This is my docker swarm setup
services:
traefik:
image: traefik:v2.6
command:
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpChallenge.entryPoint=web"
- "--certificatesresolvers.myresolver.acme.email=${LETSENCRYPT_CONTACT_EMAIL}" # Change to your email
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./letsencrypt:/letsencrypt" # Persist Let's Encrypt certificates
labels:
- traefik.http.middlewares.gzip.compress=true
- traefik.http.middlewares.gzip.compress.excludedcontenttypes=image/png, image/jpeg, font/woff2
networks:
- traefik
frontend:
image: ${IMAGE_FRONT}:${IDENTIFIER}
environment:
RAZZLE_INTERNAL_API_PATH: http://backend:8080/${SITE_INSTANCE_NAME}
RAZZLE_PROXY_REWRITE_TARGET: /VirtualHostBase/https/${DOMAIN}/${SITE_INSTANCE_NAME}/++api++/VirtualHostRoot
deploy:
replicas: 2
labels:
- "traefik.enable=true"
- "traefik.http.routers.frontend.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`)"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.routers.frontend.tls.certresolver=myresolver"
- traefik.http.middlewares.redirect-to-www.redirectregex.permanent=true
- "traefik.http.routers.wwwsecure-catchall.entrypoints=websecure"
- "traefik.http.routers.wwwsecure-catchall.rule=HostRegexp(`{host:(www\\.).+}`)"
- "traefik.http.routers.wwwsecure-catchall.tls=true"
- "traefik.http.routers.wwwsecure-catchall.middlewares=wwwtohttps"
- "traefik.http.middlewares.wwwtohttps.redirectregex.regex=^https?://(?:www\\.)?(.+)"
- "traefik.http.middlewares.wwwtohttps.redirectregex.replacement=https://$${1}"
- "traefik.http.middlewares.wwwtohttps.redirectregex.permanent=false"
- "traefik.http.services.frontend.loadbalancer.server.port=3000" # Port where your app listens
networks:
- traefik
backend:
image: ${IMAGE}:${IDENTIFIER}
environment:
RELSTORAGE_DSN: "dbname='${DB_NAME}' port='${DB_PORT}' user='${DB_USER}' host='${DB_HOST}' password='${DB_PASSWORD}'"
labels:
- traefik.enable=true
# SERVICE
- traefik.http.services.plone-backend.loadbalancer.server.port=8080
# Plone API
- "traefik.http.routers.backend.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`) && PathPrefix(`/++api++`)"
- "traefik.http.routers.backend.service=${SERVICE_NAME}"
- "traefik.http.middlewares.backend.replacepathregex.regex=^/\\+\\+api\\+\\+($$|/.*)"
- "traefik.http.middlewares.backend.replacepathregex.replacement=/VirtualHostBase/http/${DOMAIN}/${SITE_INSTANCE_NAME}/++api++/VirtualHostRoot/$$1"
- traefik.http.routers.backend.middlewares=gzip,backend
deploy:
replicas: 2
networks:
- traefik
networks:
traefik:
external: true # Ensure that the traefik network is external
and these are the env vars that it uses:
IDENTIFIER=0b4b2a83
DB_PASSWORD="Jxxxxxxxxxxxxwy"
DB_HOST=postgresql-endpoint
DB_PORT=25060
DB_USER=plone
DB_NAME="PloneDB"
SERVICE_NAME="mysite-backend"
SITE_INSTANCE_NAME="Plone"
LOCAL_DB_PORT=5432
LOCAL_PG_PASSWORD="mxxxxxxxxxvvxxxxxxxxxx"
IMAGE_FRONT="registry.gitlab.com/myrepo/frontend"
IMAGE="registry.gitlab.com/myrepo/backend"
DOMAIN="example.org"
LETS_ENCRYPT_CONTACT_EMAIL=me@example.com
Everything deploys but I have a few strange behaviours
- When I go to example.org and click login it creates a url that looks like this
https://www.example.org/login?return_url=https://example.org - When I login in, I'm redirected to an invalid url:
https://www.example.org/https://example.org
Is this a misconfigured traefik?