Enabling under Traefik example?

[davekeeshan]

Escalating this discussion to an issue and there is no replying over there.

The submitted example does not appear to work and it seems to be related to strict-origin-when-cross-origin

Has any one solved this?

Discussed in https://github.com/orgs/makeplane/discussions/3432

^{Originally posted by **davekeeshan** January 22, 2024} Is there an example of plane running under traefik. I have a cloud server up and running with a wordpress instance and a few other small services already working. I want to add plane to this list. I can start plane from docker compose (outside the `setup.sh` script) and it works is I ssh in and port forward to `localhost`. However when I try and get plane to run under a subdomain i have if doesn't work. I do get some landing page, but it is just a spinning wheel. So far I have commented out the proxy part of the `docker-compose.yml` file and added these lines: networks: traefik: external: true And, which `${PLANE_DOMAIN}` is an environment variable: networks: - traefik labels: # The labels are usefull for Traefik only - "traefik.enable=true" - "traefik.docker.network=traefik" # Get the routes from http - traefik.http.routers.plane.rule=Host(`${PLANE_DOMAIN}`) - "traefik.http.routers.plane.entrypoints=web" # Redirect these routes to https - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - "traefik.http.routers.plane.middlewares=redirect-to-https@docker" # Get the routes from https - traefik.http.routers.plane-secured.rule=Host(`${PLANE_DOMAIN}`) - "traefik.http.routers.plane-secured.entrypoints=web-secure" # Apply autentificiation with http challenge - "traefik.http.routers.plane-secured.tls=true" - "traefik.http.routers.plane-secured.tls.certresolver=myhttpchallenge" This works in other micro services, but not here, what am I missing? Have have also set `WEB_URL`, `CORS_ALLOWED_ORIGINS`, `NEXT_PUBLIC_DEPLOY_URL` in the `.env` script to reflect my subdomain path

[mmospanenko]

I use Traefik (external compose and postgres) - all works correctly

try with small steps, run one container (nginx for example), then replace it on Place, etc. Seems you have misconfigurations with routing

[davekeeshan]

@mmospanenko

Can you post an example of your docker-compose.yml?

When you say external, do you mean available to the world via a domain name? I have this working internally.

(Please refer to the discussion #3432, there were a few steps covered in there that I didn't replicate here, but if it is too confusing that I might have to)

[mmospanenko]

I just used current example but integrated with my env (Ansible and external Traefik services with different compose, proxy network here). Enough dirty, should be cleaned but it works as example

version: '3.8'

