Develop Reference

Bad Gateway for WordPress containers behind Traefik reverse proxy in docker-compose

Firstly, I'd like to say that I'm not a server admin. I'm a web programmer tasked with setting up a development server and I have no idea what I'm doing. I may not be doing things according to best practice or the way you might do them. Unfortunately, with Traefik, there are 3 ways to do everything and so 2/3 of the answers that I've come across aren't compatible with my implementation and I can't figure out how to make them work. Furthermore, this isn't my only (or even primary) job duty.
Here's the setup:
Single-server docker environment on a Linode server with Ubuntu 20.04
I have one stack with Traefik, Traefik Hub, Portainer, and WhoAmI configured and working (mostly) correctly. I don't have the DNS challenge working right with Let's Encrypt, but I don't really care about that at this point. I don't really need a wildcard certificate.
I created a mariadb container. We're mostly a WordPress shop and I'd like to have one container for all the databases we work with rather than configuring a database on an environment-by-environment basis.
I created an external bridge network, named "maverick-net" and all of the stacks are connected to it.
I have a self-hosted GitHub runner listening for changes to the "dev" branch of the project. The runner pulls down the latest repo, writes GitHub secrets to a local .env file, runs composer install and then docker-compose up -d. (That's the reason behind the obscenely-long bind mount paths.)
I'm trying to make the code for these WordPress projects reusable as much as possible, so there's a lot of .env variables in the different files. At some point I'll probably move those over to docker secrets, but at this point it's a development server and not as critical.
My issue is that I haven't been able to get a WordPress site up and running, and I keep hitting a "Bad Gateway" error. When I curl the URL from inside the traefik container, I get... wait for it... "Bad Gateway."
Clearly there's something I'm missing, but I've been slamming my head against a brick wall for weeks trying different approaches to get this running and I need help. There has to be something I'm not getting about docker networks in general because my wp-cli container never has been able to connect to the database, regardless of whether I start it in the same stack or if i try to connect to it on the maverick-net network.
My traefik stack (side note, I'd really like to split these command entries into static and dynamic config files, but that's a task for another day):
version: "3.9"
secrets:
linode_token:
file: "../secrets/linode_token.secret"
services:
traefik:
container_name: traefik
image: "traefik:latest"
command:
- --log.level=DEBUG
- --log.filePath=./traefik.log
- --accessLog=true
- --accessLog.filePath=./access.log
- --accessLog.bufferingSize=100
- --accessLog.filters.statusCodes=400-499
- --api
- --api.dashboard=true
- --api.insecure=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --providers.docker.watch=true
- --providers.docker.exposedbydefault=false
- --certificatesresolvers.leresolver.acme.dnsChallenge=true
- --certificatesresolvers.leresolver.acme.dnsChallenge.provider=linodev4
- --certificatesresolvers.leresolver.acme.httpchallenge=true
- --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.leresolver.acme.email=xxxxxxxxxxx#xxxxxxxxx.xxx
- --certificatesresolvers.leresolver.acme.storage=./acme.json
#- --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
- --experimental.hub=true
- --hub.tls.insecure=true
- --metrics.prometheus.addrouterslabels=true
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ~/certs-data/acme.json:/data/letsencrypt/acme.json
- ./static.yml:/static.yml:ro
- ./configs:/configs
- ~/certs-data/:/data/letsencrypt/
secrets:
- "linode_token"
