-
-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The page isn’t redirecting properly
/ bad request
#54
Comments
Just double checking did you restart the container after updating the |
Also in the cli you can run |
I run
Tested > Restarted > Tested again Still the same issue unfortunately * Just to clarify, I did restart between |
If you run |
Confirmed. Not working also for me. My docker-compose.yml: version: '3.3'
services:
speedtest-tracker:
image: ghcr.io/alexjustesen/speedtest-tracker:v0.1.0-alpha7
container_name: speedtest-tracker
restart: unless-stopped
ports:
- 8008:80
environment:
TZ: Europe/Rome
PUID: 1000
PGID: 1000
DB_CONNECTION: mysql
DB_HOST: mariadb.axel.dom
DB_PORT: 3306
DB_DATABASE: speedtest_tracker
DB_USERNAME: xxxxxxx
DB_PASSWORD: xxxxxxx
volumes:
- /etc/localtime:/etc/localtime:ro
- $PWD/config:/config Log at first start of the container:
Tried connecting to Tried Log of the container after the two connection tests:
|
@alexdelprete change your port mapping to use the ssl internal port |
yes |
Using port
Container logs don't show anything new:
Another thing of note (maybe) is that I'm getting
It sometimes happens and sometimes not with the same config. |
Damn...that was so easy to fix, leftover from previous config. :) Works through traefik, finally: Question: in .env what should APP_URL be? I have |
I'm using this for Traefik, and it's working: speedtest:
loadBalancer:
servers:
- url: "https://docker2.axel.dom:8008"
passHostHeader: true |
nvm lol |
Sure, I already answered...;) Question: how do I start manually the first test? |
We need a discord channel for the project...:) |
I'm not running Traefik in my homelab so if you have a config you both think is worth sharing I'll add it to the docs. |
We get past 200 stars, I'll make one. |
It's not worth it, it's a very basic config like any standard http/https service. I'd add a full docker-compose.yml example to the docs. |
@alexjustesen Alex, users could get confused about .env and config.yml: I would clear out the fact that .env variables pertains to the container and can be managed at docker level through environment config, and that config.yml pertains to the app configuration (runtime). Personally, I prefer to have all env variables in the compose file and not have an .env, but it's subjective obviously. Would be good to explain users that you can configure them in both places. :) |
|
I still can't get it to work, getting |
Sometimes it's the simple things (like my port in the compose file above). If you post the compose file and the .env / config.yml file I can try to help. UPDATE: I saw you posted it, and this looks wrong, shouldn't it be 443?
|
Thanks @alexdelprete, though I have updated the port since. My compose:
The I've set up a local-only container with the same result:
The only change was from port
I'm at a loss |
The page isn’t redirecting properly
The page isn’t redirecting properly
/ bad request
First thing I do in these cases, is making sure the docker container is working, bypassing traefik. So in your case: in your compose file you are missing the ports section. Then in the local container you included it. I assume 4430 is the local port in the compose file, mapped to 443 in the container. With the browser, if you point at https://docker.domain.dom:4430 what happens? This has to work, because it's not using traefik, you're goind direct to the container. If this doesn't work, it's a container config issue, if it works, it's traefik config issue. Let me know... |
I've mentioned above I get the same result when bypassing Traefik, which is the container web server returning
Which would eliminate Traefik as the cause. Could this from my previous comment be relevant though:
With that said, I'm just testing the new release. |
Sorry, I didn't understand you made the same test I described. :) Well, that error means the internal nginx is not redirecting internally to HTTPS. I don't have the error you noticed (check failure). The local-container must work, traefik has nothing to do with the issue. Are you sure the local-only variables you used in the compose file are ok? Try with explicit values first, just to debug... |
Not a clue if this would be helpful but in the base image they reference traefik and allowing it to direct traffic to a self-signed cert: https://github.com/serversideup/docker-php/tree/dev#the-easiest-way-to-get-a-trusted-certificate |
No worries!
