Ilailson
(Ilailson)
March 28, 2024, 12:38pm
1
Boa tarde prezados.
Preciso criar uma intranet aqui no trabalho utilizando plone, no caso tem que ser docker com proxy reverso. O meu problema está quando adiciono o traefik.
Passos:
Eu criei um container docker com traefik com a linha de comando abaixo:
===================Container traefik=========================
docker run --name traefik
--network="rede_iec"
-p 80:80 -p 443:443
-v /var/run/docker.sock:/var/run/docker.sock:ro
-v traefik_conf:/etc/traefik/config
-v traefik_cert:/etc/traefik/certificados
-l 'traefik.enable=true'
-l 'traefik.http.routers.traefik.tls=true'
-l 'traefik.http.routers.traefik.entrypoints=websecure'
-l 'traefik.http.routers.traefik.service=api@internal'
-l 'traefik.http.routers.traefik.middlewares=auth@file,redirect-to-https@file'
-l 'traefik.http.routers.http-catchall.rule=hostregexp({host:.+}
)'
-l 'traefik.http.routers.http-catchall.entrypoints=web'
-l 'traefik.http.routers.http-catchall.middlewares=redirect-to-https@file'
--restart=unless-stopped
-d traefik:v2.9
--api
--api.dashboard=true
--log.level=debug --entrypoints.web.address=":80"
--entrypoints.websecure.address=":443"
--entryPoints.metricas.address=":8082" --metrics.prometheus=true
--metrics.prometheus.entrypoint="metricas"
--metrics.prometheus.addEntryPointsLabels=true
--metrics.prometheus.addServicesLabels=true
--metrics.prometheus.buckets="0.100000, 0.300000, 1.200000, 5.000000"
--providers.docker
--providers.docker.endpoint="unix:///var/run/docker.sock"
--providers.docker.exposedbydefault=false
--providers.file.directory=/etc/traefik/config --providers.file.watch=true
===================Plone===========================================
docker run --name plone_traefik
--network rede_iec
-l 'traefik.enable=true'
-l 'traefik.http.routers.plone.tls=true'
-l 'traefik.http.routers.plone.rule=Host(plone.iec.gov.br
)'
-l 'traefik.http.routers.plone.entrypoints=websecure'
-l 'traefik.http.routers.plone.service=plone-service'
-l 'traefik.http.services.plone-service.loadbalancer.server.port=8080'
-l 'traefik.http.middlewares.force-https.redirectscheme.scheme=https'
-l 'traefik.http.middlewares.force-https.redirectscheme.permanent=true'
-d
plone:python38
Tentei acessar o container e apresentou o erro abaixo de conteúdo misto, http e https:
Quando eu acesso a aplicação sem ser pelo traefik utilizando o ip do container e a porta funciona normalmente conforme imagens abaixo:
Imagem 1
Imagem 2
Como posso solucionar este problema para poder utilizar com o traefik.
yurj
(Yuri)
March 28, 2024, 2:29pm
2
Hi!
you've to add a middleware to traefik:
routers:
myplone-secure:
rule: Host(`mydomain.com`)
[...]
middlewares: rewriterule-myplonesite
[...]
middlewares:
rewriterule-myplonesite:
replacePathRegex:
regex: "^/($|.*)"
replacement: "/VirtualHostBase/https/myplonesite.com:443/Plone/VirtualHostRoot/$1"
yurj
(Yuri)
March 28, 2024, 2:33pm
3
In the above config, you're just mapping 80 to 443 but Plone does not know about being under https.
