I am setting up a wordpress site using bitnami images, these exposes unpriviledged port 8181 and 8443 , so I would like to map port 443 to the service container port 8443,
I've tried with expose: [8443] and defining the loadbalance port without success.
it is not very clear if I have to define the target port in the service or in the middleware.
here is my traefik definition
version: "3.7"
networks:
traefik:
external: true
services:
traefik:
image: "traefik:v2.5"
container_name: traefik
restart: unless-stopped
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=mail#me.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
networks:
- traefik
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
And the service (relevant parts)
wordpress:
image: docker.io/bitnami/wordpress-nginx:5
volumes:
- wordpress_data:/bitnami/wordpress
depends_on:
- mariadb
environment:
....
....
NGINX_HTTP_PORT_NUMBER: 8181
NGINX_HTTPS_PORT_NUMBER: 8443
networks:
- traefik
- backend
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.wordpress.rule=Host(`domain.com`)"
- "traefik.http.routers.wordpress.entrypoints=web"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.wordpress.middlewares=redirect-to-https#docker"
- "traefik.http.routers.wordpress-secured.rule=Host(`domain.com`)"
- "traefik.http.routers.wordpress-secured.entrypoints=websecure"
- "traefik.http.routers.wordpress-secured.tls=true"
- "traefik.http.routers.wordpress-secured.tls.certresolver=myresolver"
Ok I've found the solution: I need to configure the loadbalancer server port to tell traefik where service is listening to
services:
wordpress:
labels:
- 'traefik.http.services.wordpress-secured.LoadBalancer.server.port=8181'
Related
Hi I am setting up one docker image available on -https://github.com/10up/wp-local-docker
I have changed all the ports mentioned both .yml files -
- docker-compose.yml
- admin-compose.yml
Than I have done setup as mentioned in documentation on page.
My issue is I have already installed Apache 2 on my local on port 80 and I have setup docker nginx image on port 8088. After setup when I run the localhost:8088 it shows error "Secure Connection Failed" does not show default nginx page.
only thing I changed in .yml file is port which I want to expose all the images.
Any idea where I am doing wrong or miss any thing ? Below is my .yml files-
-docker-compose.yml
version: '3'
services:
mysql:
image: mysql:5
volumes:
- "./data/db:/var/lib/mysql:delegated"
ports:
- "3336:3306"
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: password
mailcatcher:
image: schickling/mailcatcher
ports:
- "1025:1025"
- "1080:1080"
environment:
MAILCATCHER_PORT: 1025
memcached:
image: memcached:latest
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.6.5
environment:
ES_JAVA_OPTS: "-Xms750m -Xmx750m"
ports:
- "9200:9200"
volumes:
- "./config/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:cached"
- "./config/elasticsearch/plugins:/usr/share/elasticsearch/plugins:cached"
- "./data/elasticsearch:/usr/share/elasticsearch/data:delegated"
phpfpm:
image: 10up/phpfpm
depends_on:
- mysql
- memcached
- elasticsearch
volumes:
- "./wordpress:/var/www/html:cached"
- "./config/php-fpm/php.ini:/usr/local/etc/php/php.ini:cached"
- "./config/php-fpm/docker-php-ext-xdebug.ini:/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini:cached"
- "./config/php-fpm/wp-cli.local.yml:/var/www/html/wp-cli.local.yml:cached"
- "~/.ssh:/root/.ssh:cached"
extra_hosts:
- "docker-local.localhost:172.18.0.1"
nginx:
depends_on:
- phpfpm
ports:
- "8088:80"
- "4443:443"
image: nginx:latest
volumes:
- "./wordpress:/var/www/html:cached"
- "./config/nginx/default.conf:/etc/nginx/conf.d/default.conf:cached"
- "./config/certs:/etc/nginx/certs:cached"
- "./logs/nginx:/var/log/nginx:cached"
wpsnapshots:
image: 10up/wpsnapshots
depends_on:
- mysql
- phpfpm
volumes:
- "./config/wpsnapshots:/home/wpsnapshots/.wpsnapshots:cached"
- "./wordpress:/var/www/html:cached"
-admin-compose.yml
version: '3'
services:
phpmyadmin:
image: phpmyadmin/phpmyadmin
environment:
- PMA_HOST mysql
links:
- mysql:db
ports:
- 8892:80
depends_on:
- mysql
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: password
phpmemcacheadmin:
image: hitwe/phpmemcachedadmin
ports:
- "8893:80"
depends_on:
- memcached
I am using docker-compose to set up a NextJS-app that fetches data from the Wordpress REST-API running in separate containers.
