Erro https com traefik

Plone Support Deployment & hosting
1

Boa tarde prezados.

Preciso criar uma intranet aqui no trabalho utilizando plone, no caso tem que ser docker com proxy reverso. O meu problema está quando adiciono o traefik.

Passos:

Eu criei um container docker com traefik com a linha de comando abaixo:

===================Container traefik=========================
docker run --name traefik
--network="rede_iec"
-p 80:80 -p 443:443
-v /var/run/docker.sock:/var/run/docker.sock:ro
-v traefik_conf:/etc/traefik/config
-v traefik_cert:/etc/traefik/certificados
-l 'traefik.enable=true'
-l 'traefik.http.routers.traefik.tls=true'
-l 'traefik.http.routers.traefik.entrypoints=websecure'
-l 'traefik.http.routers.traefik.service=api@internal'
-l 'traefik.http.routers.traefik.middlewares=auth@file,redirect-to-https@file'
-l 'traefik.http.routers.http-catchall.rule=hostregexp({host:.+})'
-l 'traefik.http.routers.http-catchall.entrypoints=web'
-l 'traefik.http.routers.http-catchall.middlewares=redirect-to-https@file'
--restart=unless-stopped
-d traefik:v2.9
--api
--api.dashboard=true
--log.level=debug --entrypoints.web.address=":80"
--entrypoints.websecure.address=":443"
--entryPoints.metricas.address=":8082" --metrics.prometheus=true
--metrics.prometheus.entrypoint="metricas"
--metrics.prometheus.addEntryPointsLabels=true
--metrics.prometheus.addServicesLabels=true
--metrics.prometheus.buckets="0.100000, 0.300000, 1.200000, 5.000000"
--providers.docker
--providers.docker.endpoint="unix:///var/run/docker.sock"
--providers.docker.exposedbydefault=false
--providers.file.directory=/etc/traefik/config --providers.file.watch=true

===================Plone===========================================
docker run --name plone_traefik
--network rede_iec
-l 'traefik.enable=true'
-l 'traefik.http.routers.plone.tls=true'
-l 'traefik.http.routers.plone.rule=Host(plone.iec.gov.br)'
-l 'traefik.http.routers.plone.entrypoints=websecure'
-l 'traefik.http.routers.plone.service=plone-service'
-l 'traefik.http.services.plone-service.loadbalancer.server.port=8080'
-l 'traefik.http.middlewares.force-https.redirectscheme.scheme=https'
-l 'traefik.http.middlewares.force-https.redirectscheme.permanent=true'
-d
plone:python38

Tentei acessar o container e apresentou o erro abaixo de conteúdo misto, http e https:

image
image1834×434 141 KB

Quando eu acesso a aplicação sem ser pelo traefik utilizando o ip do container e a porta funciona normalmente conforme imagens abaixo:
Imagem 1

image
image1199×617 44.2 KB

Imagem 2

image
image1714×911 147 KB

Como posso solucionar este problema para poder utilizar com o traefik.

2

Hi!

you've to add a middleware to traefik:

  routers:
    myplone-secure:
      rule: Host(`mydomain.com`)
     [...]
     middlewares: rewriterule-myplonesite

 
 [...]

  middlewares:
    rewriterule-myplonesite:
      replacePathRegex:
        regex: "^/($|.*)"
        replacement: "/VirtualHostBase/https/myplonesite.com:443/Plone/VirtualHostRoot/$1"
3

In the above config, you're just mapping 80 to 443 but Plone does not know about being under https.

