I'm trying to put my own certificates on traefik, but it's not working.
The page is not load with https on backend or frontend.
Any idea?
---
version: '3.8'
name: intranet
services:
traefik:
image: traefik:v2.10
ports:
- 80:80
- 443:443
labels:
- traefik.enable=true
- traefik.constraint-label=public
- traefik.http.routers.traefik-admin.rule=Host(`traefik.intranet.localhost`)
- traefik.http.routers.traefik-admin.entrypoints=web
- traefik.http.routers.traefik-admin.service=api@internal
- traefik.http.services.traefik-public.loadbalancer.server.port=8000
- traefik.http.middlewares.gzip.compress=true
- traefik.http.middlewares.gzip.compress.excludedcontenttypes=image/png, image/jpeg, font/woff2
- traefik.http.middlewares.testHeader.headers.contentTypeNosniff=true
- traefik.http.middlewares.testHeader.headers.browserXssFilter=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./devops/certs-traefik.yaml:/etc/traefik/dynamic/certs-traefik.yaml
- ./devops/certificates/:/etc/certs/
command:
- --providers.docker
- --providers.docker.constraints=Label(`traefik.constraint-label`, `public`)
- --providers.docker.exposedbydefault=false
- --providers.file.directory=/etc/traefik/dynamic
- --providers.file.watch=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --accesslog
- --log
- --api
networks:
- traefik_public
purger:
image: ghcr.io/kitconcept/cluster-purger:latest
platform: linux/amd64
environment:
PURGER_SERVICE_NAME: varnish
PURGER_SERVICE_PORT: 80
PURGER_MODE: "compose"
PURGER_PUBLIC_SITES: "['intranet.localhost']"
networks:
- traefik_public
varnish:
build:
context: devops/varnish
labels:
- traefik.enable=true
- traefik.constraint-label=public
- traefik.http.services.svc-varnish.loadbalancer.server.port=80
depends_on:
- backend
networks:
- traefik_public
frontend:
build:
context: ./frontend
environment:
RAZZLE_INTERNAL_API_PATH: http://backend:8080/intranet
TZ: "America/Sao_Paulo"
depends_on:
- backend
ports:
- "3000:3000"
networks:
- traefik_public
labels:
- traefik.enable=true
- traefik.constraint-label=public
- traefik.http.services.svc-frontend.loadbalancer.server.port=3000
# Routers
## /
# ### Router: Varnish Public
# - traefik.http.routers.rt-frontend-public.rule=Host(`intranet.localhost`)
# - traefik.http.routers.rt-frontend-public.entrypoints=web
# - traefik.http.routers.rt-frontend-public.service=svc-varnish
# - traefik.http.routers.rt-frontend-public.middlewares=gzip
# ### Router: Internal
# - traefik.http.routers.rt-frontend-internal.rule=Host(`intranet.localhost`) && Headers(`X-Varnish-Routed`, `1`)
# - traefik.http.routers.rt-frontend-internal.entrypoints=web
# - traefik.http.routers.rt-frontend-internal.service=svc-frontend
# Routers - HTTPS
### Router: Varnish Public
- traefik.http.routers.rt-frontend-sec.rule=Host(`intranet.localhost`)
- traefik.http.routers.rt-frontend-sec.entrypoints=websecure
- traefik.http.routers.rt-frontend-sec.tls=true
- traefik.http.routers.rt-frontend-sec.service=svc-varnish
- traefik.http.routers.rt-frontend-sec.middlewares=gzip
### Router: Internal
- traefik.http.routers.rt-frontend-internal-sec.rule=Host(`intranet.localhost`) && Headers(`X-Varnish-Routed`, `1`)
- traefik.http.routers.rt-frontend-internal-sec.entrypoints=websecure
- traefik.http.routers.rt-frontend-internal-sec.tls=true
- traefik.http.routers.rt-frontend-internal-sec.service=svc-frontend
- traefik.http.middlewares.testHeader.headers.contentTypeNosniff=true
- traefik.http.middlewares.testHeader.headers.browserXssFilter=true
backend:
build:
context: ./backend
environment:
RELSTORAGE_DSN: "dbname='${DB_NAME:-plone}' user='${DB_NAME:-plone}' host='${DB_HOST:-db}' password='${DB_PASSWORD:-passwd}' port='${DB_PORT:-5432}'"
TZ: "America/Sao_Paulo"
restart: on-failure
depends_on:
- db
ports:
- "8080:8080"
labels:
- traefik.enable=true
- traefik.constraint-label=public
