search

wodby / docker4drupal

Docker-based Drupal stack
https://wodby.com/docker4drupal
MIT License
1.23k stars 533 forks source link

404 not found with SSL mkcert and traefik #559

Open Kellorn opened 8 months ago

Kellorn commented 8 months ago

Codebase Mounted codebase

Describe your issue I'm trying to install a Drupal 10 wodby stack with ssl certificates (using mkcert). I have a 404 when i'm trying to access to my project_base_url but there is a good ssl certificate How can we debug 404 page with docker in order to resolve this ? I'm on a M1 apple with docker.

Output of docker info

Client:
 Version:    24.0.2
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.0
    Path:     /Users/*****/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.19.1
    Path:     /Users/*****/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/******/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/******/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /Users/*******/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/*******/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/********/.docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.16.1
    Path:     /Users/*******/.docker/cli-plugins/docker-scout

Server:
 Containers: 18
  Running: 9
  Paused: 0
  Stopped: 9
 Images: 56
 Server Version: 24.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.49-linuxkit-pr
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 3
 Total Memory: 7.765GiB
 Name: docker-desktop
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Contents of your docker-compose.yml

version: "3.7"

services:
  mariadb:
    image: mariadb:$MARIADB_TAG
    container_name: "${PROJECT_NAME}_mariadb"
    stop_grace_period: 30s
    environment:
      MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
      MYSQL_DATABASE: $DB_NAME
      MYSQL_USER: $DB_USER
      MYSQL_PASSWORD: $DB_PASSWORD
#    volumes:
#      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
#      - /path/to/mariadb/data/on/host:/var/lib/mysql # Use bind mount

  php:
    image: wodby/drupal-php:$PHP_TAG
    env_file: .env
    container_name: "${PROJECT_NAME}_php"
    environment:
      SSMTP_MAILHUB: mailhog:1025
      #      SSMTP_MAILHUB: opensmtpd:25
      PHP_SENDMAIL_PATH: '"/usr/bin/dos2unix -u | /usr/sbin/ssmtp -t -f"'
      DB_HOST: $DB_HOST
      DB_PORT: $DB_PORT
      DB_USER: $DB_USER
      DB_PASSWORD: $DB_PASSWORD
      DB_DRIVER: $DB_DRIVER
      #      DRUSH_OPTIONS_URI: "http://${PROJECT_BASE_URL}:${PROJECT_PORT}"
      DB_NAME: $DB_NAME
      ENVIRONMENT: $ENVIRONMENT
    volumes:
    - ./:/var/www/html:cached

  crond:
    init: true
    image: wodby/drupal-php:$PHP_TAG
    container_name: "${PROJECT_NAME}_crond"
    environment:
      CRONTAB: "0 * * * * drush -r /var/www/html/web cron"
    command: sudo -E crond -f -d 0
    volumes:
      - ./:/var/www/html:cached

  nginx:
    image: wodby/nginx:$NGINX_TAG
    container_name: "${PROJECT_NAME}_nginx"
    depends_on:
      - php
    environment:
      NGINX_TAG: $NGINX_TAG
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_SERVER_ROOT: /var/www/html/web
      NGINX_VHOST_PRESET: $NGINX_VHOST_PRESET
    #      NGINX_CONF_INCLUDE: conf.d/nginx.conf
    #      NGINX_DRUPAL_FILE_PROXY_URL: http://example.com
    volumes:
      - ./:/var/www/html:cached
    #    - ./data/nginx/nginx.conf:/etc/nginx/conf.d/nginx.conf:cached
    #    - ./data/traefik/certs:/etc/ssl/certs/:cached
    #    - ./data/traefik/keys:/etc/ssl/private/:cached
    #    - ./data/traefik/certs:/certs/:cached
    # Alternative for macOS users: Mutagen https://wodby.com/docs/stacks/drupal/local#docker-for-mac
    #    - drupal:/var/www/html
    labels:
      - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
      # add these lines
      - "traefik.http.routers.${PROJECT_NAME}_nginx.tls.certresolver=le"
      - "traefik.http.routers.${PROJECT_NAME}_nginx.entrypoints=websecure"
    extra_hosts:
      - "${PROJECT_BASE_URL}:${VM_LOCAL_IP}"

  mailhog:
    image: mailhog/mailhog
    container_name: "${PROJECT_NAME}_mailhog"
    labels:
      - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
      - "traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"

