Can't Access Matomo Docker Container from Outside

[niklasgrewe]

Hi, i am using Exoframe with LetsEncrypt and Traefik for my Projects. Now i need to setup a matomo instance to analyse my website traffic. I am using docker-compose like this:

# docker-compose.yml
db:
  image: mariadb:latest
  volumes:
    - ./mysql/runtime2:/var/lib/mysql
  environment:
    - MYSQL_ALLOW_EMPTY_PASSWORD=1
app:
  image: matomo:fpm
  links:
    - db
  volumes:
    - ./config:/var/www/html/config:rw
    - ./logs:/var/www/html/logs
  env_file:
    - ./matomo.env
web:
  image: nginx:latest
  volumes:
    - ./nginx.conf:/etc/nginx/nginx.conf:ro
  links:
    - app
  volumes_from:
    - app
  ports:
    - 127.0.0.1:8001:80
  labels:
    - "traefik.enable=true"
    - "traefik.frontend.rule=Host:mydomain.com"
    - "traefik.port=8001"

and my nginx.conf looks like this:

user www-data;

events {
  worker_connections 768;
}

http {
  upstream backend {
    server app:9000;
  }

  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  gzip on;
  gzip_disable "msie6";

  server {
    listen 80;

    root /var/www/html/;
    index index.php index.html index.htm;

    location / {
      try_files $uri $uri/ =404;
    }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
      root /usr/share/nginx/html;
    }

    location = /favicon.ico {
      log_not_found off;
      access_log off;
    }

    location ~ \.php$ {
      fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
      fastcgi_param  SERVER_SOFTWARE    nginx;
      fastcgi_param  QUERY_STRING       $query_string;
      fastcgi_param  REQUEST_METHOD     $request_method;
      fastcgi_param  CONTENT_TYPE       $content_type;
      fastcgi_param  CONTENT_LENGTH     $content_length;
      fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
      fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
      fastcgi_param  REQUEST_URI        $request_uri;
      fastcgi_param  DOCUMENT_URI       $document_uri;
      fastcgi_param  DOCUMENT_ROOT      $document_root;
      fastcgi_param  SERVER_PROTOCOL    $server_protocol;
      fastcgi_param  REMOTE_ADDR        $remote_addr;
      fastcgi_param  REMOTE_PORT        $remote_port;
      fastcgi_param  SERVER_ADDR        $server_addr;
      fastcgi_param  SERVER_PORT        $server_port;
      fastcgi_param  SERVER_NAME        $server_name;
      fastcgi_intercept_errors on;
      fastcgi_pass backend;
    }
  }
}

with this Configuration, i can start docker compose without any issues, but i can't access the matomo instance from mydomain.com I get the error: 404 page not found

Where is my issue? did i set the traefik labels wrong or do i need to add a docker network? I can't figure it out... normally, it should route to the nginx container over https

[yamalight]

You are mapping port 80 of your nginx container to external port 8001. That's what breaks everything, because 1) that's not required (since you are not accessing your nginx via that port directly), 2) that breaks traefik (i.e. traefik tries to connect to your nginx container port 8001 which doesn't exist in container). So, if you change nginx config to this:

web:
  image: nginx:latest
  volumes:
    - ./nginx.conf:/etc/nginx/nginx.conf:ro
  links:
    - app
  volumes_from:
    - app
  labels:
    - "traefik.enable=true"
    - "traefik.frontend.rule=Host:mydomain.com"

It should start working.

One additional note - I'd recommend using named volumes instead of relative ones (or at least use absolute paths), since exoframe deleted folders after deployment is successful (so your volumes will behave unpredictably).

[niklasgrewe]

@yamalight thanks for quick response. It's still not working. I have changed my docker-compose file accordingly. The containers start too, but when I go to the website, I see only: 404 page not found as output.

The question is, where is this message coming from? From the Nginx server? Do I need to change something here to make it work? 🤔

it seems that the error is generated by Traefik: https://stackoverflow.com/questions/58138650/traefik-version-2-only-shows-404-or-no-website-at-all Is it possible that I have to add labels here, like the network?

Please keep in mind: I don't use exoframe deployment for this. I created this docker compose manually on the server

[yamalight]

The 404 message is from traefik since nginx sends 404 - I think your nginx should listen to *:80, not the domain name.

The network / labels should be added automatically by Exoframe, so that shouldn't be a problem

question: why do you want to setup matomo manually (matomo:fpm + nginx)? why not use their all-in-one image (matomo)?

[yamalight]

Ahhh, just noticed that you haven't used exoframe to deploy the project!

[yamalight]

Then yes, you also need to add those containers to same network as exoframe

[niklasgrewe]

@yamalight ah ok, which network use exoframe?

