.http.routers.web2.entrypoints=websecure"
- "traefik.http.routers.web2.tls.certresolver=myresolver"
volumes:
- ./index2.html:/var/www/websites/index.html
- ./default.conf:/etc/nginx/conf.d/default.conf
nginx:
image: nginx:latest
container_name: web-serv
labels:
- "traefik.enable=true"
- "traefik.http.routers.web.rule=Host(`web.MyDomain.com`)"
- "traefik.http.routers.web.entrypoints=websecure"
- "traefik.http.routers.web.tls.certresolver=myresolver"
# ports:
# - 80:80
# - 443:443
volumes:
- ./wordpress:/var/www/wordpress
- ./websites:/var/www/websites
- ./conf.d:/etc/nginx/conf.d
mysql:
image: mysql:latest
container_name: db-serv
environment:
MYSQL_DATABASE: wpdb
MYSQL_USER: wpuser
MYSQL_PASSWORD: ..........
MYSQL_ROOT_PASSWORD: ..........
volumes:
- ./dbdata:/var/lib/mysql
php-fpm:
image: bitnami/php-fpm:latest
container_name: php-fpm
volumes:
- ./wordpress:/var/www/wordpress
ssh-serv:
image: debian:bookworm-slim
container_name: ssh-serv
tty: true # keep container running
ports:
- 2222:22
volumes:
- ./wordpress:/var/www/wordpress
volumes:
dbdata:
wordpress:
websites:
conf.d:
logs:
name: "Traefik_logs"