Bug/issue with ssl type setup

[r3cha]

I've compose

  reproxy:
    container_name: reproxy-prod
    image: umputun/reproxy
    ports:
      - 80:8080
      - 443:8443
    environment:
      SSL_TYPE: auto
    #   SSL_ACME_FQDN: domain.com
    #   SSL_ACME_LOCATION: /srv/var/acme
    #   SSL_ACME_EMAIL: mail@domain.com
    volumes:
      - ./reproxy.conf:/etc/reproxy.conf
      - certs:/srv/var/acme
    command: --file.enabled --file.name=/etc/reproxy.conf \
                            --ssl.fqdn=domain.com \
                            --ssl.type=auto \
                            --ssl.acme-email=mail@domain.com

And reproxy.conf

domain.com:
  - { route: "^/(.*)", dest: "http://app:3000/$1" }

When I use config with env SSL_TYPE I got too many redirects. If remove envs from config - everything works well except http -> https redirection that I think should be with --ssl.type=auto

Am I doing something wrong?

[umputun]

Hard to tell what is wrong without logs. Please add DEBUG=true to the environment (or --dbg to the command) and share the Docker log after those redirects. Also pls share the complete compose file, because the part you have here seems to be partial, i.e. your route rule suggests "app" is a container name, but there is no volume mapping to /.var/run/docker.sock and also there is no mapping for /srv/var/ssl

Just FYI: this is how the configuration looks like on one of my boxes, with auto SSL:

  reproxy:
    image: ghcr.io/umputun/reproxy:master
    restart: always
    hostname: reproxy
    container_name: reproxy
    logging: &default_logging
      driver: json-file
      options:
        max-size: "10m"
        max-file: "5"
    ports:
      - "80:8080"
      - "443:8443"
    environment:
      - TZ=America/Chicago
      - DOCKER_ENABLED=true
      - DOCKER_EXCLUDE=monit
      - SSL_TYPE=auto
      - SSL_ACME_EMAIL=umputun@gmail.com
      - SSL_ACME_FQDN=
          safesecret.info,
          echo.umputun.com,
          www.safesecret.info
      - SSL_ACME_LOCATION=/srv/var/ssl
      - NO_SIGNATURE=true
      - GZIP=true
      - LOGGER_ENABLED=true
      - LOGGER_FILE=/srv/var/logs/access.log
      - LOGGER_STDOUT=true
      - ASSETS_CACHE=30d,text/html:30s
      - HEADER=
          X-XSS-Protection:1;mode=block;,
          X-Content-Type-Options:nosniff
      - THROTTLE_SYSTEM=1000
      - THROTTLE_USER=50
      - MAX_SIZE=5M

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./var/ssl:/srv/var/ssl
      - ./var/logs:/srv/var/logs

 secrets:
    image: umputun/secrets:latest
    container_name: secrets
    hostname: secrets
    restart: always
    logging: *default_logging
    labels:
      reproxy.server: 'safesecret.info'
      reproxy.route: '^/(.*)'
    environment:
      - SIGN_KEY=${SIGN_KEY}
      - ENGINE=BOLT
      - PIN_SIZE=5
      - BOLT_FILE=/data/secrets.bd
      - DOMAIN=safesecret.info
    volumes:
      - ./var:/data

  echo:
    image: ghcr.io/umputun/echo-http
    hostname: echo
    container_name: echo
    command: --message="echo echo 123"
    logging: *default_logging
    labels:
      reproxy.enabled: 1
      reproxy.server: 'echo.umputun.com'
      reproxy.route: '^/(.*)'      

[umputun]

upd: Probably the "missing" docker.sock mapping I mentioned above is not really missing here, as you likely run all the containers on the same network and don't use the docker provider for discovery.

[r3cha]

Yes, you right I didn't use docker provider, and they on the same network. I use - certs:/srv/var/acme certs volume because documentation says that it store at var/acme. Seems issue was with my Cloudflare setup, encryption mode was "flexible" I disable encryption, then I got app working then I enable it again and it stop working again (too many redirects) until I set full(strict) type of encryption between cloudflare and server. Thank you so much. Think this issue might be close