502 behind Traefik

[LuisMalhadas]

So the following docker-compose issues 502, and can't figure it out.

Doesn't matter what combination of http(s) on site_url or if sslproxy true nor reverse proxy, always 502

And localhost access is unresponsive.

version: '2'
services:

  reverse-proxy:
    image: traefik:latest
    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --accesslog
      - --accesslog.filePath=/var/log/traefik_access.log
      - --accesslog.format=json
      - --accesslog.bufferingsize=100
      - --log
      - --log.filePath=/var/log/traefik.log
      - --log.format=json
      - --log.level=DEBUG
      - --api
      - --ping
      - --entrypoints.ping.address=:90
      - --ping.entrypoint=ping
      - --certificatesresolvers.siaresolver.acme.email=${EMAIL?Variable not set}
      - --certificatesresolvers.siaresolver.acme.storage=/certificates/acme.json
      - --certificatesresolvers.siaresolver.acme.dnschallenge=true
      - --certificatesresolvers.siaresolver.acme.httpchallenge.entrypoint=web
      - --certificatesresolvers.siaresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
    env_file:
      - .env
    environment:
      - EMAIL=${EMAIL}
      - TRAEFIK_USER=${TRAEFIK_USER}
      - TRAEFIK_PASSWORD=${TRAEFIK_PASSWORD}
    ports:
      - "80:80"
      - "90:90"
      - "8080:8080"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "${PWD}/certificates:/certificates"
      - "${PWD}/logs:/var/log"
    logging:
      driver: json-file
      options:
        max-size: "20m"
        max-file: "5"
    labels:
      - traefik.enable=true
      - traefik.constraint-label=traefik-public
      - traefik.http.middlewares.admin-auth.basicauth.users=${TRAEFIK_USER?Variable not set}:${TRAEFIK_PASSWORD?Variable not set}
      - traefik.http.routers.traefik-public-https.middlewares=admin-auth
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      - traefik.http.routers.traefik-public-http.rule=Host(`monitor.test.com`)
      - traefik.http.routers.traefik-public-http.entrypoints=web
      - traefik.http.routers.traefik-public-http.middlewares=https-redirect
      - traefik.http.routers.traefik-public-https.rule=Host(`monitor.test.com`)
      - traefik.http.routers.traefik-public-https.entrypoints=websecure
      - traefik.http.routers.traefik-public-https.tls=true
      - traefik.http.routers.traefik-public-https.service=api@internal
      - traefik.http.services.reverse-proxy.loadbalancer.server.port=8080

  redis:
    image: redis:alpine
    restart: unless-stopped

  postgres:
    image: postgres:alpine
    restart: unless-stopped
    environment:
      - POSTGRES_PASSWORD=moodle
      - POSTGRES_USER=moodle
      - POSTGRES_DB=moodle
    volumes:
      - postgres2:/var/lib/postgresql/data

  moodle:
    image: erseco/alpine-moodle
    build: .
    restart: unless-stopped
    environment:
      - LANG=en_US.UTF-8
      - LANGUAGE=en_US:en
      - SITE_URL=http://moodle.test.com
      - DB_TYPE=pgsql
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_NAME=moodle
      - DB_USER=moodle
      - DB_PASS=moodle
      - DB_PREFIX=mdl_
      - REDIS_HOST=redis
      - REVERSEPROXY=false
      - SSLPROXY=true
      - MOODLE_EMAIL=user@example.com
      - MOODLE_LANGUAGE=en
      - MOODLE_SITENAME=New-Site
      - MOODLE_USERNAME=moodleuser
      - MOODLE_PASSWORD=PLEASE_CHANGEME
      - SMTP_HOST=smtp.gmail.com
      - SMTP_PORT=587
      - SMTP_USER=your_email@gmail.com
      - SMTP_PASSWORD=your_password
      - SMTP_PROTOCOL=tls
      - MOODLE_MAIL_NOREPLY_ADDRESS=noreply@localhost
      - MOODLE_MAIL_PREFIX=[moodle]
    ports:
      - 8070:8070
    volumes:
      - moodledata2:/var/www/moodledata
      - moodlehtml2:/var/www/html
    labels:
      - traefik.enable=true
      - traefik.constraint-label=traefik-public
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      - traefik.http.routers.moodle-http.rule=Host(`moodle.test.com`)
      - traefik.http.routers.moodle-http.entrypoints=web
      - traefik.http.routers.moodle-http.middlewares=https-redirect
      - traefik.http.routers.moodle-https.rule=Host(`moodle.test.com`)
      - traefik.http.routers.moodle-https.entrypoints=websecure
      - traefik.http.routers.moodle-https.tls=true
      - traefik.http.routers.moodle-https.tls.certresolver=siaresolver
      - traefik.http.services.moodle.loadbalancer.server.port=8070
    depends_on:
      - postgres
      - redis
      - reverse-proxy

