Hello
I have a dev setup that runs in docker-compose, all the sites are hidden behind traefik reverse proxy so that I can show the sites to my clients before I move them to the production server.
I now have a site that needs to run a 'cron job' it needs to trigger cron.php and normally I would do this by wget, but wget gets "Connection refused"
-- IP and site URL have been masked
wget https://sp.website.dk
--2023-02-10 17:06:19-- https://sp.website.dk/
Resolving sp.website.dk (sp.website.dk)... x.x.x.x (Public ip)
Connecting to sp.website.dk (sp.website.dk)|x.x.x.x(Public ip)|:443... connected.
GnuTLS: The TLS connection was non-properly terminated.
Unable to establish SSL connection.
This happens for all my docker containers.
When I run the same command from WSL or any other system it works:
wget https://sp.website.dk
--2023-02-10 18:08:18-- https://sp.website.dk/
Resolving sp.website.dk (sp.website.dk)... x.x.x.x(Public ip)
Connecting to sp.website.dk (sp.website.dk)|x.x.x.x(Public ip)|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://sp.website.dk/da/ [following]
--2023-02-10 18:08:19-- https://sp.website.dk/da/
Reusing existing connection to sp.website.dk:443.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’
index.html [ <=> ] 70.74K --.-KB/s in 0.006s
2023-02-10 18:08:19 (11.9 MB/s) - ‘index.html’ saved [72436]
Ping works from all locations.
Traefic config:
version: "3.3"
services:
traefik:
image: "traefik:v2.9.1"
container_name: "traefik"
restart: always
command:
- "--log.level=DEBUG"
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls.domains[0].main=website.dk"
- "--entrypoints.websecure.http.tls.domains[1].sans=*.website.dk"
- "--entrypoints.websecure.http.tls.domains[2].sans=*.db.website.dk"
- "--entrypoints.websecure.http.tls.domains[3].sans=*.pest.db.website.dk"
- "--entrypoints.websecure.http.tls.domains[4].sans=*.pest.website.dk"
- "--entrypoints.websecure.http.tls.domains[5].sans=*.influx.website.dk"
- "--entrypoints.websecure.http.tls.certresolver=myresolver"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.myresolver.acme.email=website@email.dk"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--entrypoints.db.address=:3306"
environment:
- "CF_API_EMAIL=my@email.dk"
- "CF_API_KEY=someGreatAPIKey"
ports:
- "80:80"
- "443:443"
# - "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.http.middlewares.auth-traefik-dashboard.basicauth.users=myUser:someVeryGreatPassword"
- "traefik.http.routers.traefik-dashboard.middlewares=auth-traefik-dashboard"
- "traefik.enable=true"
- "traefik.http.routers.traefik-dashboard.rule=Host(`t.website.dk`)"
- "traefik.http.routers.traefik-dashboard.service=traefik-dashboard"
- "traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080"
#
#network:
# traefik_default:
Docker composer file:
version: '3.8'
services:
http:
container_name: $name
hostname: $name.website.dk
restart: unless-stopped
build:
dockerfile: ./Dockerfile # this line is actually redundant here - you need it only if you want to use some custom name for your Dockerfile
context: ./xdebug # a path to a directory containing a Dockerfile, or a url to a git repository
# logging:
# driver: none
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_default"
- "traefik.http.routers.$name-secure.entrypoints=websecure"
- "traefik.http.routers.$name-secure.rule=Host(`$name.website.dk`)"
depends_on:
- db
volumes:
- './src:/var/www/html'
- './xdebug/conf.d:/usr/local/etc/php/conf.d'
# - type: bind
# source: './xdebug/files-to-copy/usr/local/etc/php/conf.d/xdebug.ini'
# target: '/usr/local/etc/php/conf.d/xdebug.ini'
# - ' ${PWD}./xdebug/files-to-copy/usr/local/etc/php/conf.d/xdebug.ini:/usr/local/etc/php/conf.d/xdebug.ini'
networks:
- backend-wpd
- traefik_default
extra_hosts:
- "${name}.website.dk:x.x.x.x"
db:
#container_name: mysql-wpd
image: mysql:8.0.20
command: --default-authentication-plugin=mysql_native_password
restart: unless-stopped
# logging:
# driver: none
cap_add:
- SYS_NICE # CAP_SYS_NICE
environment:
#MYSQL_RANDOM_ROOT_PASSWORD: '1' # You can use this instead of the option right above if you do not want to be able login to MySQL under root
MYSQL_ROOT_PASSWORD: SomeGreatPassword
MYSQL_DATABASE: $name
MYSQL_USER: karlog
MYSQL_PASSWORD: SomeGreatPassword
# ports:
# - "9$port:3306" # I prefer to keep the ports available for external connections in the Development environment to be able to work with the database