[yamalight]

if you haven't changed it in config - the network should be called exoframe (see docs)

[niklasgrewe]

@yamalight thank you. I changed my docker-compose.yml file to this:

version: "2"

services:
  db:
    image: mariadb:latest
    volumes:
      - ./mysql/runtime2:/var/lib/mysql
    environment:
      - MYSQL_ALLOW_EMPTY_PASSWORD=1
    networks:
      - exoframe
  app:
    image: matomo:fpm
    links:
      - db
    volumes:
      - ./config:/var/www/html/config:rw
      - ./logs:/var/www/html/logs
    env_file:
      - ./matomo.env
    networks:
      - exoframe
  web:
    image: nginx:latest
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    links:
      - app
    volumes_from:
      - app
    labels:
      - "traefik.enable=true"
      - "traefik.network=exoframe"
      - "traefik.frontend.rule=Host:mydomain.com"
    networks:
      - exoframe

networks:
  exoframe:

but it isn't working. I still get 404 page not found do you have any other idea where the fault might lie?

[yamalight]

hard to say without getting my hands on all that. I'd try running this setup locally. first - just your compose. if it does work as expected - run it without exoframe, just traefik + your compose file and see if that functions. if the answer is "yes" - then you need to look into traefik logs to see why there's 404

[niklasgrewe]

@yamalight I saw that you are also from Germany. I followed these guide: https://software-berater.net/2019/matomo-mit-docker/ maybe you could take a look at this? maybe you'll have an idea

[yamalight]

the guide looks fine (quite similar to official nginx example), but it assumes you use nginx as your endpoint (which is not the case with traefik). I assume the issue is within nginx not responding to requests. You'll need to either modify nginx to work in that setup, or drop it altogether and just use traefik for that.

[niklasgrewe]

@yamalight sorry for all the questions 🙈 but how would I have to configure the nginx to allow the requests? I would certainly have to change something in the nginx.conf, right? I mean the Frontend Nginx Container. I don't need the other Nginx as a proxy because Traefik takes over for me, that was already clear to me

[yamalight]

I'd recommend dropping nginx altogether and just using matomo:latest image along with db - should make it a lot simpler

[niklasgrewe]

I made, looks like this now:

version: "2"

services:
  db:
    image: mariadb:latest
    volumes:
      - ./mysql/runtime2:/var/lib/mysql
    environment:
      - MYSQL_ALLOW_EMPTY_PASSWORD=1
    networks:
      - exoframe
  app:
    image: matomo:latest
    links:
      - db
    volumes:
      - ./config:/var/www/html/config:rw
      - ./logs:/var/www/html/logs
    env_file:
      - ./matomo.env
   labels:
      - "traefik.enable=true"
      - "traefik.network=exoframe"
      - "traefik.frontend.rule=Host:mydomain.com"
    networks:
      - exoframe

networks:
  exoframe:

Last question: In your opinion, have I forgotten something or done something wrong? Still getting 404 - page not found could it be that the Traefik labels are not quite right? When I deploy with Exoframe they look a little different

[yamalight]

Now that I'm looking at it - the way you define network won't work. Your definition will create a new network, while you want to use existing one (see compose docs)

[niklasgrewe]

thank you very much for your constant help. I change my docker-compose.yml to this:

networks:
  exoframe:
    external:
      name: exoframe

but it didn't help. I can't explain it anymore... Do you have another idea or could you tell me how to get the logs from Traefik?

[yamalight]

Traefik logs should be in the exoframe config folder (that you've mounted when starting exoframe-server)

[niklasgrewe]

i find the issue. The Traefik labels were wrong. Now it works

[FDiskas]

@niklasgrewe can you share working docker-compose file here?

[niklasgrewe]

@FDiskas sure

version: "3"

networks:
    exoframe:
      external:
        name: exoframe

services:
  db:
    image: mariadb:latest
    volumes:
      - ./mysql/runtime2:/var/lib/mysql
    environment:
      - MYSQL_ALLOW_EMPTY_PASSWORD=1
    networks:
      - exoframe

  matomo:
    image: matomo:latest
    links:
      - db
    volumes:
      - ./config:/var/www/html/config:rw
      - ./logs:/var/www/html/logs
    env_file:
      - ./matomo.env
   labels:
      - "traefik.docker.network=exoframe"
      - "traefik.enable=true"
      - "traefik.http.middlewares.matomo-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.matomo-web.entrypoints=web"
      - "traefik.http.routers.matomo-web.middlewares=matomo-redirect@docker"
      - "traefik.http.routers.matomo-web.rule=Host(`matomo.yourdomain.com`)"
      - "traefik.http.routers.matomo.entrypoints=websecure"
      - "traefik.http.routers.matomo.rule=Host(`matomo.yourdomain.com`)"
      - "traefik.http.routers.matomo.tls.certresolver=exoframeChallenge"
      - "traefik.http.services.matomo.loadbalancer.server.port=80"
    networks:
      - exoframe