Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

404 not found with SSL mkcert and traefik #559

Open
Kellorn opened this issue Oct 4, 2023 · 1 comment
Open

404 not found with SSL mkcert and traefik #559

Kellorn opened this issue Oct 4, 2023 · 1 comment

Comments

@Kellorn
Copy link

Kellorn commented Oct 4, 2023

Codebase
Mounted codebase

Describe your issue
I'm trying to install a Drupal 10 wodby stack with ssl certificates (using mkcert).
I have a 404 when i'm trying to access to my project_base_url but there is a good ssl certificate
How can we debug 404 page with docker in order to resolve this ?
I'm on a M1 apple with docker.

Output of docker info

Client:
 Version:    24.0.2
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.0
    Path:     /Users/*****/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.19.1
    Path:     /Users/*****/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/******/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/******/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /Users/*******/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/*******/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/********/.docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.16.1
    Path:     /Users/*******/.docker/cli-plugins/docker-scout

Server:
 Containers: 18
  Running: 9
  Paused: 0
  Stopped: 9
 Images: 56
 Server Version: 24.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.49-linuxkit-pr
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 3
 Total Memory: 7.765GiB
 Name: docker-desktop
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Contents of your docker-compose.yml

version: "3.7"

services:
  mariadb:
    image: mariadb:$MARIADB_TAG
    container_name: "${PROJECT_NAME}_mariadb"
    stop_grace_period: 30s
    environment:
      MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
      MYSQL_DATABASE: $DB_NAME
      MYSQL_USER: $DB_USER
      MYSQL_PASSWORD: $DB_PASSWORD
#    volumes:
#      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
#      - /path/to/mariadb/data/on/host:/var/lib/mysql # Use bind mount

  php:
    image: wodby/drupal-php:$PHP_TAG
    env_file: .env
    container_name: "${PROJECT_NAME}_php"
    environment:
      SSMTP_MAILHUB: mailhog:1025
      #      SSMTP_MAILHUB: opensmtpd:25
      PHP_SENDMAIL_PATH: '"/usr/bin/dos2unix -u | /usr/sbin/ssmtp -t -f"'
      DB_HOST: $DB_HOST
      DB_PORT: $DB_PORT
      DB_USER: $DB_USER
      DB_PASSWORD: $DB_PASSWORD
      DB_DRIVER: $DB_DRIVER
      #      DRUSH_OPTIONS_URI: "http://${PROJECT_BASE_URL}:${PROJECT_PORT}"
      DB_NAME: $DB_NAME
      ENVIRONMENT: $ENVIRONMENT
    volumes:
    - ./:/var/www/html:cached

  crond:
    init: true
    image: wodby/drupal-php:$PHP_TAG
    container_name: "${PROJECT_NAME}_crond"
    environment:
      CRONTAB: "0 * * * * drush -r /var/www/html/web cron"
    command: sudo -E crond -f -d 0
    volumes:
      - ./:/var/www/html:cached

  nginx:
    image: wodby/nginx:$NGINX_TAG
    container_name: "${PROJECT_NAME}_nginx"
    depends_on:
      - php
    environment:
      NGINX_TAG: $NGINX_TAG
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_SERVER_ROOT: /var/www/html/web
      NGINX_VHOST_PRESET: $NGINX_VHOST_PRESET
    #      NGINX_CONF_INCLUDE: conf.d/nginx.conf
    #      NGINX_DRUPAL_FILE_PROXY_URL: http://example.com
    volumes:
      - ./:/var/www/html:cached
    #    - ./data/nginx/nginx.conf:/etc/nginx/conf.d/nginx.conf:cached
    #    - ./data/traefik/certs:/etc/ssl/certs/:cached
    #    - ./data/traefik/keys:/etc/ssl/private/:cached
    #    - ./data/traefik/certs:/certs/:cached
    # Alternative for macOS users: Mutagen https://wodby.com/docs/stacks/drupal/local#docker-for-mac
    #    - drupal:/var/www/html
    labels:
      - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
      # add these lines
      - "traefik.http.routers.${PROJECT_NAME}_nginx.tls.certresolver=le"
      - "traefik.http.routers.${PROJECT_NAME}_nginx.entrypoints=websecure"
    extra_hosts:
      - "${PROJECT_BASE_URL}:${VM_LOCAL_IP}"

  mailhog:
    image: mailhog/mailhog
    container_name: "${PROJECT_NAME}_mailhog"
    labels:
      - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
      - "traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"

  pma:
    image: phpmyadmin/phpmyadmin:$PMA_TAG
    container_name: "${PROJECT_NAME}_pma"
    environment:
      PMA_HOST: $DB_HOST
      PMA_USER: $DB_USER
      PMA_PASSWORD: $DB_PASSWORD
      UPLOAD_LIMIT: 1G
    labels:
      - "traefik.http.routers.${PROJECT_NAME}_pma.rule=Host(`pma.${PROJECT_BASE_URL}`)"

  node:
    image: node:$NODE_TAG
    container_name: "${PROJECT_NAME}_node"
    working_dir: /usr/src/app/front
    labels:
      - "traefik.http.services.${PROJECT_NAME}_node.loadbalancer.server.port=3000"
      - "traefik.http.routers.${PROJECT_NAME}_node.rule=Host(`node.${PROJECT_BASE_URL}`)"
    expose:
      - "1312"
    volumes:
      - ./:/usr/src/app
    #    command: bash -c "gulp watch"
    #    command: sh -c 'yarn install && yarn run start'
    command: bash -c "tail -f /dev/null"
  #    command: bash -c "npm install && npm run start"

  traefik:
    image: traefik:v2.10
    container_name: "${PROJECT_NAME}_traefik"
    restart: unless-stopped
    #    command: --api.insecure=true --providers.docker --entrypoints.web.address=:80  --providers.file.watch=true
    ports:
      - '${HTTP_PORT}:80'
      - "443:443"
      - '8080:8080' # Dashboard
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # On map la conf statique dans le conteneur
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      # On map la conf dynamique statique dans le conteneur
      - ./data/traefik/config.yml:/etc/traefik/config.yml:ro
      # On map les certificats dans le conteneur
      - ./data/traefik/certs:/etc/certs:ro
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik=true"
#      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
#      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
#      - "traefik.http.routers.http-catchall.entrypoints=web"
#      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

  whoami:
    image: containous/whoami:v1.4.0
    container_name: "${PROJECT_NAME}_whoami"
    security_opt:
      - no-new-privileges:true
    labels:
      - "traefik.http.routers.whoami_http.rule=Host(`whoami.docker.localhost`)"
      - "traefik.http.routers.whoami_http.entrypoints=web"
      - "traefik.http.routers.whoami_http.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls=true"
    networks:
      - proxy

volumes:
  files:

networks:
  proxy:
    external: true

Contents of your .env

### Documentation available at https://wodby.com/docs/stacks/drupal/local
### Changelog can be found at https://github.com/wodby/docker4drupal/releases
### Images tags format explained at https://github.com/wodby/docker4drupal#images-tags

### PROJECT SETTINGS

PROJECT_NAME=drupal
PROJECT_BASE_URL=drupal.dev

DB_NAME=drupal
DB_USER=drupal
DB_PASSWORD=drupal
DB_ROOT_PASSWORD=root_pwd
DB_HOST=mariadb
DB_PORT=3306
DB_DRIVER=mysql

# Services Port
HTTP_PORT=8400

# Environements : dev, integration, preprod, prod
ENVIRONMENT=dev

# Input you local ip (ipconfig->something in 10.X.X.X on SA network)
VM_LOCAL_IP=127.0.0.1

### --- MARIADB ----

MARIADB_TAG=10.11.5
#MARIADB_TAG=11.0-3.26.1
#MARIADB_TAG=10.10-3.26.1
#MARIADB_TAG=10.9-3.26.1
#MARIADB_TAG=10.6-3.26.1
#MARIADB_TAG=10.5-3.26.1
#MARIADB_TAG=10.4-3.26.1

### --- VANILLA DRUPAL ----

DRUPAL_TAG=10-4.56.0
#DRUPAL_TAG=9-4.56.0
#DRUPAL_TAG=7-4.56.0

### --- PHP ----

# Linux (uid 1000 gid 1000)

PHP_TAG=8.2-4.47.3
#PHP_TAG=8.1-dev-4.45.2
#PHP_TAG=8.0-dev-4.45.2

# macOS (uid 501 gid 20)

#PHP_TAG=8.2-dev-macos-4.45.2
#PHP_TAG=8.1-dev-macos-4.45.2
#PHP_TAG=8.0-dev-macos-4.45.2

### --- NGINX ----

NGINX_TAG=1.25-5.33.0
#NGINX_TAG=1.24-5.33.0
#NGINX_TAG=1.25-5.33.0

NGINX_VHOST_PRESET=drupal10
#NGINX_VHOST_PRESET=drupal9
#NGINX_VHOST_PRESET=drupal8
#NGINX_VHOST_PRESET=drupal7

### --- SOLR ---

SOLR_TAG=8-4.18.2
#SOLR_TAG=7-4.18.2
#SOLR_TAG=6-4.18.2
#SOLR_TAG=5-4.18.2

SOLR_CONFIG_SET="search_api_solr_4.1.6"
#SOLR_CONFIG_SET="search_api_solr_4.0.1"
#SOLR_CONFIG_SET="search_api_solr_8.x-3.9"
#SOLR_CONFIG_SET="search_api_solr_8.x-3.2"
#SOLR_CONFIG_SET="search_api_solr_8.x-2.7"
#SOLR_CONFIG_SET="search_api_solr_8.x-1.2"
#SOLR_CONFIG_SET="search_api_solr_7.x-1.14"

### --- ELASTICSEARCH ---

ELASTICSEARCH_TAG=7-5.18.9
#ELASTICSEARCH_TAG=6-5.18.9

### --- KIBANA ---

KIBANA_TAG=7-5.18.9
#KIBANA_TAG=6-5.18.9

### --- REDIS ---

REDIS_TAG=7-4.1.1
#REDIS_TAG=6-4.1.1
#REDIS_TAG=5-4.1.1

### --- NODE ---

NODE_TAG=16.14.0-stretch
#NODE_TAG=16-dev-1.23.3
#NODE_TAG=14-dev-1.23.3

### --- VARNISH ---

VARNISH_TAG=6.0-4.14.1
#VARNISH_TAG=4.1-4.14.1

### --- POSTGRESQL ----

POSTGRES_TAG=15-1.31.1
#POSTGRES_TAG=14-1.31.1
#POSTGRES_TAG=13-1.31.1
#POSTGRES_TAG=12-1.31.1
#POSTGRES_TAG=11-1.31.1

### OTHERS

ADMINER_TAG=4-3.24.4
ALPINE_TAG=3.18.2
APACHE_TAG=2.4-4.12.1
ATHENAPDF_TAG=2.16.0
DRUPAL_NODE_TAG=1.0-2.0.0
MEMCACHED_TAG=1-2.15.2
OPENSMTPD_TAG=6-1.18.1
PMA_TAG=5.2.1
RSYSLOG_TAG=latest
SELENIUM_CHROME_TAG=3.141
WEBGRIND_TAG=1-1.30.0
XHPROF_TAG=3.7.6
ZOOKEEPER_TAG=3.8

Logs output docker-compose logs

drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: End of log at LSN=46684
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: 128 rollback segments are active.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: log sequence number 46684; transaction id 14
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] Plugin 'FEEDBACK' is disabled.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
drupal_mariadb  | 2023-10-04 15:14:48 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: Buffer pool(s) load completed at 231004 15:14:48
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] Server socket created on IP: '0.0.0.0'.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] Server socket created on IP: '::'.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] mariadbd: ready for connections.
drupal_crond    | crond: file www-data:
drupal_mariadb  | Version: '10.11.5-MariaDB-1:10.11.5+maria~ubu2204'  socket: '/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:

traefik.yml :

# traefik/traefik.yml
#global:
#  sendAnonymousUsage: false

api:
  dashboard: true
  insecure: true

providers:
  docker:
    watch: true
    exposedByDefault: false
  file:
    filename: /etc/traefik/config.yml
    watch: true

#log:
#  level: INFO
#  format: common

entryPoints:
  web:
    address: ":80"
#    http:
#      redirections:
#        entrypoint:
#          to: websecure
#          scheme: https
  websecure:
    address: ":443"

config.yml :

tls:
  certificates:
    - certFile: "/etc/certs/local-cert.pem"
      keyFile: "/etc/certs/local-key.pem" 
@heyyo-droid
Copy link

What works for me.
It redirects all HTTP traffic to HTTPS.

traefik.yml

## STATIC CONFIG (restart traefik to update)

# shows you a log msg if a newer image tag can be used
global:
  checkNewVersion: true

# log default is ERROR, but WARN is more helpful
log:
  level: WARN
  # level: INFO

# enable dashboard on 8080 with auth
# api:
#   insecure: true
#   dashboard: true

# enable ping so the `traefik healthcheck` works
# ping: {}

providers:
  docker:
    # exposedByDefault: true
    watch: true
  file:
    fileName: /traefik.yml
    watch: true

# listen on 80/443, and redirect all 80 to 443 via 301
entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: :443

tls:
  certificates:
    - certFile: /certs/localcert.pem
      keyFile: /certs/localkey.pem
# when testing certs, enable this so traefik doesn't use
# it's own self signed. By default if it can't find a matching
# cert, it'll just create it's own which will cause cert warnings
# in browser
  options:
    default:
      sniStrict: true

docker-compose.yml

  nginx:
  ...
    labels:
    - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"    
    - traefik.http.routers.${PROJECT_NAME}_nginx.tls=true
  ... 
  traefik:
    image: traefik
    container_name: "${PROJECT_NAME}_traefik"
    ports:
    - "${PROJECT_PORT}:80"
    - "${PROJECT_PORT_SECURE}:443"
    - '8080:8080' # Dashboard
    volumes:
    - ./traefik.yml:/traefik.yml:ro
    - /etc/ssl:/certs
    - /var/run/docker.sock:/var/run/docker.sock:ro

Comments or improvements are welcome

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants