Here are the files
# Dockerfile.traefik
FROM traefik:v2.3
COPY ./traefik.prod.toml ./etc/traefik/traefik.toml
# Dockerfile.prod
FROM python:3.10
WORKDIR /app
#
COPY . /app
# set env variables
ENV PYTHONDONTWRITEBYTECODE=1 PYTHONUNBUFFERED=1
#
RUN python -m pip install --upgrade pip
RUN pip install --no-cache-dir --upgrade -r /app/requirements.txt
RUN chmod 600 /app/traefik-public-certificates/acme.json
# traefik.prod.toml
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[accessLog]
[api]
dashboard = true
[providers]
[providers.docker]
exposedByDefault = false
[certificatesResolvers.letsencrypt.acme]
email = "myemail@domain.com"
storage = "/certificates/acme.json"
[certificatesResolvers.letsencrypt.acme.httpChallenge]
entryPoint = "web"
# docker-compose.prod.yml
version: '3.8'
services:
web:
tty: true
build:
context: .
dockerfile: Dockerfile.prod
expose:
- 80
environment:
- LHMS_SECRET
- LHMS_ALGORITHM
- LHMS_KEY
volumes:
- .:/app
labels:
- "traefik.enable=true"
- "traefik.http.routers.fastapi.rule=Host(`fastapi.canyoutest.me`)"
- "traefik.http.routers.fastapi.tls=true"
- "traefik.http.routers.fastapi.tls.certresolver=letsencrypt"
- "traefik.docker.network=traefik-public"
- "traefik.port=80"
networks:
- traefik-public
traefik:
build:
context: .
dockerfile: Dockerfile.traefik
ports:
- 80:80
- 443:443
environment:
- TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_STORAGE=/certificates/acme.json
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik-public-certificates:/certificates"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`dashboard-fastapi.canyoutest.me`)"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.docker.network=traefik-public"
networks:
- traefik-public
volumes:
traefik-public-certificates:
certificates:
networks:
traefik-public:
external: true
Finally, I issue
docker-compose -f docker-compose.prod.yaml up -d --build
the two containers are up and running:
this works: https://dashboard-fastapi.canyoutest.me/dashboard/#/
this doesn't work and results with 404 page not found: https://www.fastapi.canyoutest.me/docs
Ports opened on the ubuntu server:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 0.0.0.0:80 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 4096 0.0.0.0:443 0.0.0.0:*
LISTEN 0 511 127.0.0.1:45959 0.0.0.0:*
LISTEN 0 4096 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 4096 [::]:443 [::]:*
I run custom-api with fastAPI and using DO droplet ubuntu server. canyoutest.me is a testing domain and all the DNS A records are created and pingable.
Some ideas/advice on what's wrong with my configuration?