Develop Reference

how to map different prots inside a docker service with traefik?

I am setting up a wordpress site using bitnami images, these exposes unpriviledged port 8181 and 8443 , so I would like to map port 443 to the service container port 8443,
I've tried with expose: [8443] and defining the loadbalance port without success.
it is not very clear if I have to define the target port in the service or in the middleware.
here is my traefik definition
version: "3.7"
networks:
traefik:
external: true
services:
traefik:
image: "traefik:v2.5"
container_name: traefik
restart: unless-stopped
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=mail#me.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
networks:
- traefik
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
And the service (relevant parts)
wordpress:
image: docker.io/bitnami/wordpress-nginx:5
volumes:
- wordpress_data:/bitnami/wordpress
depends_on:
- mariadb
environment:
....
....
NGINX_HTTP_PORT_NUMBER: 8181
NGINX_HTTPS_PORT_NUMBER: 8443
networks:
- traefik
- backend
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.wordpress.rule=Host(`domain.com`)"
- "traefik.http.routers.wordpress.entrypoints=web"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.wordpress.middlewares=redirect-to-https#docker"
- "traefik.http.routers.wordpress-secured.rule=Host(`domain.com`)"
- "traefik.http.routers.wordpress-secured.entrypoints=websecure"
- "traefik.http.routers.wordpress-secured.tls=true"
- "traefik.http.routers.wordpress-secured.tls.certresolver=myresolver"

Ok I've found the solution: I need to configure the loadbalancer server port to tell traefik where service is listening to
services:
wordpress:
labels:
- 'traefik.http.services.wordpress-secured.LoadBalancer.server.port=8181'

nginx basic auth not working in docker-compose

i'm setting up basic authentication(credential) for loki and promtail using nginx in docker-compose. i have created htpasswd to set the password for loki and promtail andcreated seperate config file for loki and promtail and passing it through volumes.
however its not triggering authentication for loki and promtail
docker-compose.yaml
version: "2"
services:
my-nginx-service:
image: nginx
ports:
- "8098:80"
container_name: nginx
volumes:
- ./config/sites-enabled/loki:/etc/nginx/sites-enabled/loki
- ./config/conf.d/loki.conf:/etc/nginx/conf.d/loki.conf
- ./config/conf.d/loki.conf:/etc/nginx/conf.d/promtail.conf
- ./config/sites-available/default:/etc/nginx/sites-available/default
- ./config/htpasswd/.htloki:/etc/nginx/.htloki
- ./config/htpasswd/.htloki:/etc/nginx/.htpromtail
loki:
image: grafana/loki:2.0.0
container_name: loki
volumes:
- ./config/loki.yaml:/etc/config/loki.yaml
entrypoint:
- /usr/bin/loki
- -config.file=/etc/config/loki.yaml
ports:
- "3100:3100"
promtail:
image: grafana/promtail:2.0.1
container_name: promtail
user: root
volumes:
- ./log:/var/log/test
- /var/log/system.log:/var/log/root/system.log
- ./config/promtail-local-config.yaml:/etc/config/promtail-local-config.yaml
entrypoint:
- /usr/bin/promtail
- -config.file=/etc/config/promtail-local-config.yaml
ports:
- "9080:9080"
loki.conf
server {
listen 443;
location / {
auth_basic "Protected Area";
auth_basic_user_file /etc/nginx/.htloki;
proxy_pass http://loki:3100;
}
}
promtail.conf
server {
listen 442;
location / {
auth_basic "Protected Area";
auth_basic_user_file /etc/nginx/.htpromtail;
proxy_pass http://promtail:9080;
}
}
has anybody faced this issue?

Apparently, I forgot to rebuild the container images after including the .htpasswd files. Rebuilding fixed this
docker compose up --build

Docker - nginx with custom conf

When running docker-compose up with the following docker-compose.yml file, nginx immediately exits after starting. When I remove the following line:
- ./nginx/config:/etc/nginx/conf.d
nginx does not immediately exit.
docker-compose.yml
version: '3'
services:
nginx:
image: nginx
ports:
- '8080:80'
volumes:
- ./nginx/log:/var/log/nginx
- ./nginx/config:/etc/nginx/conf.d
- ../wordpress:/var/www/wordpress
php:
image: php:fpm
ports:
- 9000:9000
mysql:
image: mysql
ports:
- "3306:3306"
environment:
MYSQL_ROOT_PASSWORD: secret
volumes:
- ./mysql/data:/var/lib/mysql
How can I get nginx to run with a custom /etc/nginx/conf.d/default.conf?