volumes:
  postgres2: null
  moodledata2: null
  moodlehtml2: null

It launches fine:

2024-02-17 16:16:57 Starting startup scripts in /docker-entrypoint-init.d ...
2024-02-17 16:16:57 Linux 89c478a06ef0 6.6.12-linuxkit #1 SMP Thu Feb  8 06:36:34 UTC 2024 aarch64 Linux
2024-02-17 16:16:57 Waiting for postgres:5432 to be ready...
2024-02-17 16:16:57 
2024-02-17 16:16:57 
2024-02-17 16:16:57 Great, postgres is ready!
2024-02-17 16:17:00 Upgrading config.php...
2024-02-17 16:17:00 Configuring settings...
2024-02-17 16:17:01 Disabling debug mode...
2024-02-17 16:17:01 Upgrading admin user
2024-02-17 16:17:01 Admin username, password, and email updated successfully.
2024-02-17 16:17:01 Upgrading moodle...
2024-02-17 16:17:01 == Maintenance mode (http://moodle.test.com) ==
2024-02-17 16:17:01 Your site is currently in CLI maintenance mode, no web access is allowed.
2024-02-17 16:17:01 == Maintenance mode (http://moodle.test.com) ==
2024-02-17 16:17:01 Maintenance mode has been disabled and the site is running normally again
2024-02-17 16:17:01 Configuring redis cache...
2024-02-17 16:17:01 Configuration 'redis1' already exists. Exiting.
2024-02-17 16:17:01 Finished startup scripts in /docker-entrypoint-init.d
2024-02-17 16:16:57 *** Running: /docker-entrypoint-init.d/01-uname.sh
2024-02-17 16:16:57 *** Running: /docker-entrypoint-init.d/02-configure-moodle.sh
2024-02-17 16:17:01 No upgrade needed for the installed version 4.3.3 (Build: 20240212) (2023100903). Thanks for coming anyway!
2024-02-17 16:17:01 
2024-02-17 16:17:01 Starting runit...
2024-02-17 16:17:01 Started runsvdir, PID is 86
2024-02-17 16:17:01 wait for processes to start....
2024-02-17 16:17:01 /usr/sbin/crond 4.5 dillon's cron daemon, started with loglevel notice
2024-02-17 16:17:01 [17-Feb-2024 15:17:01] NOTICE: fpm is running, pid 93
2024-02-17 16:17:01 [17-Feb-2024 15:17:01] NOTICE: ready to handle connections
2024-02-17 16:17:06 run: cron: (pid 92) 5s
2024-02-17 16:17:06 run: nginx: (pid 91) 5s
2024-02-17 16:17:06 run: php: (pid 93) 5s

[LuisMalhadas]

eventually i found the winning combination:

...
      - SITE_URL=https://moodle.test.com
      ...
      - REVERSEPROXY=false
      - SSLPROXY=true
...

also add a label to the moodle container:

...
      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
...