# Services
- traefik.http.services.svc-backend.loadbalancer.server.port=8080
# Middlewares
## VHM rewrite /++api++/
- "traefik.http.middlewares.mw-backend-vhm-api.replacepathregex.regex=^/\\+\\+api\\+\\+($$|/.*)"
- "traefik.http.middlewares.mw-backend-vhm-api.replacepathregex.replacement=/VirtualHostBase/http/intranet.localhost/intranet/++api++/VirtualHostRoot$$1"
## VHM rewrite /ClassicUI/
- "traefik.http.middlewares.mw-backend-vhm-classic.replacepathregex.regex=^/ClassicUI($$|/.*)"
- "traefik.http.middlewares.mw-backend-vhm-classic.replacepathregex.replacement=/VirtualHostBase/http/intranet.localhost/intranet/VirtualHostRoot/_vh_ClassicUI$$1"
## /++api++/
### Router: Varnish Public
- traefik.http.routers.rt-backend-api-public.rule=Host(`intranet.localhost`) && PathPrefix(`/++api++`)
- traefik.http.routers.rt-backend-api-public.entrypoints=web
- traefik.http.routers.rt-backend-api-public.service=svc-varnish
- traefik.http.routers.rt-backend-api-public.middlewares=gzip, https-redirect
### Router: Internal
- traefik.http.routers.rt-backend-api-internal.rule=Host(`intranet.localhost`) && PathPrefix(`/++api++`) && Headers(`X-Varnish-Routed`, `1`)
- traefik.http.routers.rt-backend-api-internal.entrypoints=web
- traefik.http.routers.rt-backend-api-internal.service=svc-backend
- traefik.http.routers.rt-backend-api-internal.middlewares=gzip,mw-backend-vhm-api, https-redirect
## /ClassicUI
- traefik.http.routers.rt-backend-classic.rule=Host(`intranet.localhost`) && PathPrefix(`/ClassicUI`)
- traefik.http.routers.rt-backend-classic.entrypoints=web
- traefik.http.routers.rt-backend-classic.service=svc-backend
- traefik.http.routers.rt-backend-classic.middlewares=gzip,mw-backend-auth,mw-backend-vhm-classic, https-redirect
# Routers - HTTPS
## /++api++/
### Router: Varnish Public
- traefik.http.routers.rt-backend-api-sec.rule=Host(`intranet.localhost`) && PathPrefix(`/++api++`)
- traefik.http.routers.rt-backend-api-sec.entrypoints=websecure
- traefik.http.routers.rt-backend-api-sec.tls=true
- traefik.http.routers.rt-backend-api-sec.service=svc-varnish
- traefik.http.routers.rt-backend-api-sec.middlewares=gzip
### Router: Internal
- traefik.http.routers.rt-backend-api-internal-sec.rule=Host(`intranet.localhost`) && PathPrefix(`/++api++`) && Headers(`X-Varnish-Routed`, `1`)
- traefik.http.routers.rt-backend-api-internal-sec.entrypoints=websecure
- traefik.http.routers.rt-backend-api-internal-sec.tls=true
- traefik.http.routers.rt-backend-api-internal-sec.service=svc-backend
- traefik.http.routers.rt-backend-api-internal-sec.middlewares=gzip,mw-backend-vhm-api
## /ClassicUI
- traefik.http.routers.rt-backend-classic-sec.rule=Host(`intranet.localhost`) && PathPrefix(`/ClassicUI`)
- traefik.http.routers.rt-backend-classic-sec.entrypoints=websecure
- traefik.http.routers.rt-backend-classic-sec.tls=true
- traefik.http.routers.rt-backend-classic-sec.service=svc-backend
- traefik.http.routers.rt-backend-classic-sec.middlewares=gzip,mw-backend-auth,mw-backend-vhm-classic
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.middlewares.testHeader.headers.contentTypeNosniff=true
- traefik.http.middlewares.testHeader.headers.browserXssFilter=true
networks:
- traefik_public
db:
image: postgres:15
container_name: db
environment:
POSTGRES_NAME: plone
POSTGRES_USER: plone
POSTGRES_PASSWORD: passwd
POSTGRES_DB: plone
PGDATA: /var/lib/postgresql/data/pgdata
TZ: "America/Sao_Paulo"
volumes:
- vol-site-data:/var/lib/postgresql/data
networks:
- traefik_public
plone_pgadmin:
image: dpage/pgadmin4
container_name: plone_pgadmin
environment:
USER_PASSWORD: "plone"
PGADMIN_DEFAULT_EMAIL: "plone@mail.com"
PGADMIN_DEFAULT_PASSWORD: "plone"
PGADMIN_CONFIG_WTF_CSRF_CHECK_DEFAULT: "False"
TZ: "America/Sao_Paulo"
ports:
- "8000:80"
depends_on:
- db
networks:
- traefik_public
volumes:
vol-site-data: {}
networks:
traefik_public:
external: true