yurj
(Yuri)
March 28, 2024, 2:42pm
4
https://5.docs.plone.org/manage/docker/docs/scaling/swarm.html#swarm
here you can find a reference to traefik.frontend.rule but refers to traefik 1.0. In 2.0:
you've the labels above to use in docker:
traefik.http.routers.rule
traefik.http.routers.router0.middlewares
traefik.http.middlewares
ericof
(Ericof)
March 28, 2024, 4:47pm
5
Olá Ilailson,
Faltou criar um middleware para fazer a re-escrita da URL. No exemplo abaixo, adiciono as linhas que fazerm essa configuração para você:
docker run --name plone_traefik
--network rede_iec
-l 'traefik.enable=true'
-l 'traefik.http.services.plone-service.loadbalancer.server.port=8080'
-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.regex=^/($$|.*)''
-l "traefik.http.middlewares.mw-iec-plone.replacepathregex.replacement=/VirtualHostBase/https/plone.iec.gov.br/Plone/VirtualHostRoot/$$1"
-l 'traefik.http.routers.plone.tls=true'
-l 'traefik.http.routers.plone.rule=Host(plone.iec.gov.br)'
-l 'traefik.http.routers.plone.entrypoints=websecure'
-l 'traefik.http.routers.plone.service=plone-service'
-l 'traefik.http.routers.plone.middlewares=mw-iec-plone'
-l 'traefik.http.middlewares.force-https.redirectscheme.scheme=https'
-l 'traefik.http.middlewares.force-https.redirectscheme.permanent=true'
-d
plone:python38
Precisando, é só chamar! (E boa Páscoa)
Forte abraço,
Érico Andrei
yurj
(Yuri)
March 29, 2024, 7:58am
6
Hi @ericof !
I'm using
regex: "^/($|.*)"
while you suggest
regex: "^/($$|.*)"
and use $$1
instead of $1
in the replacement
.
Am I wrong in some cases? Or is this a golang regexp feature? Thanks!
ericof
(Ericof)
March 29, 2024, 2:09pm
7
Good catch. The usage of $$
is required in docker-compose files; otherwise, it will be treated as an env var substitution.
1 Like
Ilailson
(Ilailson)
April 1, 2024, 11:48am
8
Muito obrigado Erico. Com o código que você mandou e do Yuri conseguir fazer funcionar. O código ficou assim.
*docker run --name plone_traefik *
*--network rede_iec *
*-e SITE=Plone *
*-l 'traefik.enable=true' *
*-l 'traefik.http.services.plone-service.loadbalancer.server.port=8080' *
**-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.regex=^/($|.)' *
*-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.replacement=/VirtualHostBase/https/plone.iec.gov.br:443/Plone/VirtualHostRoot/$1' *
*-l 'traefik.http.routers.plone.tls=true' *
*-l 'traefik.http.routers.plone.rule=Host(plone.iec.gov.br
)' *
*-l 'traefik.http.routers.plone.entrypoints=websecure' *
*-l 'traefik.http.routers.plone.service=plone-service' *
*-l 'traefik.http.routers.plone.middlewares=mw-iec-plone' *
*-l 'traefik.http.middlewares.force-https.redirectscheme.scheme=https' *
*-l 'traefik.http.middlewares.force-https.redirectscheme.permanent=true' *
-d plone:python38
Onde tinha dois desses $$, deixei somente $
Acrescentei tambem 443 no codigo abaixo:
VirtualHostBase/https/plone.iec.gov.br:443/Plone/VirtualHostRoot/$1'
Muito obrigado.
Feliz Páscoa atrasado.
1 Like
Ilailson
(Ilailson)
April 1, 2024, 11:57am
9
Thank you very much for your help. The code that worked stayed like this
docker run --name plone_traefik
--network rede_iec
-e SITE=Plone
-l 'traefik.enable=true'
-l 'traefik.http.services.plone-service.loadbalancer.server.port=8080'
-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.regex=^/($|.*)'
-l 'traefik.http.middlewares.mw-iec-plone.replacepathregex.replacement=/VirtualHostBase/https/plone.iec.gov.br:443/Plone/VirtualHostRoot/$1'
-l 'traefik.http.routers.plone.tls=true'
-l 'traefik.http.routers.plone.rule=Host(plone.iec.gov.br
)'
-l 'traefik.http.routers.plone.entrypoints=websecure'
-l 'traefik.http.routers.plone.service=plone-service'
-l 'traefik.http.routers.plone.middlewares=mw-iec-plone'
-l 'traefik.http.middlewares.force-https.redirectscheme.scheme=https'
-l 'traefik.http.middlewares.force-https.redirectscheme.permanent=true'
-d plone:python38
The help from them was extremely efficient.
Thank you Yuri and Erico
2 Likes