- Posts: 6
Question Docker, traefik : no http==>https redirection
- benoit7769
- Topic Author
- Offline
- New Member
I'm finally posting my request because I can't resolve the problem. I'm definitely missing something in the configuration, but what?
I installed webtrees on docker with external database, behind traefik with automatic generation of certificates, basic authentication and http==>https redirection in the docker file compose with traefik middleware.
The base-url in the webtrees config.ini is indicated in https (I also tried http, just in case..) with the domain name. All configuration was done with the IP address. Everything was going fine.
However...
With the domain name, the redirection is not http==>https. I get a 404 when I try to connect to http, and a message that the server is in https when I switch to https. (See attached files). Traefik has detected everything, since the certificate appears correct and is in the traefik acme.json file.
All other containers and sites work.
If anyone had a solution?
Thank you so much.
Benedict
PS: Sorry for my English, google translate is my friend...
Please Log in or Create an account to join the conversation.
- bertkoor
- Offline
- Platinum Member
- Greetings from Utrecht, Holland
Your browser will request with https protocol.
Traefik forwards to webtrees, but now with http protocol and thus on port 80 (or 8080, but certainly not 443).
So webtrees has nothing to do with SSL, all that is handled by Traefik.
The base url in webtrees config.ini should be se to the url as used by your browser, so with the https. Traefik should forward it.
That is the theory I think... How is this different from your config?
stamboom.BertKoor.nl runs on webtrees v2.1.20
Please Log in or Create an account to join the conversation.
- benoit7769
- Topic Author
- Offline
- New Member
- Posts: 6
Yes that's fine. Traefik does its reverse proxy job really well. The requests reach webtrees since the certificate has been installed and is active. Routing is done correctly.
I left out some of the configuration. I used ports 8088:8079 on the docker container, but this poses no problem since traefik also serves as a load balancer and automatically redirects to the right ports (the other containers do not complain about this kind of change in any case). )
The entry point is 443 but this is traefik's internal configuration. (see attached file).
THANKS
Please Log in or Create an account to join the conversation.
- Franz Frese
- Offline
- Elite Member
It’s because system expects SSL to be used in the transaction yet the original reques t(received via port 80) was plain HTTP, it complains with the error.
configure #ssl on
OR
ssl off
Please Log in or Create an account to join the conversation.
- benoit7769
- Topic Author
- Offline
- New Member
- Posts: 6
configure #ssl on
OR
ssl off
If I deactivate https, the problem reverses. I have a 404 in https and the error message in http.
Or is your answer about another part of the setup?
Please Log in or Create an account to join the conversation.
- benoit7769
- Topic Author
- Offline
- New Member
- Posts: 6
community.traefik.io/t/bad-request-apach...-docker-images/13248
Please Log in or Create an account to join the conversation.
- bertkoor
- Offline
- Platinum Member
- Greetings from Utrecht, Holland
Do you use docker-compose?
stamboom.BertKoor.nl runs on webtrees v2.1.20
Please Log in or Create an account to join the conversation.
- benoit7769
- Topic Author
- Offline
- New Member
- Posts: 6
Yes, with docker compose, in which there are also other containers which have no functioning problem regarding https, that's why I suppose that the problem comes from webtrees itself...
Please Log in or Create an account to join the conversation.
- bertkoor
- Offline
- Platinum Member
- Greetings from Utrecht, Holland
The same problem was posted but without a solution...
community.traefik.io/t/bad-request-apach...-docker-images/13248
My advice: contact the person that said it was solved and ask for the solution.
It's probably something stupid. The error messageis clear: webtrees (or rather the web server with PHP) should not be contacted over port 443. Within the docker network there is no need for SSL, and port 443 wants SSL anyway.
stamboom.BertKoor.nl runs on webtrees v2.1.20
Please Log in or Create an account to join the conversation.
- bertkoor
- Offline
- Platinum Member
- Greetings from Utrecht, Holland
When I use the IP in url base, webtrees works perfectly...
This gives some hope, but can you clarify and describe exactly what you did? This might help in pinpointing the error.
I would expect the setup is roughly the following:
So you put an IP address in webtrees config.ini base_url? And that is the IP address of what?
That suggests something in the DNS is not right...
The base_url in the config of webtrees is used to put in the pages it serves, so subsequent background network calls by the browser (page snippets loaded in parallel) go to the same address as where the page itself was fetched from.
I would expect that the http port of the webtrees.internal container would not be reachable from outside the internal docker network, not even by its IP address.
stamboom.BertKoor.nl runs on webtrees v2.1.20
Please Log in or Create an account to join the conversation.
- benoit7769
- Topic Author
- Offline
- New Member
- Posts: 6
Hello everyone,
I confirm that the difficulty, for me at least, comes only from access to webtrees at the end of the "traefik" reverse proxy chain for https.
The problem actually comes from the SSL activation in the virtualhost of apache2 of the container for webtrees and in particular of "SSLEngine". Traefik manages everything himself and enters into conflicts.
It is therefore "simply" to mount a volume in the docker-compose file with the modification in the "webtrees.conf" file in the apache2 /etc/apache2/sites-enabled/ folder of the container. (see attached file). Desactive SSL and write port 80.
There is surely a more elegant or technical way, either in traefik or in docker, but here I am starting to reach the limit of my autodictate knowledge in IT.
Someone on this forum perhaps?
THANKS
Please Log in or Create an account to join the conversation.
- bertkoor
- Offline
- Platinum Member
- Greetings from Utrecht, Holland
Then don't do all that. Let webtrees work on port 8080, without https, without SSL and certificate nonsense. That is a thing for the outside, for Traefic only.
stamboom.BertKoor.nl runs on webtrees v2.1.20
Please Log in or Create an account to join the conversation.