environment:
TZ: America/Chicago
LINODE_TOKEN_FILE: "/run/secrets/linode_token"
labels:
- "traefik.enable=true"
- "traefik.docker.network=maverick-net"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.tls.certresolver=leresolver"
- "traefik.http.routers.traefik.rule=Host(`XXXXX.XXXXXXXXXX.XXX`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=XXXX:$$apr1$$XXXXX$$XXXXXXXXXXXXXXX"
- "traefik.http.routers.api.entrypoints=websecure"
networks:
- maverick-net
hub-agent:
image: ghcr.io/traefik/hub-agent-traefik:experimental
pull_policy: always
container_name: hub-agent
restart: on-failure
command:
- run
- --hub.token=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
- --auth-server.advertise-url=http://hub-agent
- --traefik.host=traefik
- --traefik.tls.insecure=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- traefik
networks:
- maverick-net
portainer:
image: portainer/portainer-ce:latest
command: -H unix:///var/run/docker.sock
container_name: portainer
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
labels:
# Frontend
- "traefik.enable=true"
- "traefik.http.routers.frontend.rule=Host(`XXXXX.XXXXXXXXXX.XXX`)"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.services.frontend.loadbalancer.server.port=9000"
- "traefik.http.routers.frontend.service=frontend"
- "traefik.http.routers.frontend.tls.certresolver=leresolver"
networks:
- maverick-net
whoami:
image: "traefik/whoami"
container_name: "whoami"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`XXXXX.XXXXXXXXXX.XXX`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=leresolver"
networks:
- maverick-net
volumes:
portainer_data:
networks:
maverick-net:
external: true
My mariadb stack:
version: "3"
networks:
# enable connection with Traefik
maverick-net:
external: true
services:
mariadb:
container_name: mariadb
image: mariadb:10.7
restart: always
volumes:
- "/home/xxxxxxxxxx/docker/mariadb/data:/var/lib/mysql"
expose:
- "3306"
env_file: .env
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PWD}
MYSQL_USER: ${ADMIN_DB_USER}
MYSQL_PASSWORD: ${ADMIN_DB_PWD}
networks:
- maverick-net
And finally my WordPress stack:
version: '3.8'
networks:
maverick-net:
external: true
# volumes:
# db_data:
services:
# mariadb:
# container_name: ${WORDPRESS_DB_NAME}-db
# image: mariadb:10.7
# restart: always
# volumes:
# - "db_data:/var/lib/mysql"
# env_file: .env
# environment:
# MYSQL_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
# MYSQL_USER: ${ADMIN_DB_USER}
# MYSQL_PASSWORD: ${ADMIN_DB_PWD}
wordpress:
container_name: ${WORDPRESS_DB_NAME}-wp
image: wordpress:6.0.2-fpm
volumes:
- type: bind
source: ${PROJECT_ROOT}/${WORDPRESS_DB_NAME}/${PROJECT_NAME}/${PROJECT_NAME}/wp
target: /var/www/html
restart: always
env_file: .env
environment:
WORDPRESS_DB_HOST: mariadb
MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
WORDPRESS_DATABASE_USER: ${WORDPRESS_DB_USER}
WORDPRESS_DATABASE_PASSWORD: ${WORDPRESS_DB_PASSWORD}
WORDPRESS_DATABASE_NAME: ${WORDPRESS_DB_NAME}
labels:
# The labels are useful for Traefik only
- "traefik.enable=true"
- "traefik.docker.network=maverick-net"
# Get the routes from https
- "traefik.http.routers.${WORDPRESS_DB_NAME}.rule=Host(`${DEV_URL}`)"
- "traefik.http.routers.${WORDPRESS_DB_NAME}.entrypoints=websecure"
- "traefik.http.routers.${WORDPRESS_DB_NAME}.tls.certresolver=leresolver"
networks:
- maverick-net
wordpress-cli:
container_name: ${WORDPRESS_DB_NAME}-cli
image: wordpress:cli
volumes:
- type: bind
source: ${PROJECT_ROOT}/${WORDPRESS_DB_NAME}/${PROJECT_NAME}/${PROJECT_NAME}/wp
target: /var/www/html
env_file: .env
environment:
WORDPRESS_DB_HOST: mariadb
MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
WORDPRESS_DATABASE_USER: ${WORDPRESS_DB_USER}
WORDPRESS_DATABASE_PASSWORD: ${WORDPRESS_DB_PASSWORD}
WORDPRESS_DATABASE_NAME: ${WORDPRESS_DB_NAME}
networks:
- maverick-net
depends_on:
- wordpress