Great tip, I've included env |
Could you also try with This doesn't explain why it's working for me with serversTransport:
insecureSkipVerify: true |
I think this is a specific issue with your setup, because you can't even access the container bypassing traefik. If Traefik is used, it has to be simply configured to accept self-signed certificates. |
Can confirm
I have this |
So we found your specific problem: basically that setting regulates how Traefik should manage certificates on the backend side. If you set it to true, it will ignore the fact they're self-signed. On the public/frontend side, it will always use the public certificate. If you have it disabled, you won't be able to access backend services with self-signed certs. The last mistery to solve is that you couldn't access the container directly with the browser with SSL_MODE=full. :) |
I just re-spun a local container to test - that was user error, I was trying to access it on |
Finally, we solved all the mysteries. :) So I would suggest to use Case closed. :) |
I'm going to add to this because I just spent hours debugging this issue, trying everything posted here but nothing worked. What finally worked was adding the label
|
This tells Traefik to access the container using https schema. So that implies that if you configure
This was recommended (in static config format, not labels, but it's the same setting) six posts above yours: #54 (comment) and this is true for every service that uses self-signed certificates, not specific to ST. What that person says in that post of 2019 is obvious (and confusing to traefik newbies):
I have this in my static config: serversTransport:
# Accept self-signed certificates for backend services
insecureSkipVerify: true
And my service definition for speedtest-tracker (configured with SSL_MODE=full) is this: speedtest:
loadBalancer:
servers:
- url: "https://docker2.domain.name:8008"
passHostHeader: true If I set Since you use traefik labels at the service container level, you need to add this:
only when you want Traefik to access that specific service via If I set speedtest:
loadBalancer:
servers:
- url: "http://docker2.domain.name:8008"
passHostHeader: true Traefik can still access ST, but when browsing ST, the browser complains because it's receiving |
Daniel, In your config below you're telling Traefik to access the container via port 443, with https. (btw, you have a spelling error in the name of the container, you missed a D).
with Try to access the container directly, bypassing Traefik, using this url (replace the domain): https://speedtest.yourlocaldomain.dom If this local test works, it means Another test: restart speedtest-tracker and then check docker log of the container, in the startup phase it tells you the This is my log, the first line after the userid tells you how SSL_MODE is configured.
|
You're right, the SSL_MODE was still set to FULL, in fact none of the variables from the .env under /config were set inside the container (checked with echo). I copied the .env to my project root so it gets read by docker-compose and now the variables are being set. Now my configuration works only with SSL_MODE full or mixed. With SSL_MODE=off I get "Bad Gateway". Is the /config/.env supposed to be read on container startup or do we have to copy it to the host so it gets read by docker-compose? |
Heads up, |
In general, you can use env variables in the docker compose environment section directly. But in this case, there's something not clear on your setup: .env file is read by the app in the /config folder, so you need to map a docker volume to that. That's where the .env file is created and then you can edit it. Did you use the example compose file from the docs? Show me your full docker-compose file, I think you have some issues there. |
Wise choice...;) |
This is my compose file, none of the variables in the .env file under
|
You have the .env file in that folder, on the docker host side? If you edit it and restart ST, it doesn't read the changes? Anyway, I'm usng env variables in the environment section of the compose file, SSL_MODE included, and it works perfectly, actually I prefer it too, without editing another file. I prefer having as much as possible in docker-compose, in general. |
@alexjustesen I confirm what Daniel says: is the Variables set in docker-compose work fine, and actually I do prefer to use that to modify the config. |
It is but it's cached at the moment, if you change the env vars I suggest running |
so on restart it doesn't read it because cache has priority? does the cache expire? luckily I prefer docker-compose env vars... |
I've just updated to the latest release.
I'm getting the above error in browser, this is via Traefik.
No info in the console.
Container log follows:
I've tested it through a localhost too, updating the
.env
accordingly in each case, and got a404
:The text was updated successfully, but these errors were encountered: