Web based family history software

Before asking for help please read "Requesting Help and Suggestions" by clicking on that tab above here.

Question Docker, traefik : no http==>https redirection

  • benoit7769
  • Topic Author
  • Offline
  • New Member
  • New Member
More
3 weeks 4 days ago #1 by benoit7769
Hello everyone,

I'm finally posting my request because I can't resolve the problem. I'm definitely missing something in the configuration, but what?

I installed webtrees on docker with external database, behind traefik with automatic generation of certificates, basic authentication and http==>https redirection in the docker file compose with traefik middleware.

The base-url in the webtrees config.ini is indicated in https (I also tried http, just in case..) with the domain name. All configuration was done with the IP address. Everything was going fine.

However...

With the domain name, the redirection is not http==>https. I get a 404 when I try to connect to http, and a message that the server is in https when I switch to https. (See attached files). Traefik has detected everything, since the certificate appears correct and is in the traefik acme.json file.
All other containers and sites work.

If anyone had a solution?

Thank you so much.
Benedict
PS: Sorry for my English, google translate is my friend...

Please Log in or Create an account to join the conversation.

  • bertkoor
  • Offline
  • Platinum Member
  • Platinum Member
  • Greetings from Utrecht, Holland
More
3 weeks 4 days ago #2 by bertkoor
Replied by bertkoor on topic Docker, traefik : no http==>https redirection
So I understand Traefik acts as a proxy, and it handles all the SSL stuff for you.
Your browser will request with https protocol.
Traefik forwards to webtrees, but now with http protocol and thus on port 80 (or 8080, but certainly not 443).
So webtrees has nothing to do with SSL, all that is handled by Traefik.

The base url in webtrees config.ini should be se to the url as used by your browser, so with the https. Traefik should forward it.

That is the theory I think... How is this different from your config?

stamboom.BertKoor.nl runs on webtrees v1.7.13

Please Log in or Create an account to join the conversation.

  • benoit7769
  • Topic Author
  • Offline
  • New Member
  • New Member
More
3 weeks 4 days ago #3 by benoit7769
Replied by benoit7769 on topic Docker, traefik : no http==>https redirection
Thank you for your reply.

Yes that's fine. Traefik does its reverse proxy job really well. The requests reach webtrees since the certificate has been installed and is active. Routing is done correctly.

I left out some of the configuration. I used ports 8088:8079 on the docker container, but this poses no problem since traefik also serves as a load balancer and automatically redirects to the right ports (the other containers do not complain about this kind of change in any case). :-))

The entry point is 443 but this is traefik's internal configuration. (see attached file).

THANKS
 

Please Log in or Create an account to join the conversation.

More
3 weeks 4 days ago #4 by Franz Frese
Replied by Franz Frese on topic Docker, traefik : no http==>https redirection
You encounter this error because every time a client tries to access your site via HTTP, the request is redirected to HTTPS.
It’s because system expects SSL to be used in the transaction yet the original reques t(received via port 80) was plain HTTP, it complains with the error.

configure #ssl on
OR
ssl off

Please Log in or Create an account to join the conversation.

  • benoit7769
  • Topic Author
  • Offline
  • New Member
  • New Member
More
3 weeks 4 days ago #5 by benoit7769
Replied by benoit7769 on topic Docker, traefik : no http==>https redirection

configure #ssl on
OR
ssl off


If I deactivate https, the problem reverses. I have a 404 in https and the error message in http.

Or is your answer about another part of the setup?

Please Log in or Create an account to join the conversation.

  • benoit7769
  • Topic Author
  • Offline
  • New Member
  • New Member
More
3 weeks 4 days ago #6 by benoit7769
Replied by benoit7769 on topic Docker, traefik : no http==>https redirection
The same problem was posted but without a solution...

community.traefik.io/t/bad-request-apach...-docker-images/13248

Please Log in or Create an account to join the conversation.

  • bertkoor
  • Offline
  • Platinum Member
  • Platinum Member
  • Greetings from Utrecht, Holland
More
3 weeks 4 days ago - 3 weeks 4 days ago #7 by bertkoor
Replied by bertkoor on topic Docker, traefik : no http==>https redirection
I presume Traefic and webtrees run in the same docker network, each in their own container, like webtrees and its db?
Do you use docker-compose?

stamboom.BertKoor.nl runs on webtrees v1.7.13
Last edit: 3 weeks 4 days ago by bertkoor.

