Traefik as proxy and TLS terminator: NoGo with Wordpress - Go with WhoamI

Traefik Traefik v2
1

Hi,
First post here and after some searching It seems other users have some troubles getting Trafik V2 and Worpress working together... Hope this formum can help me

Setup:
Docker (19.03.05) & Docker-compose ( 1.24.1) on a debian based system behind a pfsense firewall. Using Dynamic DNS via DuckDNS.org. The idea is to host my blog (wordpress) on my own hardware, so ik created a webstack via a docker compose file. Traefik will take care of the LE certificates and TLS termination.

On my pfsense I create to rules to forward port 80 (https) and 443 (https) to the host running docker.

Docker compose file:

version: '3.6'

networks:
  web:
   external: true
internal:
    external: false

services:

  db:
    image: mariadb:10.4.8
    container_name: db
    restart: always
    volumes:
    - /DataDisk/webstack/db:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: somepassword
      MYSQL_DATABASE: blogsite
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
    networks:
    - internal

  adminer:
   depends_on:
     - db
   image: adminer:latest
   container_name: adminer
   networks:
     - internal
   ports:
     - "12322:8080"
   labels:
    - "traefik.enable=false"

  whoami:
   image: containous/whoami:latest
   container_name: whoami
   networks:
     - web
   labels:
    - "traefik.enable=true"
    - "traefik.http.middlewares.whoami-https.redirectscheme.scheme=https"
    - "traefik.http.routers.whoami-http.entrypoints=web"
    - "traefik.http.routers.whoami-http.rule=Host(`on4crmblog.duckdns.org`)"

    - "traefik.http.routers.whoami-http.middlewares=whoami-https@docker"

    - "traefik.http.routers.whoami.entrypoints=websecure"
    - "traefik.http.routers.whoami.rule=Host(`on4crmblog.duckdns.org`)"
    - "traefik.http.routers.whoami.tls.certresolver=le"

  wp:
   depends_on:
    - db
   image: wordpress:latest
   container_name: wp
   volumes:
    - /DataDisk/webstack/web:/var/www/html
   environment:
     WORDPRESS_DB_HOST: db:3306
     WORDPRESS_DB_NAME: blogsite
     WORDPRESS_DB_USER: wordpress
     WORDPRESS_DB_PASSWORD: wordpress
   networks:
     - web
     - internal
   labels:
     - "traefik.enable=true"
     - "traefik.http.services.wp-http.loadbalancer.server.port=80"
     - "traefik.http.middlewares.wp-https.redirectscheme.scheme=https"
     - "traefik.http.middelwares.wp-https.redirectscheme.permanent=true"
     - "traefik.http.routers.wp-http.entrypoints=web"
     - "traefik.http.routers.wp-http.rule=Host(`on4crm.duckdns.org`)"
     - "traefik.http.routers.wp-http.middlewares=wp-https@docker"
     - "traefik.http.routers.wp.rule=Host(`on4crm.duckdns.org`)"
     - "traefik.http.routers.wp.entrypoints=websecure"
     - "traefik.http.routers.wp.tls.certresolver=le"

  proxy:
    image: "traefik:2.0.5"
    container_name: "traefik"
    hostname: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--log.filePath=/log/traefik.json"
      - "--log.format=json"

      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"

      - "--certificatesresolvers.le.acme.dnschallenge=true"
      - "--certificatesresolvers.le.acme.dnschallenge.provider=duckdns"
      - "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.le.acme.email=democles9308@gmail.com"
      - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"

    environment:
      - DUCKDNS_TOKEN= xxxx-myDNSTOKEN-xxxx
      - "TZ=Europe/Brussels"

    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"

    volumes:
      - /DataDisk/traefik/letsencrypt:/letsencrypt
      - /DataDisk/traefik/log:/log
      - /var/run/docker.sock:/var/run/docker.sock:ro

    networks:
      - web
      - internal

This config is based on the provided example in the doc. All goes well for the Whoami I ( when visiting http(s)://on4crmblog.duckdns.org I got the info from the whoamI).
When visiting the http(s)://on4crm.duckdns.org to access my blog I don't get anything but a 404

The url stored at the Wp database are the ip of the host running docker

2

did you add the required section to the wp-config.php file (to allow it to run behind a rev-proxy): https://wordpress.org/support/article/administration-over-ssl/#using-a-reverse-proxy

3

@danielb,

Thanks for your quick reply. I do think so as wp-config.php contains per default:

// If we're behind a proxy server and using HTTPS, we need to alert Wordpress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
        $_SERVER['HTTPS'] = 'on';
}

I do not even reach the overall WP startscreen...
I think I must add the duckdns.org entries into my host file and have them pointing to the docker host ip. I'll try this and come back with positive results....

4

Hi all, some positive update.

To start from a 'clean start', I deleted the contents of my /web and /db folders on the host.
I added the following entry to my /etc/host on the docker-host.

127.0.0.1 localhost.localdomain localhost

172.16.41.2 proxmox.homenet.be proxmox pvelocalhost
172.16.41.2 on4crm.duckdns.org on4crmblog.duckdns.org

I fired up my docker-compose.yml and waited some time to have the containers installed.
Via my browser I got to http://on4crm.duckdns.org and I got the WP screen to start the installation.
I finished the install and got my blanco site. Yes!!

Via adminer I could see that in the wp_options table the home (url) and siteurl were set to https://on4crm.duckdns.org.

The only solution I now have to find is how to get access to the blog from my internal lan... via http://172.16.41.2:some port