Traefik and nginx to many redirects

Traefik Traefik v2
1

Hello to all,

im very new in traefik and virtualisation with docker. At this time my VPS with traefik are running very smooth. Traefik hosts 16 webappliaction and its amazing. But often I have problems with the right configuration and complex docker-compose files.

My newest project is to get in touch with wazuh to integrate this in my company. So i want to test the appliacation a little bit.
I tried to modify the offical docker-compose file from wazuh at the nginx part. Here is my actual config:

# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
version: '2'

services:
  wazuh:
    image: wazuh/wazuh:3.13.2_7.9.1
    hostname: wazuh-manager
    restart: always
    ports:
      - "1514:1514/udp"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"

  elasticsearch:
    image: wazuh/wazuh-elasticsearch:3.13.2_7.9.1
    hostname: elasticsearch
    restart: always
    ports:
      - "9200:9200"
    environment:
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
      - ELASTIC_CLUSTER=true
      - CLUSTER_NODE_MASTER=true
      - CLUSTER_MASTER_NODE_NAME=es01
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    mem_limit: 2g

  kibana:
    image: wazuh/wazuh-kibana:3.13.2_7.9.1
    hostname: kibana
    restart: always
    depends_on:
      - elasticsearch
    links:
      - elasticsearch:elasticsearch
      - wazuh:wazuh

  nginx:
    image: wazuh/wazuh-nginx:3.13.2_7.9.1
    hostname: nginx
    restart: always
    environment:
      - NGINX_PORT=443
      - NGINX_CREDENTIALS
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wazuh-web.entrypoints=http"
      - "traefik.http.routers.wazuh-web.rule=Host(`domain.tld`)" 
      - "traefik.http.middlewares.wazuh-web-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.wazuh-web.middlewares=wazuh-web-https-redirect"
      - "traefik.http.routers.wazuh-web-secure.entrypoints=https"
      - "traefik.http.routers.wazuh-web-secure.rule=Host(`domain.tld`)"
      - "traefik.http.routers.wazuh-web-secure.tls=true"
      - "traefik.http.routers.wazuh-web-secure.tls.certresolver=http"
      - "traefik.http.routers.wazuh-web-secure.service=wazuh-web"
      - "traefik.http.services.wazuh-web.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.wazuh-web-secure.middlewares=secHeaders@file"
    ports:
      - "8080:80"
      - "8443:443"
    depends_on:
      - kibana
    links:
      - kibana:kibana
    networks:
      - default
      - proxy
networks:
   proxy:
      external: true

In this configuration you can see, that i changed the ports of the nginx container from 80 and 443 to 8080 and 8443 to get to problems with traefik because he is also listen on it. As my understanding traefik.http.services.wazuh-web.loadbalancer.server.port=80 will contact the nginx container on port 80 (so still inside of the container). But with this configuration i get an error "to many redirects". I also tried to change the loadbalancer port to 443 because nginx is also listen on 443. With this i get an error with the message "The plain HTTP request was sent to HTTPS port" so this also works not. I finaly try to change the loadbalancer port to 8080 or 8443, so at this point i get an error directly from traefik with "bad gateway".
Maybe there is only one thing that i dont understand correctly, maybe im to dumb to config this right.

Hopefully anyone can help me with this.
Have a nice evening
greetings
Phil

2

I think that the redirect is coming from wazuh-nginx, you need to find out and understand why.

3

Okay, that seems to be right. But is my understanding (write above) how traefik loadbalancer works right?

4

Yes this is correct. The port you specify is what traefik uses when connecting to the container.