Please Log in or Create an account to join the conversation.

  • benoit7769
  • Topic Author
  • Offline
  • New Member
  • New Member
More
3 weeks 4 days ago #8 by benoit7769
Replied by benoit7769 on topic Docker, traefik : no http==>https redirection
Traefik and webtrees each in their container. Traefik manages the network. The database is remote on another non-containerized vps. When I use the IP in url base, webtrees works perfectly...
Yes, with docker compose, in which there are also other containers which have no functioning problem regarding https, that's why I suppose that the problem comes from webtrees itself...

Please Log in or Create an account to join the conversation.

  • bertkoor
  • Offline
  • Platinum Member
  • Platinum Member
  • Greetings from Utrecht, Holland
More
3 weeks 3 days ago - 3 weeks 3 days ago #9 by bertkoor
Replied by bertkoor on topic Docker, traefik : no http==>https redirection

The same problem was posted but without a solution...

community.traefik.io/t/bad-request-apach...-docker-images/13248

My advice: contact the person that said it was solved and ask for the solution.
It's probably something stupid. The error messageis clear: webtrees (or rather the web server with PHP) should not be contacted over port 443. Within the docker network there is no need for SSL, and port 443 wants SSL anyway.

stamboom.BertKoor.nl runs on webtrees v1.7.13
Last edit: 3 weeks 3 days ago by bertkoor.

Please Log in or Create an account to join the conversation.

  • bertkoor
  • Offline
  • Platinum Member
  • Platinum Member
  • Greetings from Utrecht, Holland
More
3 weeks 3 days ago - 3 weeks 3 days ago #10 by bertkoor
Replied by bertkoor on topic Docker, traefik : no http==>https redirection

When I use the IP in url base, webtrees works perfectly...

This gives some hope, but can you clarify and describe exactly what you did? This might help in pinpointing the error.

I would expect the setup is roughly the following:
Code:
Your browser requests: https://www.yourdomain.fr/webtrees/ Traefik forwards to: http://webtrees.internal/ webtrees config.ini base_url: https://www.yourdomain.fr/webtrees/

So you put an IP address in webtrees config.ini base_url? And that is the IP address of what?
That suggests something in the DNS is not right...

The base_url in the config of webtrees is used to put in the pages it serves, so subsequent background network calls by the browser (page snippets loaded in parallel) go to the same address as where the page itself was fetched from.

I would expect that the http port of the webtrees.internal container would not be reachable from outside the internal docker network, not even by its IP address.

stamboom.BertKoor.nl runs on webtrees v1.7.13
Last edit: 3 weeks 3 days ago by bertkoor.

Please Log in or Create an account to join the conversation.

  • benoit7769
  • Topic Author
  • Offline
  • New Member
  • New Member
More
3 weeks 3 days ago #11 by benoit7769
Replied by benoit7769 on topic Docker, traefik : no http==>https redirection
PROVISIONAL SOLUTION

Hello everyone,

I confirm that the difficulty, for me at least, comes only from access to webtrees at the end of the "traefik" reverse proxy chain for https.

The problem actually comes from the SSL activation in the virtualhost of apache2 of the container for webtrees and in particular of "SSLEngine". Traefik manages everything himself and enters into conflicts.

It is therefore "simply" to mount a volume in the docker-compose file with the modification in the "webtrees.conf" file in the apache2 /etc/apache2/sites-enabled/ folder of the container. (see attached file). Desactive SSL and write port 80.

There is surely a more elegant or technical way, either in traefik or in docker, but here I am starting to reach the limit of my autodictate knowledge in IT.

Someone on this forum perhaps?

THANKS

 

Please Log in or Create an account to join the conversation.

  • bertkoor
  • Offline
  • Platinum Member
  • Platinum Member
  • Greetings from Utrecht, Holland
More
3 weeks 3 days ago #12 by bertkoor
Replied by bertkoor on topic Docker, traefik : no http==>https redirection
> The problem actually comes from the SSL activation in the virtualhost of apache2 of the container for webtrees and in particular of "SSLEngine"

Then don't do all that. Let webtrees work on port 8080, without https, without SSL and certificate nonsense. That is a thing for the outside, for Traefic only.

stamboom.BertKoor.nl runs on webtrees v1.7.13

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum
}