404 not found with SSL mkcert and traefik
Kellorn opened this issue · 1 comments
Kellorn commented
Codebase
Mounted codebase
Describe your issue
I'm trying to install a Drupal 10 wodby stack with ssl certificates (using mkcert).
I have a 404 when i'm trying to access to my project_base_url but there is a good ssl certificate
How can we debug 404 page with docker in order to resolve this ?
I'm on a M1 apple with docker.
Output of docker info
Client:
Version: 24.0.2
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.0
Path: /Users/*****/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.19.1
Path: /Users/*****/.docker/cli-plugins/docker-compose
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.0
Path: /Users/******/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.20
Path: /Users/******/.docker/cli-plugins/docker-extension
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v0.1.0-beta.6
Path: /Users/*******/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/*******/.docker/cli-plugins/docker-sbom
scan: Docker Scan (Docker Inc.)
Version: v0.26.0
Path: /Users/********/.docker/cli-plugins/docker-scan
scout: Command line tool for Docker Scout (Docker Inc.)
Version: 0.16.1
Path: /Users/*******/.docker/cli-plugins/docker-scout
Server:
Containers: 18
Running: 9
Paused: 0
Stopped: 9
Images: 56
Server Version: 24.0.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.49-linuxkit-pr
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 3
Total Memory: 7.765GiB
Name: docker-desktop
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
Contents of your docker-compose.yml
version: "3.7"
services:
mariadb:
image: mariadb:$MARIADB_TAG
container_name: "${PROJECT_NAME}_mariadb"
stop_grace_period: 30s
environment:
MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
MYSQL_DATABASE: $DB_NAME
MYSQL_USER: $DB_USER
MYSQL_PASSWORD: $DB_PASSWORD
# volumes:
# - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
# - /path/to/mariadb/data/on/host:/var/lib/mysql # Use bind mount
php:
image: wodby/drupal-php:$PHP_TAG
env_file: .env
container_name: "${PROJECT_NAME}_php"
environment:
SSMTP_MAILHUB: mailhog:1025
# SSMTP_MAILHUB: opensmtpd:25
PHP_SENDMAIL_PATH: '"/usr/bin/dos2unix -u | /usr/sbin/ssmtp -t -f"'
DB_HOST: $DB_HOST
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_DRIVER: $DB_DRIVER
# DRUSH_OPTIONS_URI: "http://${PROJECT_BASE_URL}:${PROJECT_PORT}"
DB_NAME: $DB_NAME
ENVIRONMENT: $ENVIRONMENT
volumes:
- ./:/var/www/html:cached
crond:
init: true
image: wodby/drupal-php:$PHP_TAG
container_name: "${PROJECT_NAME}_crond"
environment:
CRONTAB: "0 * * * * drush -r /var/www/html/web cron"
command: sudo -E crond -f -d 0
volumes:
- ./:/var/www/html:cached
nginx:
image: wodby/nginx:$NGINX_TAG
container_name: "${PROJECT_NAME}_nginx"
depends_on:
- php
environment:
NGINX_TAG: $NGINX_TAG
NGINX_STATIC_OPEN_FILE_CACHE: "off"
NGINX_ERROR_LOG_LEVEL: debug
NGINX_BACKEND_HOST: php
NGINX_SERVER_ROOT: /var/www/html/web
NGINX_VHOST_PRESET: $NGINX_VHOST_PRESET
# NGINX_CONF_INCLUDE: conf.d/nginx.conf
# NGINX_DRUPAL_FILE_PROXY_URL: http://example.com
volumes:
- ./:/var/www/html:cached
# - ./data/nginx/nginx.conf:/etc/nginx/conf.d/nginx.conf:cached
# - ./data/traefik/certs:/etc/ssl/certs/:cached
# - ./data/traefik/keys:/etc/ssl/private/:cached
# - ./data/traefik/certs:/certs/:cached
# Alternative for macOS users: Mutagen https://wodby.com/docs/stacks/drupal/local#docker-for-mac
# - drupal:/var/www/html
labels:
- "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
# add these lines
- "traefik.http.routers.${PROJECT_NAME}_nginx.tls.certresolver=le"
- "traefik.http.routers.${PROJECT_NAME}_nginx.entrypoints=websecure"
extra_hosts:
- "${PROJECT_BASE_URL}:${VM_LOCAL_IP}"
mailhog:
image: mailhog/mailhog
container_name: "${PROJECT_NAME}_mailhog"
labels:
- "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
- "traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"
pma:
image: phpmyadmin/phpmyadmin:$PMA_TAG
container_name: "${PROJECT_NAME}_pma"
environment:
PMA_HOST: $DB_HOST
PMA_USER: $DB_USER