As far as I know, you can connect to containers in the same network by using their service name.
So for example you are trying to curl to the Wordpress container from the Traefik Container.
curl 'http://wordpress/'
Should work.
In another project I use an nginx container with php-fpm.
I need to send my curl requests to the nginx container, because the php-fpm container does not handle server requests directly:
// does not work
curl 'http://php-debug/index.html'
// result
curl: (7) Failed to connect to php-debug port 80: Connection refused
// https also does not work
curl 'https://php-fpm/index.html'
// result
curl: (7) Failed to connect to php-fpm port 443: Connection refused
// This does work
curl 'http://nginx/index.html'
// result
<HTML...
For some reason https: curl requests fail, but on http I get the correct result so for local development I think it's ok.
If you are interested in a more managed solution, you can check out warden.dev. It contains a template for Wordpress too (which I use succesfully for local development). I have been using this exclusively. If you have questions how to setup WP CLI on this solution, feel free to contact me.
It comes with portainer, traefik, ssl and dns and mailhog.
Configuration is pretty straight forward, I can set up a new project within an hour and connect to the database and containers in my IDE.
https://docs.warden.dev/environments/types.html#wordpress

Error accessing database via docker wpcli container

I am trying to create a basic wordpress/mariadb/wpcli docker container stack. All works as expected, except that the wpcli service fails at startup time with this error turning up in the logs:
"Error: Error establishing a database connection."
To be clear, I can access the wordpress site just fine after allowing enough time for the db and wp containers to spin up. But the wpcli container fails.
Here is my docker-compose.yml:
version: '3.9'
services:
db:
# We use a mariadb image which supports both amd64 & arm64 architecture
image: mariadb:latest
# If you really want to use MySQL, uncomment the following line
#image: mysql:8.0.27
command: '--default-authentication-plugin=mysql_native_password'
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
- MYSQL_ROOT_PASSWORD=somewordpress
- MYSQL_DATABASE=wordpress
- MYSQL_USER=wordpress
- MYSQL_PASSWORD=wordpress
expose:
- 3306
- 33060
wordpress:
image: wordpress:php8.1
ports:
- 80:80
restart: always
depends_on:
- db
environment:
- WORDPRESS_DB_HOST=db
- WORDPRESS_DB_USER=wordpress
- WORDPRESS_DB_PASSWORD=wordpress
- WORDPRESS_DB_NAME=wordpress
volumes:
- wordpress:/var/www/html
wpcli:
image: wordpress:cli-php8.1
# restart: always
depends_on:
- db
- wordpress
environment:
- WORDPRESS_DB_HOST=db
- WORDPRESS_DB_USER=wordpress
- WORDPRESS_DB_PASSWORD=wordpress
- WORDPRESS_DB_NAME=wordpress
volumes:
- wordpress:/var/www/html
volumes:
db_data:
wordpress:
My plan for the short term is to develop new themes for an already existing site, so I have the workaround that I can install wpcli directly in the wp container. But that's a pain, and I am new to docker (definitely not new to linux or wordpress) and I don't really want to take time right now to learn how to roll my own container that has both wordpress and wpcli.
Incidentally, I tried the Bitnami wordpress container which has exactly that, but ran into issues mounting volumes on localhost due to those being non-root containers.
Any ideas about how to get the wpcli container from the official wordpress to work?
Thanks in advance for your help!

Docker WordPress configuration not working on localhost with port 8000

I have been working in this bitnami-wordpress-docker and still stuck on configuration. I have seen few tutorials in which the command docker-compose up -d create bunch of files inside the folder and later localhost:8000 lands to the admin part of the wordpress. But things are not being simple for me.
Here is my docker-compose.yml file.
version: '3'
services:
mariadb:
user: root
image: 'bitnami/mariadb:10.3'
volumes:
- 'mariadb_data:/bitnami'
restart: always
environment:
- MARIADB_USER=bn_wordpress
- MARIADB_DATABASE=bitnami_wordpress
- ALLOW_EMPTY_PASSWORD=yes
networks:
- wpsite
wordpress:
image: 'bitnami/wordpress:latest'
ports:
- '8000:80'
restart: always
volumes:
- 'wordpress_data:/bitnami'
depends_on:
- mariadb
environment:
- MARIADB_HOST=mariadb
- MARIADB_PORT_NUMBER=3306
- WORDPRESS_DATABASE_USER=bn_wordpress
- WORDPRESS_DATABASE_NAME=bitnami_wordpress
- ALLOW_EMPTY_PASSWORD=yes
networks:
- wpsite
phpmyadmin:
depends_on:
- mariadb
image: phpmyadmin/phpmyadmin
restart: always
ports:
- '8080:80'
environment:
PMA_HOST: mariadb
MYSQL_ROOT_PASSWORD: password
networks:
- wpsite
networks:
wpsite:
volumes:
mariadb_data:
driver: local
wordpress_data:
driver: local
The command I mentioned above is creating containers.
When I try localhost:8000, noting shows. But when localhost:8080 lands me to phpmyadmin page.
Can anybody please tell me how can I setup this Bitnami wordpress using docker. It starts getting frustrating for me.
Thank You.