# from programs like e.g. HeidiSQL on Windows or DBeaver on Mac.
volumes:
- database:/var/lib/mysql
networks:
- backend-wpd
phpmyadmin:
depends_on:
- db
image: phpmyadmin:5.2.0
restart: unless-stopped
# logging:
# driver: none
environment:
PMA_HOST: db
MYSQL_PASSWORD: SomeGreatPassword
MYSQL_ROOT_PASSWORD: SomeGreatPassword
networks:
- backend-wpd
- traefik_default
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_default"
- "traefik.http.routers.db-$name-secure.entrypoints=websecure"
- "traefik.http.routers.db-$name-secure.rule=Host(`$name.db.website.dk`)"
volumes:
database:
networks:
backend-wpd:
traefik_default:
external: true
The webserver just have a few extra modules like git and xdebug
Docker file:
FROM php:7.4-apache
WORKDIR /var/www/html
RUN usermod -u 1000 www-data;
RUN apt-get update && \
apt-get -y install git
RUN apt-get install -y libzip-dev zip && docker-php-ext-install zip
RUN docker-php-ext-install opcache
RUN apt-get install -y libicu-dev
RUN docker-php-ext-configure intl
RUN docker-php-ext-install intl
RUN apt-get install -y libjpeg-dev
RUN apt-get install -y libfreetype6-dev
RUN apt-get install -y sendmail libpng-dev
RUN docker-php-ext-configure gd --with-jpeg && \
docker-php-ext-install gd
# Install Xdebug
RUN yes | pecl install xdebug-3.1.6 \
&& echo "zend_extension=$(find $(php-config --extension-dir) -name xdebug.so)" \
> /usr/local/etc/php/conf.d/xdebug.ini
# Configure apache
RUN a2enmod rewrite
# Copy xdebug.ini to /usr/local/etc/php/conf.d/
# works here, and we can use it to enable xdebug:
RUN docker-php-ext-enable xdebug
RUN echo "--insecure" >| ~/.curlrc #TODO find better way to accept self signed cert
# Setup the OS
RUN apt-get -qq update ; apt-get -y install unzip curl sudo subversion mariadb-client \
&& apt-get autoclean \
&& chsh -s /bin/bash www-data
# Install wp-cli
RUN curl https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar > /usr/local/bin/wp.phar \
&& echo "#!/bin/bash" > /usr/local/bin/wp \
&& echo "su www-data -c \"/usr/local/bin/wp.phar --path=/var/www/html \$*\"" >> /usr/local/bin/wp \
&& chmod 755 /usr/local/bin/wp* \
&& echo "*** wp-cli command installed"
RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
&& php composer-setup.php \
&& php -r "unlink('composer-setup.php');" \
&& mv composer.phar /usr/local/bin/ \
&& echo "#!/bin/bash" > /usr/local/bin/composer \
&& echo "su www-data -c \"/usr/local/bin/composer.phar --working-dir=/var/www/html/ \$*\"" >> /usr/local/bin/composer \
&& chmod ugo+x /usr/local/bin/composer \
&& echo "*** composer command installed"
RUN docker-php-ext-install pdo pdo_mysql
RUN docker-php-ext-enable xdebug
RUN echo "--insecure" >| ~/.curlrc #TODO find better way to accept self signed cert
RUN service apache2 restart
I have spent a few days looking for a solution so any help is very appreciated.