PMA_PASSWORD: $DB_PASSWORD
UPLOAD_LIMIT: 1G
labels:
- "traefik.http.routers.${PROJECT_NAME}_pma.rule=Host(`pma.${PROJECT_BASE_URL}`)"
node:
image: node:$NODE_TAG
container_name: "${PROJECT_NAME}_node"
working_dir: /usr/src/app/front
labels:
- "traefik.http.services.${PROJECT_NAME}_node.loadbalancer.server.port=3000"
- "traefik.http.routers.${PROJECT_NAME}_node.rule=Host(`node.${PROJECT_BASE_URL}`)"
expose:
- "1312"
volumes:
- ./:/usr/src/app
# command: bash -c "gulp watch"
# command: sh -c 'yarn install && yarn run start'
command: bash -c "tail -f /dev/null"
# command: bash -c "npm install && npm run start"
traefik:
image: traefik:v2.10
container_name: "${PROJECT_NAME}_traefik"
restart: unless-stopped
# command: --api.insecure=true --providers.docker --entrypoints.web.address=:80 --providers.file.watch=true
ports:
- '${HTTP_PORT}:80'
- "443:443"
- '8080:8080' # Dashboard
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
# On map la conf statique dans le conteneur
- ./traefik.yml:/etc/traefik/traefik.yml:ro
# On map la conf dynamique statique dans le conteneur
- ./data/traefik/config.yml:/etc/traefik/config.yml:ro
# On map les certificats dans le conteneur
- ./data/traefik/certs:/etc/certs:ro
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik=true"
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
# - "traefik.http.routers.http-catchall.entrypoints=web"
# - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
whoami:
image: containous/whoami:v1.4.0
container_name: "${PROJECT_NAME}_whoami"
security_opt:
- no-new-privileges:true
labels:
- "traefik.http.routers.whoami_http.rule=Host(`whoami.docker.localhost`)"
- "traefik.http.routers.whoami_http.entrypoints=web"
- "traefik.http.routers.whoami_http.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls=true"
networks:
- proxy
volumes:
files:
networks:
proxy:
external: true
Contents of your .env
### Documentation available at https://wodby.com/docs/stacks/drupal/local
### Changelog can be found at https://github.com/wodby/docker4drupal/releases
### Images tags format explained at https://github.com/wodby/docker4drupal#images-tags
### PROJECT SETTINGS
PROJECT_NAME=drupal
PROJECT_BASE_URL=drupal.dev
DB_NAME=drupal
DB_USER=drupal
DB_PASSWORD=drupal
DB_ROOT_PASSWORD=root_pwd
DB_HOST=mariadb
DB_PORT=3306
DB_DRIVER=mysql
# Services Port
HTTP_PORT=8400
# Environements : dev, integration, preprod, prod
ENVIRONMENT=dev
# Input you local ip (ipconfig->something in 10.X.X.X on SA network)
VM_LOCAL_IP=127.0.0.1
### --- MARIADB ----
MARIADB_TAG=10.11.5
#MARIADB_TAG=11.0-3.26.1
#MARIADB_TAG=10.10-3.26.1
#MARIADB_TAG=10.9-3.26.1
#MARIADB_TAG=10.6-3.26.1
#MARIADB_TAG=10.5-3.26.1
#MARIADB_TAG=10.4-3.26.1
### --- VANILLA DRUPAL ----
DRUPAL_TAG=10-4.56.0
#DRUPAL_TAG=9-4.56.0
#DRUPAL_TAG=7-4.56.0
### --- PHP ----
# Linux (uid 1000 gid 1000)
PHP_TAG=8.2-4.47.3
#PHP_TAG=8.1-dev-4.45.2
#PHP_TAG=8.0-dev-4.45.2
# macOS (uid 501 gid 20)
#PHP_TAG=8.2-dev-macos-4.45.2
#PHP_TAG=8.1-dev-macos-4.45.2
#PHP_TAG=8.0-dev-macos-4.45.2
### --- NGINX ----
NGINX_TAG=1.25-5.33.0
#NGINX_TAG=1.24-5.33.0
#NGINX_TAG=1.25-5.33.0
NGINX_VHOST_PRESET=drupal10
#NGINX_VHOST_PRESET=drupal9
#NGINX_VHOST_PRESET=drupal8
#NGINX_VHOST_PRESET=drupal7
### --- SOLR ---
SOLR_TAG=8-4.18.2
#SOLR_TAG=7-4.18.2
#SOLR_TAG=6-4.18.2
#SOLR_TAG=5-4.18.2
SOLR_CONFIG_SET="search_api_solr_4.1.6"
#SOLR_CONFIG_SET="search_api_solr_4.0.1"
#SOLR_CONFIG_SET="search_api_solr_8.x-3.9"
#SOLR_CONFIG_SET="search_api_solr_8.x-3.2"
#SOLR_CONFIG_SET="search_api_solr_8.x-2.7"
#SOLR_CONFIG_SET="search_api_solr_8.x-1.2"
#SOLR_CONFIG_SET="search_api_solr_7.x-1.14"
### --- ELASTICSEARCH ---
ELASTICSEARCH_TAG=7-5.18.9
#ELASTICSEARCH_TAG=6-5.18.9
### --- KIBANA ---
KIBANA_TAG=7-5.18.9
#KIBANA_TAG=6-5.18.9
### --- REDIS ---
REDIS_TAG=7-4.1.1
#REDIS_TAG=6-4.1.1
#REDIS_TAG=5-4.1.1
### --- NODE ---
NODE_TAG=16.14.0-stretch
#NODE_TAG=16-dev-1.23.3
#NODE_TAG=14-dev-1.23.3
### --- VARNISH ---
VARNISH_TAG=6.0-4.14.1
#VARNISH_TAG=4.1-4.14.1
### --- POSTGRESQL ----
POSTGRES_TAG=15-1.31.1
#POSTGRES_TAG=14-1.31.1
