-
-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Traefik configuration for Snipe-IT #26
Comments
I've managed to get this working after digging into how this container is working and how snipe-it handles validation. I'm not sure if this also breaks things for when it's not running behind traefik, I'll do some more research and consider a pull request with documentation updates if it makes sense. Problem -
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Include `APP_URL` in the required parameters. See linuxserver#26 (comment), linuxserver#25
We do not support or test traefik as we provide our own supported reverse proxy. closing this |
Cool, so because you have developed your own non-standard reverse proxy setup, it means that everything else does not exist hence why you don't even wiki it? I'm trying to setup a Snipe-IT instance using the official image and Træfik, searching on Google this issue is the top result for "snipe-it traefik", and the "solution" is a hard "no"? Oookay, not gonna comment on that... |
Hi @bryanpedini , I'm running my Snipe-IT successfully now, forgot about this thread so this is my solution, feel free to ask for details:
version: "3"
services:
snipeit:
image: linuxserver/snipe-it:6.0.11
container_name: snipeit_app
restart: unless-stopped
depends_on:
- mysql
volumes:
- ./app_data:/config
env_file: .env
environment:
- NGINX_APP_URL=snipeit.<myserver>.<mydomain>.cz
- MYSQL_PORT_3306_TCP_ADDR=mysql
- MYSQL_PORT_3306_TCP_PORT=3306
- MYSQL_DATABASE=<snipe_db>
- MYSQL_USER=<snipe_user>
- MYSQL_PASSWORD=<password_mysql_user>
- PGID=1000
- PUID=1000
- DOCKER_MODS=linuxserver/mods:universal-wait-for-internet|linuxserver/mods:universal-cron
- API_THROTTLE_PER_MINUTE=600 # default 100
- MAX_RESULTS=10000 # default 500
- PHP_UPLOAD_LIMIT=50
networks:
- proxy
- backend
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.routers.snipeit-https.rule=Host(`snipeit.<myserver>.<mydomain>.cz`)
- traefik.http.routers.snipeit-https.entrypoints=websecure
- traefik.http.routers.snipeit-https.tls=true
mysql:
image: linuxserver/mariadb
container_name: snipeit_db
restart: always
volumes:
- ./db_data:/config
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- MYSQL_ROOT_PASSWORD=<password_mysql_root>
- MYSQL_USER=<snipe_user>
- MYSQL_PASSWORD=<password_mysql_user>
- MYSQL_DATABASE=<snipe_db>
networks:
- backend
networks:
proxy:
external: true
backend:
external: false
# Snipe-IT Settings
APP_ENV=production
APP_DEBUG=false
APP_TIMEZONE=Europe/Prague
APP_LOCALE=cs
APP_URL=https://snipeit.<server>.<domain>.cz
APP_KEY=base64:edLSOtxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxkj/JcLI= # from snipeit/app_data/SNIPE_IT_APP_KEY.txt
# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_DRIVER=smtp
MAIL_HOST=<our_email_host>
MAIL_PORT=587
MAIL_USERNAME=<mail_username>
MAIL_PASSWORD=<mail_password>
MAIL_ENCRYPTION=null
MAIL_ENV_FROM_ADDR=<testaddress@<mydomain>.cz>
MAIL_FROM_ADDR=<mail_from_username>@<mydomain>.cz
MAIL_FROM_NAME='<name_from>'
MAIL_REPLYTO_ADDR=
MAIL_REPLYTO_NAME=
MAIL_BACKUP_NOTIFICATION_ADDRESS=<alerts_for_admins>@<mydomain>.cz
# --------------------------------------------
# OPTIONAL: SECURITY HEADER SETTINGS
# --------------------------------------------
CORS_ALLOWED_ORIGINS=*
version: '3.7'
services:
traefik:
image: traefik:v2.6.6
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- "80:80" # The HTTP port
- "443:443"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro # So that Traefik can listen to the Docker events
- /var/log/traefik:/var/log # Logging
- ./data/traefik.yml:/traefik.yml:ro # Static configuration yml
- ./data/dynamic_config:/etc/traefik/dynamic_config # Dynamic configuration yml
- ./data/certs:/etc/traefik/certs:ro # Certificates folder
- ./data/certs_keys:/etc/traefik/certs_keys:ro # Certificates keys folder
environment:
- HOST_IP=${HOST_IP}
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`traefik.<myserver>.<mydomain>.cz`)
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=traefik-auth
- traefik.http.middlewares.traefik-auth.basicauth.users=admin:<hashedpassword>
networks:
proxy:
external: true
# log default is ERROR, but WARN is more helpful
log:
level: INFO
accessLog:
filePath: /var/log/traefik-access.log
# enable dashboard on 8080
api:
dashboard: true
insecure: false
ping: {}
pilot:
dashboard: false
# listen on 80/443, and redirect all 80 to 443 via 301
entryPoints:
web:
address: ":80"
# comment out these lines if you don't want to redirect everything to https
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ":443"
http:
tls: {}
providers:
docker:
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
watch: true
file:
directory: /etc/traefik/dynamic_config
watch: true |
This thread has been closed for almost a year.
We put together SWAG which is primarily made up of nginx and certbot (not things we developed) and shipped with configuration files we made to make things easy. There is nothing
We are aware of other options, such as traefik, caddy, haproxy, etc. The fact that other options exist does not obligate us to learn how they work and offer support for them.
We document what we do, and how to use what we make. We don't make traefik. We don't have all the answers about how to make traefik work with every application under the sun. It seems (based on there being mention of issues being reported to the devs of snipe-it) that there are issues with snipe-it (not specific to our docker image) that make it challenging to proxy snipe-it with some reverse proxy solutions. The development of snipe-it is entirely out of our hands. Your comment was pretty rude, considering we do what we do for free and make it available for anyone to use and do what they want with. We don't tell people not to use traefik, just that we aren't the helpdesk/hotline for it. |
Thank you for sharing @SonGokussj4, it might help others for sure. I, on the other end, ended up just searching a fair bit (more) online and finding about the nefarious APP_URL and APP_TRUSTED_PROXIES, which once set correctly made the Træfik setup work just fine: deployments/snipe-it. |
Cool. Issues related to the topic of the thread seemed to be not tho, or at least not clearly documented without a lot of research to make it work.
Sure, as stated before, I support the "not supporting it" thesis, but reject the mentality of not considering them:
No "feel free to draft a PR to include it in the docs", no "sorry but since we provide our solution we do not wish to waste time doing the research, but feel free to document it on your own and report us your findings", just "F U, we do things our way, either that way or you're on your own, and we don't care about your setup so that others trying to replicate will just see "closing this" and believe that it's not possible at all"...
Please refer to the previous, would have been nice to say "please draft up a PR" or "report your findings so that other people may get help here since this be the first google result" instead of just "closing this, because"...
Sure, was not saying so... anyway I made it work, so it might be challenging, but not impossible 🤷🏻
Didn't meant to be, just pointing out that maybe something different than "closing this" (without technically an explanation (beyond the "we do stuff our way")) would have been nice-er, since that could be interpreted (just like I did) rude as well by your end... |
Desired Behavior
Config example of traefik label or documentation what else to change for traefik reverse proxy to work.
Current Behavior
As I tried almost every combination I can't make it work with traefik.
Instead of
myserver:3051
I wantsnipeit.mydomain.com
but getting either 404 or Gateway errors.The text was updated successfully, but these errors were encountered: