Traefik as proxy and TLS terminator: NoGo with Wordpress - Go with WhoamI

Hi,
First post here and after some searching It seems other users have some troubles getting Trafik V2 and Worpress working together... Hope this formum can help me

Setup:
Docker (19.03.05) & Docker-compose ( 1.24.1) on a debian based system behind a pfsense firewall. Using Dynamic DNS via DuckDNS.org. The idea is to host my blog (wordpress) on my own hardware, so ik created a webstack via a docker compose file. Traefik will take care of the LE certificates and TLS termination.

On my pfsense I create to rules to forward port 80 (https) and 443 (https) to the host running docker.

Docker compose file:

version: '3.6'

networks:
  web:
   external: true
internal:
    external: false

services:

  db:
    image: mariadb:10.4.8
    container_name: db
    restart: always
    volumes:
    - /DataDisk/webstack/db:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: somepassword
      MYSQL_DATABASE: blogsite
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
    networks:
    - internal

  adminer:
   depends_on:
     - db
   image: adminer:latest
   container_name: adminer
   networks:
     - internal
   ports:
     - "12322:8080"
   labels:
    - "traefik.enable=false"

  whoami:
   image: containous/whoami:latest
   container_name: whoami
   networks:
     - web
   labels:
    - "traefik.enable=true"
    - "traefik.http.middlewares.whoami-https.redirectscheme.scheme=https"
    - "traefik.http.routers.whoami-http.entrypoints=web"
    - "traefik.http.routers.whoami-http.rule=Host(`on4crmblog.duckdns.org`)"

    - "traefik.http.routers.whoami-http.middlewares=whoami-https@docker"

    - "traefik.http.routers.whoami.entrypoints=websecure"
    - "traefik.http.routers.whoami.rule=Host(`on4crmblog.duckdns.org`)"
    - "traefik.http.routers.whoami.tls.certresolver=le"

  wp:
   depends_on:
    - db
   image: wordpress:latest
   container_name: wp
   volumes:
    - /DataDisk/webstack/web:/var/www/html
   environment:
     WORDPRESS_DB_HOST: db:3306
     WORDPRESS_DB_NAME: blogsite
     WORDPRESS_DB_USER: wordpress
     WORDPRESS_DB_PASSWORD: wordpress
   networks:
     - web
     - internal
   labels:
     - "traefik.enable=true"
     - "traefik.http.services.wp-http.loadbalancer.server.port=80"
     - "traefik.http.middlewares.wp-https.redirectscheme.scheme=https"
     - "traefik.http.middelwares.wp-https.redirectscheme.permanent=true"
     - "traefik.http.routers.wp-http.entrypoints=web"
     - "traefik.http.routers.wp-http.rule=Host(`on4crm.duckdns.org`)"
     - "traefik.http.routers.wp-http.middlewares=wp-https@docker"
     - "traefik.http.routers.wp.rule=Host(`on4crm.duckdns.org`)"
     - "traefik.http.routers.wp.entrypoints=websecure"
     - "traefik.http.routers.wp.tls.certresolver=le"

  proxy:
    image: "traefik:2.0.5"
    container_name: "traefik"
    hostname: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--log.filePath=/log/traefik.json"
      - "--log.format=json"

      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"

      - "--certificatesresolvers.le.acme.dnschallenge=true"
      - "--certificatesresolvers.le.acme.dnschallenge.provider=duckdns"
      - "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.le.acme.email=democles9308@gmail.com"
      - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"

    environment:
      - DUCKDNS_TOKEN= xxxx-myDNSTOKEN-xxxx
      - "TZ=Europe/Brussels"

    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"

    volumes:
      - /DataDisk/traefik/letsencrypt:/letsencrypt
      - /DataDisk/traefik/log:/log
      - /var/run/docker.sock:/var/run/docker.sock:ro

    networks:
      - web
      - internal

This config is based on the provided example in the doc. All goes well for the Whoami I ( when visiting http(s)://on4crmblog.duckdns.org I got the info from the whoamI).
When visiting the http(s)://on4crm.duckdns.org to access my blog I don't get anything but a 404

The url stored at the Wp database are the ip of the host running docker

did you add the required section to the wp-config.php file (to allow it to run behind a rev-proxy): https://wordpress.org/support/article/administration-over-ssl/#using-a-reverse-proxy

@danielb,

Thanks for your quick reply. I do think so as wp-config.php contains per default:

// If we're behind a proxy server and using HTTPS, we need to alert Wordpress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
        $_SERVER['HTTPS'] = 'on';
}

I do not even reach the overall WP startscreen...
I think I must add the duckdns.org entries into my host file and have them pointing to the docker host ip. I'll try this and come back with positive results....

Hi all, some positive update.

To start from a 'clean start', I deleted the contents of my /web and /db folders on the host.
I added the following entry to my /etc/host on the docker-host.

127.0.0.1 localhost.localdomain localhost

172.16.41.2 proxmox.homenet.be proxmox pvelocalhost
172.16.41.2 on4crm.duckdns.org on4crmblog.duckdns.org

I fired up my docker-compose.yml and waited some time to have the containers installed.
Via my browser I got to http://on4crm.duckdns.org and I got the WP screen to start the installation.
I finished the install and got my blanco site. Yes!!

Via adminer I could see that in the wp_options table the home (url) and siteurl were set to https://on4crm.duckdns.org.

The only solution I now have to find is how to get access to the blog from my internal lan... via http://172.16.41.2:some port