4

https://5.docs.plone.org/manage/docker/docs/scaling/swarm.html#swarm

here you can find a reference to traefik.frontend.rule but refers to traefik 1.0. In 2.0:

you've the labels above to use in docker:

traefik.http.routers.rule
traefik.http.routers.router0.middlewares
traefik.http.middlewares
5

Olá Ilailson,

Faltou criar um middleware para fazer a re-escrita da URL. No exemplo abaixo, adiciono as linhas que fazerm essa configuração para você:

docker run --name plone_traefik
--network rede_iec
-l 'traefik.enable=true'
-l 'traefik.http.services.plone-service.loadbalancer.server.port=8080'
-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.regex=^/($$|.*)''
-l "traefik.http.middlewares.mw-iec-plone.replacepathregex.replacement=/VirtualHostBase/https/plone.iec.gov.br/Plone/VirtualHostRoot/$$1"
-l 'traefik.http.routers.plone.tls=true'
-l 'traefik.http.routers.plone.rule=Host(plone.iec.gov.br)'
-l 'traefik.http.routers.plone.entrypoints=websecure'
-l 'traefik.http.routers.plone.service=plone-service'
-l 'traefik.http.routers.plone.middlewares=mw-iec-plone'
-l 'traefik.http.middlewares.force-https.redirectscheme.scheme=https'
-l 'traefik.http.middlewares.force-https.redirectscheme.permanent=true'
-d
plone:python38

Precisando, é só chamar! (E boa Páscoa)

Forte abraço,
Érico Andrei

6

Hi @ericof!

I'm using

regex: "^/($|.*)"

while you suggest

regex: "^/($$|.*)"

and use $$1 instead of $1 in the replacement.

Am I wrong in some cases? Or is this a golang regexp feature? Thanks!

7

Good catch. The usage of $$ is required in docker-compose files; otherwise, it will be treated as an env var substitution.

1 Like
8

Muito obrigado Erico. Com o código que você mandou e do Yuri conseguir fazer funcionar. O código ficou assim.

*docker run --name plone_traefik *
*--network rede_iec *
*-e SITE=Plone *
*-l 'traefik.enable=true' *
*-l 'traefik.http.services.plone-service.loadbalancer.server.port=8080' *
**-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.regex=^/($|.)' *
*-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.replacement=/VirtualHostBase/https/plone.iec.gov.br:443/Plone/VirtualHostRoot/$1' *
*-l 'traefik.http.routers.plone.tls=true' *
*-l 'traefik.http.routers.plone.rule=Host(plone.iec.gov.br)' *
*-l 'traefik.http.routers.plone.entrypoints=websecure' *
*-l 'traefik.http.routers.plone.service=plone-service' *
*-l 'traefik.http.routers.plone.middlewares=mw-iec-plone' *
*-l 'traefik.http.middlewares.force-https.redirectscheme.scheme=https' *
*-l 'traefik.http.middlewares.force-https.redirectscheme.permanent=true' *
-d plone:python38

Onde tinha dois desses $$, deixei somente $

Acrescentei tambem 443 no codigo abaixo:
VirtualHostBase/https/plone.iec.gov.br:443/Plone/VirtualHostRoot/$1'

Muito obrigado.
Feliz Páscoa atrasado.

1 Like
9

Thank you very much for your help. The code that worked stayed like this

docker run --name plone_traefik
--network rede_iec
-e SITE=Plone
-l 'traefik.enable=true'
-l 'traefik.http.services.plone-service.loadbalancer.server.port=8080'
-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.regex=^/($|.*)'
-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.replacement=/VirtualHostBase/https/plone.iec.gov.br:443/Plone/VirtualHostRoot/$1'
-l 'traefik.http.routers.plone.tls=true'
-l 'traefik.http.routers.plone.rule=Host(plone.iec.gov.br)'
-l 'traefik.http.routers.plone.entrypoints=websecure'
-l 'traefik.http.routers.plone.service=plone-service'
-l 'traefik.http.routers.plone.middlewares=mw-iec-plone'
-l 'traefik.http.middlewares.force-https.redirectscheme.scheme=https'
-l 'traefik.http.middlewares.force-https.redirectscheme.permanent=true'
-d plone:python38

The help from them was extremely efficient.
Thank you Yuri and Erico

2 Likes