Reverse proxy nginx with Docker

I have a website with a Docker container.
So I use the nginx reverse proxy docker with let's encrypt
I follow this tutorial
But my website is not working with https.
There is my docker compose file:
services:
nginx:
image: pixelfordinner/nginx
container_name: pixelcloud-nginx_proxy-nginx
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- "./volumes/conf.d:/etc/nginx/conf.d:ro"
- "./volumes/vhost.d:/etc/nginx/vhost.d:ro"
- "./volumes/certs:/etc/nginx/certs:ro"
- "/usr/share/nginx/html"
nginx-proxy:
image: jwilder/docker-gen
container_name: nginx-proxy
depends_on:
- nginx
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./data/templates:/etc/docker-gen/templates:ro"
- "./volumes/conf.d:/etc/nginx/conf.d:rw"
entrypoint: /usr/local/bin/docker-gen -notify-sighup pixelcloud-nginx_proxy-nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
letsencrypt-nginx-proxy:
restart: always
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: ssl
depends_on:
- nginx
- nginx-proxy
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./volumes/vhost.d:/etc/nginx/vhost.d:rw"
- "./volumes/certs:/etc/nginx/certs:rw"
environment:
- "NGINX_DOCKER_GEN_CONTAINER=pixelcloud-nginx_proxy-docker_gen"
wordpress:
image: wordpress
environment:
- VIRTUAL_HOST=foo.example.com
- LETSENCRYPT_HOST=foo.example.com
- LETSENCRYPT_EMAIL= mail#example.com
I download the nginx.tmpl file from github, and copy it into /data/templates/nginx.tmpl
I don't inderstand what it is not working
Thanks for help!
UPDATE: I managed to setup https instead of http on wordpress.
But I have a Gitlab instance with docker compose. On the login page, the https is working, but when I login and go on the project homepage, there is https but the connection is not secure.
I would like this: https://gitlab.exemple.com

It looks like you are missing the jwilder/docker-gen container that is required by jrcs/letsencrypt-nginx-proxy-companion.
See documentation: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion#separate-containers-recommended-method
See example: https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples/blob/master/docker-compose/v2/simple-site/docker-compose.yml
It means you will have to add a nginx.tmpl file and mount it to your jwilder/docker-gen container.
You will also need to share the /etc/nginx/vhost.d volume from the nginx-proxy container.
Update:
The container_name of your service running the docker-gen image should be pixelcloud-nginx_proxy-docker_gen as it needs to match the NGINX_DOCKER_GEN_CONTAINER environment variable. So you should have:
nginx-proxy:
image: jwilder/docker-gen
container_name: pixelcloud-nginx_proxy-docker_gen

Nginx, Wordpress, and SQL

I currently am trying to learn how to use docker and was wondering if there is a way to make a Docker stack that includes Wordpress, SQL, and Nginx.
Right now I want to have 3 containers running, 1 for each and use nginx as a reverse proxy for my wordpress app.
However, every time I attempt to get this stack up and running through a composer file, only Wordpress and SQL get linked, but not the Nginx.
version: '2'
services:
db:
image: mysql:5.7
volumes:
- "./.data/db:/var/lib/mysql"
restart: always
environment:
MYSQL_ROOT_PASSWORD: wordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:fpm
links:
- db
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_PASSWORD: wordpress
nginx:
restart: always
image: nginx
ports:
- "80:80"
This is all I have in my docker-compose.yml

Your basic approach should work. I have a feeling there is a configuration issue somewhere, possibly with nginx that is preventing it from working as you intend.
You can try this similar docker-compose.yml file as a sample to see how it may differ from what you are doing:
docker-compose.yml
version: '2'
services:
php:
image: phpmyadmin/phpmyadmin
links:
- mysql:db
depends_on:
- mysql
mysql:
image: k0st/alpine-mariadb
volumes:
- ./data/mysql:/var/lib/mysql
environment:
- MYSQL_DATABASE=mydb
- MYSQL_USER=myuser
- MYSQL_PASSWORD=mypass
nginx:
image: nginx:stable-alpine
ports:
- "81:80"
volumes:
- ./nginx/log:/var/log/nginx
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/files:/var/www/nginx:ro
depends_on:
- php
nginx/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile off;
server {
listen 80;
location / {
proxy_pass http://php;
proxy_set_header Host $host;
proxy_redirect off;
}
}
}
The nginx config is simplified but that should work for testing -- basically all it's doing is proxying the php app. Maps to port 81 to avoid conflicts on the host. (Note this is just a rough demo, would need to be fleshed out for any use more than that.)
Regarding linking, you can see that if you run: docker-compose exec mysql ping -c2 nginx to ping from the mysql container to the nginx container, you will succeed even though there are no links specified between these containers. Docker Compose will maintain those links in the default network for you.
If you like, you can fetch a working version from this repo here and run docker-compose up, and (assuming you don't have anything running on port 81) see results on http://localhost:81/ (or whatever your corresponding hostname/IP is).
For more info on Docker Compose networking see:
https://docs.docker.com/compose/networking/
By default Compose sets up a single network for your app. Each
container for a service joins the default network and is both
reachable by other containers on that network, and discoverable by them at a hostname identical to the container name.
Links allow you to define extra aliases by which a service is
reachable from another service. They are not required to enable
services to communicate - by default, any service can reach any other
service at that service’s name.

You could go with the jwilder-nginx docker image. It is using docker-gen to detect containers, and will register them in nginx.conf.
This should work, if you add "VIRTUAL_HOST" the domain will be added to nginx.conf. Please note: You don't have to expose ports on WordPress with this Setup. jwilder-nginx will use default port to forward traffic.
version: '2'
services:
db:
image: mysql:5.7
volumes:
- "./.data/db:/var/lib/mysql"
restart: always
environment:
MYSQL_ROOT_PASSWORD: wordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:fpm
links:
- db
- nginx
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_PASSWORD: wordpress
VIRTUAL_HOST: myblog.mydomain.de
nginx:
restart: always
image: jwilder/nginx-proxy
ports:
- "80:80"