Problem is, I get ECONNREFUSED when I try to fetch or WGET the wordpress-container http://wordpress:8000 from the NextJS-container. I can ping wordpress:8000 without any problems.
If I use Postman or try to fetch the REST-API from another host (i.e. not the machine running docker-compose) using the public ip, it works perfectly.
I'm suspecting some docker configuration issue, but I'm quite lost as the pinging works but not the wget.
Anyone with an idea on what the culprit could be?
My docker-compose.yml:
version: '2'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: ***REMOVED***
MYSQL_DATABASE: ***REMOVED***
MYSQL_USER: ***REMOVED***
MYSQL_PASSWORD: ***REMOVED***
networks:
- back
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- ./wp-content:/var/www/html/wp-content
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: root
WORDPRESS_DB_PASSWORD: ***REMOVED****
networks:
- back
phpmyadmin:
depends_on:
- db
image: phpmyadmin/phpmyadmin
restart: always
ports:
- 8080:80
environment:
PMA_HOST: db
MYSQL_ROOT_PASSWORD: ***REMOVED***
networks:
- back
next-app:
depends_on:
- wordpress
build:
context: ./next-app
dockerfile: Dockerfile
volumes:
- './next-app:/usr/src/app'
- '/usr/src/app/node_modules'
ports:
- '80:3000'
networks:
- back
express-server:
build:
context: ./express-server
dockerfile: Dockerfile
ports:
- '3001:3001'
networks:
back:
driver: bridge
volumes:
db_data:
From inside the NextJS-container you need to use port 80. Port 8000 it's from your (host) machine. So use http://wordpress:80 from inside the docker containers.
ports:
- "8000:80"
In you docker-compose file just says: "Map my local (host machine) port 8000 to containers ports 80", but inside the docker network, it's still port 80
You can ping, because ping doesn't use ports. Ports that we are talking about are TCP/UDP ports, see https://en.wikipedia.org/wiki/Port_(computer_networking). But ping uses ICMP (Internet Control Message Protocol), which doesn't use ports at all, see https://en.wikipedia.org/wiki/Ping_(networking_utility)
When running docker-compose up with the following docker-compose.yml file, nginx immediately exits after starting. When I remove the following line:
- ./nginx/config:/etc/nginx/conf.d
nginx does not immediately exit.
docker-compose.yml
version: '3'
services:
nginx:
image: nginx
ports:
- '8080:80'
volumes:
- ./nginx/log:/var/log/nginx
- ./nginx/config:/etc/nginx/conf.d
- ../wordpress:/var/www/wordpress
php:
image: php:fpm
ports:
- 9000:9000
mysql:
image: mysql
ports:
- "3306:3306"
environment:
MYSQL_ROOT_PASSWORD: secret
volumes:
- ./mysql/data:/var/lib/mysql
How can I get nginx to run with a custom /etc/nginx/conf.d/default.conf?
I have a website with a Docker container.
So I use the nginx reverse proxy docker with let's encrypt
I follow this tutorial
But my website is not working with https.
There is my docker compose file:
services:
nginx:
image: pixelfordinner/nginx
container_name: pixelcloud-nginx_proxy-nginx
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- "./volumes/conf.d:/etc/nginx/conf.d:ro"
- "./volumes/vhost.d:/etc/nginx/vhost.d:ro"
- "./volumes/certs:/etc/nginx/certs:ro"
- "/usr/share/nginx/html"
nginx-proxy:
image: jwilder/docker-gen
container_name: nginx-proxy
depends_on:
- nginx
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./data/templates:/etc/docker-gen/templates:ro"
- "./volumes/conf.d:/etc/nginx/conf.d:rw"
entrypoint: /usr/local/bin/docker-gen -notify-sighup pixelcloud-nginx_proxy-nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
letsencrypt-nginx-proxy:
restart: always
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: ssl
depends_on:
- nginx
- nginx-proxy
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./volumes/vhost.d:/etc/nginx/vhost.d:rw"
- "./volumes/certs:/etc/nginx/certs:rw"
environment:
- "NGINX_DOCKER_GEN_CONTAINER=pixelcloud-nginx_proxy-docker_gen"
wordpress:
image: wordpress
environment:
- VIRTUAL_HOST=foo.example.com
- LETSENCRYPT_HOST=foo.example.com
- LETSENCRYPT_EMAIL= mail#example.com
I download the nginx.tmpl file from github, and copy it into /data/templates/nginx.tmpl
I don't inderstand what it is not working
Thanks for help!
UPDATE: I managed to setup https instead of http on wordpress.