#POSTGRES_TAG=13-1.31.1
#POSTGRES_TAG=12-1.31.1
#POSTGRES_TAG=11-1.31.1
### OTHERS
ADMINER_TAG=4-3.24.4
ALPINE_TAG=3.18.2
APACHE_TAG=2.4-4.12.1
ATHENAPDF_TAG=2.16.0
DRUPAL_NODE_TAG=1.0-2.0.0
MEMCACHED_TAG=1-2.15.2
OPENSMTPD_TAG=6-1.18.1
PMA_TAG=5.2.1
RSYSLOG_TAG=latest
SELENIUM_CHROME_TAG=3.141
WEBGRIND_TAG=1-1.30.0
XHPROF_TAG=3.7.6
ZOOKEEPER_TAG=3.8
Logs output docker-compose logs
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] InnoDB: End of log at LSN=46684
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] InnoDB: 128 rollback segments are active.
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
drupal_crond | crond: wakeup dt=60
drupal_crond | crond: file www-data:
drupal_crond | crond: wakeup dt=60
drupal_crond | crond: file www-data:
drupal_crond | crond: wakeup dt=60
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] InnoDB: log sequence number 46684; transaction id 14
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] Plugin 'FEEDBACK' is disabled.
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
drupal_mariadb | 2023-10-04 15:14:48 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
drupal_crond | crond: file www-data:
drupal_crond | crond: wakeup dt=60
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] InnoDB: Buffer pool(s) load completed at 231004 15:14:48
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] Server socket created on IP: '0.0.0.0'.
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] Server socket created on IP: '::'.
drupal_mariadb | 2023-10-04 15:14:48 0 [Note] mariadbd: ready for connections.
drupal_crond | crond: file www-data:
drupal_mariadb | Version: '10.11.5-MariaDB-1:10.11.5+maria~ubu2204' socket: '/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
drupal_crond | crond: wakeup dt=60
drupal_crond | crond: file www-data:
drupal_crond | crond: wakeup dt=60
drupal_crond | crond: file www-data:
drupal_crond | crond: wakeup dt=60
drupal_crond | crond: file www-data:
drupal_mailhog | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog | [APIv1] KEEPALIVE /api/v1/events
drupal_crond | crond: wakeup dt=60
drupal_crond | crond: file www-data:
traefik.yml :
# traefik/traefik.yml
#global:
# sendAnonymousUsage: false
api:
dashboard: true
insecure: true
providers:
docker:
watch: true
exposedByDefault: false
file:
filename: /etc/traefik/config.yml
watch: true
#log:
# level: INFO
# format: common
entryPoints:
web:
address: ":80"
# http:
# redirections:
# entrypoint:
# to: websecure
# scheme: https
websecure:
address: ":443"
config.yml :
tls:
certificates:
- certFile: "/etc/certs/local-cert.pem"
keyFile: "/etc/certs/local-key.pem"
heyyo-droid commented
What works for me.
It redirects all HTTP traffic to HTTPS.
traefik.yml
## STATIC CONFIG (restart traefik to update)
# shows you a log msg if a newer image tag can be used
global:
checkNewVersion: true
# log default is ERROR, but WARN is more helpful
log:
level: WARN
# level: INFO
# enable dashboard on 8080 with auth
# api:
# insecure: true
# dashboard: true
# enable ping so the `traefik healthcheck` works
# ping: {}
providers:
docker:
# exposedByDefault: true
watch: true
file:
fileName: /traefik.yml
watch: true
# listen on 80/443, and redirect all 80 to 443 via 301
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
tls:
certificates:
- certFile: /certs/localcert.pem
keyFile: /certs/localkey.pem
# when testing certs, enable this so traefik doesn't use
# it's own self signed. By default if it can't find a matching
# cert, it'll just create it's own which will cause cert warnings
# in browser
options:
default:
sniStrict: true
docker-compose.yml
nginx:
...
labels:
- "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
- traefik.http.routers.${PROJECT_NAME}_nginx.tls=true
...
traefik:
image: traefik
container_name: "${PROJECT_NAME}_traefik"
ports:
- "${PROJECT_PORT}:80"
- "${PROJECT_PORT_SECURE}:443"
- '8080:8080' # Dashboard
volumes:
- ./traefik.yml:/traefik.yml:ro
- /etc/ssl:/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
Comments or improvements are welcome