x-app-env: &app-env
  environment:
    - NGINX_PORT=${NGINX_PORT:-80}
    - WEB_URL=${WEB_URL:-http://localhost}
    - DEBUG=${DEBUG:-0}
    - DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE:-plane.settings.production} # deprecated
    - NEXT_PUBLIC_DEPLOY_URL=${NEXT_PUBLIC_DEPLOY_URL:-http://localhost/spaces} # deprecated
    - SENTRY_DSN=${SENTRY_DSN:-""}
    - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT:-"production"}
    - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID:-""}
    - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID:-""}
    - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET:-""}
    - DOCKERIZED=${DOCKERIZED:-1} # deprecated
    - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-""}
    # Gunicorn Workers
    - GUNICORN_WORKERS=${GUNICORN_WORKERS:-2}
    #DB SETTINGS
    - PGHOST=${PGHOST:-plane-db}
    - PGDATABASE=${PGDATABASE:-plane}
    - POSTGRES_USER=${POSTGRES_USER:-plane}
    - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-plane}
    - POSTGRES_DB=${POSTGRES_DB:-plane}
    - PGDATA=${PGDATA:-/var/lib/postgresql/data}
    - DATABASE_URL=${DATABASE_URL:-postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${PGHOST}/${PGDATABASE}}
    # REDIS SETTINGS
    - REDIS_HOST=${REDIS_HOST:-plane-redis}
    - REDIS_PORT=${REDIS_PORT:-6379}
    - REDIS_URL=${REDIS_URL:-redis://${REDIS_HOST}:6379/}
    # EMAIL SETTINGS - Deprecated can be configured through admin panel
    - EMAIL_HOST=${EMAIL_HOST:-""}
    - EMAIL_HOST_USER=${EMAIL_HOST_USER:-""}
    - EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD:-""}
    - EMAIL_PORT=${EMAIL_PORT:-587}
    - EMAIL_FROM=${EMAIL_FROM:-"Team Plane <team@mailer.plane.so>"}
    - EMAIL_USE_TLS=${EMAIL_USE_TLS:-1}
    - EMAIL_USE_SSL=${EMAIL_USE_SSL:-0}
    - DEFAULT_EMAIL=${DEFAULT_EMAIL:-captain@plane.so}
    - DEFAULT_PASSWORD=${DEFAULT_PASSWORD}
    # OPENAI SETTINGS - Deprecated can be configured through admin panel
    - OPENAI_API_BASE=${OPENAI_API_BASE:-https://api.openai.com/v1}
    - OPENAI_API_KEY=${OPENAI_API_KEY:-""}
    - GPT_ENGINE=${GPT_ENGINE:-"gpt-3.5-turbo"}
    # LOGIN/SIGNUP SETTINGS - Deprecated can be configured through admin panel
    - ENABLE_SIGNUP=${ENABLE_SIGNUP:-1}
    - ENABLE_EMAIL_PASSWORD=${ENABLE_EMAIL_PASSWORD:-1}
    - ENABLE_MAGIC_LINK_LOGIN=${ENABLE_MAGIC_LINK_LOGIN:-0}
    # Application secret
    - SECRET_KEY=${SECRET_KEY}
    # DATA STORE SETTINGS
    - USE_MINIO=${USE_MINIO:-1}
    - AWS_REGION=${AWS_REGION:-""}
    - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-"access-key"}
    - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-"secret-key"}
    - AWS_S3_ENDPOINT_URL=${AWS_S3_ENDPOINT_URL:-http://plane-minio:9000}
    - AWS_S3_BUCKET_NAME=${AWS_S3_BUCKET_NAME:-uploads}
    - MINIO_ROOT_USER=${MINIO_ROOT_USER:-"access-key"}
    - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-"secret-key"}
    - BUCKET_NAME=${BUCKET_NAME:-uploads}
    - FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-5242880}

services:
  web:
    <<: *app-env
    image: makeplane/plane-frontend:{{ plane_version }}
    restart: unless-stopped
    command: /usr/local/bin/start.sh web/server.js web
    depends_on:
      - api
      - worker
    expose:
      - '3000'
    networks:
      - plane

  space:
    <<: *app-env
    image: makeplane/plane-space:{{ plane_version }}
    restart: always
    command: /usr/local/bin/start.sh space/server.js space
    depends_on:
      - api
      - worker
      - web
    networks:
      - plane

  api:
    <<: *app-env
    image: makeplane/plane-backend:{{ plane_version }}
    restart: unless-stopped
    depends_on:
      - plane-redis
      - plane-minio
    expose:
      - '8000'
    networks:
      - plane
      - services
    command: ./bin/takeoff

  worker:
    <<: *app-env
    image: makeplane/plane-backend:{{ plane_version }}
    depends_on:
      - plane-redis
      - api
    command: ./bin/worker
    networks:
      - plane
      - services

  beat-worker:
    <<: *app-env
    image: makeplane/plane-backend:{{ plane_version }}
    depends_on:
      - plane-redis
      - api
    command: ./bin/beat
    networks:
      - plane
      - services

  plane-redis:
    <<: *app-env
    image: redis:6.2.7-alpine
    restart: always
    volumes:
      - redisdata:/data
    networks:
      - plane

  proxy:
    <<: *app-env
    image: makeplane/plane-proxy:{{ plane_version }}
    restart: always
    expose:
      - '80'
    environment:
      FILE_SIZE_LIMIT: ${FILE_SIZE_LIMIT:-5242880}
      BUCKET_NAME: ${AWS_S3_BUCKET_NAME:-uploads}
    depends_on:
      - web
      - api
      - space
    networks:
      - plane
      - proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.plane.rule=Host(`{{ server_name }}`)'
      - 'traefik.http.services.plane.loadbalancer.server.port=80'
      - 'traefik.http.routers.plane.entrypoints=websecure'
      - 'traefik.http.routers.plane.tls.certresolver=letsEncrypt'

  plane-minio:
    <<: *app-env
    image: minio/minio
    restart: unless-stopped
    command: server /export --console-address ":9090"
    volumes:
      - ./data/uploads:/export
    networks:
      - plane

volumes:
  redisdata:

networks:
  plane:
  proxy:
    name: '{{ proxy_network }}'
    external: true
  services:
    name: '{{ services_network }}'
    external: true