Under windows, it often happens to me that some ports are occupied;)
I do that:
I start powershell or cmd as admin
running netstat -aon | findstr 8080 the last number is the port
I get TCP 0.0.0.0:8080 0.0.0.0.0 LIETENIN 3428
run taskkill /f /pid 3428
And I'm also using the vscode plugin vscode-docker to use for removing all contaners and images.
Take a look at my example of docker+wordpress+xdebug maybe something will come in handy ;)

Docker permissions with Symfony 3

There is problem with symfony cache and logs in docker containers.
Web server executes from www-data user and group and when I do symfony cache clear from docker container using php that is installed on docker, it executes from root.
So if I remove var/logs/dev.log for example and open url in browser, new log.dev gets created with user and group: www-data:www-data, but after i do cache clear, it gets permissions root:root and url in browser gives error dev.log permission denied.
I am not sure whats the problem, but I guess somehow nginx operates under www-data and when I execute console commands they operate from root user.
I have 4 containers: nginx, php-fpm, mysql, rabbit.
I also use version 3 of docker compose, I thought of solution with group_add but its no longer available in version 3
How do I configure this?
=================
docker-compose is similar to this:
version: "3"
services:
nginx:
image: nginx:1.11
depends_on:
- php-fpm
links:
- php-fpm
environment:
- NGINX_PORT=80
- FASTCGI_HOST=php
- FASTCGI_PORT=9000
- DOCUMENT_ROOT=/usr/local/src/test-project/public
ports:
- 8095:80
volumes:
- .:/usr/local/src/test-project
- ./docker/nginx/templates/default.conf.template:/etc/nginx/conf.d/default.conf.template
- ./docker/nginx/entrypoint.sh:/entrypoint.sh
command: "/bin/bash /entrypoint.sh"
php-fpm:
build: docker/php
depends_on:
- db
extra_hosts:
- "test-project:127.0.0.1"
environment:
DATABASE_URL: pgsql://test-project_users:test-project_users#db:5432/test-project_users
APP_URL: 172.19.0.1:8095/
working_dir: /usr/local/src/test-project
volumes:
- .:/usr/local/src/test-project
db:
image: postgres
restart: always
ports:
- '5599:5432'
environment:
POSTGRES_DB: test-project_users
POSTGRES_USER: test-project_users
POSTGRES_PASSWORD: test-project_users
volumes:
- data:/var/lib/db

The problem is, that you are clearing the cache as root user via command-line. you should run the clear statement with su www-data.

Docker compose web stack

I try to build a web stack with docker using "php, mariadb, ngnix, composer"
I try to use only container from official repositories
following my docker-compose.yml
version: '2'
services:
nginx:
image: nginx
container_name: nginx
ports:
- "8000:80"
mariadb:
image: mariadb
container_name: mariadb
ports:
- "3306:3306"
volumes:
- ./mysql:/var/lib/mysql
environment:
MYSQL_USER : root
MYSQL_ROOT_PASSWORD: root
php:
image: php:fpm
container_name: php
ports:
- "80:80"
volumes:
- ./php/:/var/www/html/
composer:
image: composer
container_name: composer
volumes_from:
- php
working_dir: /var/www/
volumes:
- ./composer2:/app
this docker-compose work correctly, but I don't understand why composer down quickly after 'docker-compose up -d'
PS:My first goal is to use this stack for symfony2 or silex

The composer container is ended imediatelly becuase it's not intended to run as a "daemon". In case you don't provide any command, the composer, simply said, has nothing to do. Anyways, if it has "something to do", then it executes it and ends.
You can use it through interactive shell like this:
docker run --rm --interactive --tty --volume $PWD:/app composer install
More examples are in the "Using" section here: https://hub.docker.com/_/composer/