But I have a Gitlab instance with docker compose. On the login page, the https is working, but when I login and go on the project homepage, there is https but the connection is not secure.
I would like this: https://gitlab.exemple.com
It looks like you are missing the jwilder/docker-gen container that is required by jrcs/letsencrypt-nginx-proxy-companion.
See documentation: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion#separate-containers-recommended-method
See example: https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples/blob/master/docker-compose/v2/simple-site/docker-compose.yml
It means you will have to add a nginx.tmpl file and mount it to your jwilder/docker-gen container.
You will also need to share the /etc/nginx/vhost.d volume from the nginx-proxy container.
Update:
The container_name of your service running the docker-gen image should be pixelcloud-nginx_proxy-docker_gen as it needs to match the NGINX_DOCKER_GEN_CONTAINER environment variable. So you should have:
nginx-proxy:
image: jwilder/docker-gen
container_name: pixelcloud-nginx_proxy-docker_gen
I have a setup based on docker-letsencrypt-nginx-proxy-companion running a django container and a wordpress container on the same Docker Host. I have added to domains to each of the container, so the wordpress container is reachable with mydomain.com and www.mydomain.com and the django container with subdomain.mydomain.com. This is configured in the VIRTUAL_HOST env and its working perfectly so far. I get all certificates and I can connect to each of them.
The main Issue I have now is, that the wordpress container needs to curl the django container and vice versa. But if I go into the django or wordpress container and try to make a call to e.g. subdomain.mydomain.com I get the following error:
$ curl mydomain.com
Hostname was NOT found in DNS cache
and then he tries to connect to the IP and is ending up in a timeout. If I make a curl from local or a different server I get a 200 without any problems on each of those. I read sth about a DNS resolve issue but atm I couldn't find a solution. Do you have a clue what I could do in this case?
Thanks in advance!
My Containers:
Nginx Proxy Compose
version: "2"
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- "/var/www/certificates:/etc/nginx/certs:ro"
- "/etc/nginx/vhost.d"
- "/usr/share/nginx/html"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
letsencrypt-nginx-proxy-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt-nginx-proxy-companion
restart: always
volumes_from:
- nginx-proxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/var/www/certificates:/etc/nginx/certs:rw"
networks:
default:
external:
name: proxy-network
Wordpress Compose
version: '2'
services:
mariadb:
build:
context: .
dockerfile: build/env/mysql/Dockerfile
env_file: .env
restart: "always"
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
volumes:
- prod-database:/var/lib/mysql
php:
build:
context: .
dockerfile: build/env/php-fpm/Dockerfile
env_file: .env
restart: "always"
volumes:
- ${SRC_APP_PERSISTENT}:/var/www/html
links:
- mariadb:mysql
web:
build:
context: .
dockerfile: build/env/nginx/Dockerfile
restart: "always"
links:
- php:fpm
volumes_from:
- php
environment:
- VIRTUAL_HOST=mydomain.com,www.mydomain.com
- VIRTUAL_PORT=443
- VIRTUAL_NETWORK=proxy-network
- LETSENCRYPT_HOST=mydomain.com,www.mydomain.com
- LETSENCRYPT_EMAIL=info#mydomain.com
ports:
- "80"
volumes:
prod-database:
driver: local
networks:
default:
external:
name: proxy-network
Django Compose
version: '2'
volumes:
postgres_data_dev: {}
postgres_backup_dev: {}
services:
postgres:
build: ./compose/postgres
volumes:
- postgres_data_dev:/var/lib/postgresql/data
- postgres_backup_dev:/backups
environment:
- POSTGRES_USER=dbuser
django:
build:
context: .
dockerfile: ./compose/django/Dockerfile-dev
env_file: .env
command: /start-dev.sh
depends_on:
- postgres
environment:
- POSTGRES_USER=dbuser
- USE_DOCKER=yes
- VIRTUAL_HOST=subdomain.mydomain.com
- VIRTUAL_PORT=443
- VIRTUAL_NETWORK=proxy-network
- LETSENCRYPT_HOST=subdomain.mydomain.com
- LETSENCRYPT_EMAIL=info#mydomain.com
volumes:
- .:/app
ports:
- "8000"
links:
- postgres
- mailhog
pycharm:
build:
context: .
dockerfile: ./compose/django/Dockerfile-dev
depends_on:
- postgres
environment:
- POSTGRES_USER=dbuser
volumes:
- .:/app
links:
- postgres
mailhog:
image: mailhog/mailhog
ports:
- "8025:8025"
networks:
default:
external:
name: proxy-network