  pma:
    image: phpmyadmin/phpmyadmin:$PMA_TAG
    container_name: "${PROJECT_NAME}_pma"
    environment:
      PMA_HOST: $DB_HOST
      PMA_USER: $DB_USER
      PMA_PASSWORD: $DB_PASSWORD
      UPLOAD_LIMIT: 1G
    labels:
      - "traefik.http.routers.${PROJECT_NAME}_pma.rule=Host(`pma.${PROJECT_BASE_URL}`)"

  node:
    image: node:$NODE_TAG
    container_name: "${PROJECT_NAME}_node"
    working_dir: /usr/src/app/front
    labels:
      - "traefik.http.services.${PROJECT_NAME}_node.loadbalancer.server.port=3000"
      - "traefik.http.routers.${PROJECT_NAME}_node.rule=Host(`node.${PROJECT_BASE_URL}`)"
    expose:
      - "1312"
    volumes:
      - ./:/usr/src/app
    #    command: bash -c "gulp watch"
    #    command: sh -c 'yarn install && yarn run start'
    command: bash -c "tail -f /dev/null"
  #    command: bash -c "npm install && npm run start"

  traefik:
    image: traefik:v2.10
    container_name: "${PROJECT_NAME}_traefik"
    restart: unless-stopped
    #    command: --api.insecure=true --providers.docker --entrypoints.web.address=:80  --providers.file.watch=true
    ports:
      - '${HTTP_PORT}:80'
      - "443:443"
      - '8080:8080' # Dashboard
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # On map la conf statique dans le conteneur
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      # On map la conf dynamique statique dans le conteneur
      - ./data/traefik/config.yml:/etc/traefik/config.yml:ro
      # On map les certificats dans le conteneur
      - ./data/traefik/certs:/etc/certs:ro
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik=true"
#      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
#      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
#      - "traefik.http.routers.http-catchall.entrypoints=web"
#      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

  whoami:
    image: containous/whoami:v1.4.0
    container_name: "${PROJECT_NAME}_whoami"
    security_opt:
      - no-new-privileges:true
    labels:
      - "traefik.http.routers.whoami_http.rule=Host(`whoami.docker.localhost`)"
      - "traefik.http.routers.whoami_http.entrypoints=web"
      - "traefik.http.routers.whoami_http.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls=true"
    networks:
      - proxy

volumes:
  files:

networks:
  proxy:
    external: true

Contents of your .env

### Documentation available at https://wodby.com/docs/stacks/drupal/local
### Changelog can be found at https://github.com/wodby/docker4drupal/releases
### Images tags format explained at https://github.com/wodby/docker4drupal#images-tags

### PROJECT SETTINGS

PROJECT_NAME=drupal
PROJECT_BASE_URL=drupal.dev

DB_NAME=drupal
DB_USER=drupal
DB_PASSWORD=drupal
DB_ROOT_PASSWORD=root_pwd
DB_HOST=mariadb
DB_PORT=3306
DB_DRIVER=mysql

# Services Port
HTTP_PORT=8400

# Environements : dev, integration, preprod, prod
ENVIRONMENT=dev

# Input you local ip (ipconfig->something in 10.X.X.X on SA network)
VM_LOCAL_IP=127.0.0.1

### --- MARIADB ----

MARIADB_TAG=10.11.5
#MARIADB_TAG=11.0-3.26.1
#MARIADB_TAG=10.10-3.26.1
#MARIADB_TAG=10.9-3.26.1
#MARIADB_TAG=10.6-3.26.1
#MARIADB_TAG=10.5-3.26.1
#MARIADB_TAG=10.4-3.26.1

### --- VANILLA DRUPAL ----

DRUPAL_TAG=10-4.56.0
#DRUPAL_TAG=9-4.56.0
#DRUPAL_TAG=7-4.56.0

### --- PHP ----

# Linux (uid 1000 gid 1000)

PHP_TAG=8.2-4.47.3
#PHP_TAG=8.1-dev-4.45.2
#PHP_TAG=8.0-dev-4.45.2

# macOS (uid 501 gid 20)

#PHP_TAG=8.2-dev-macos-4.45.2
#PHP_TAG=8.1-dev-macos-4.45.2
#PHP_TAG=8.0-dev-macos-4.45.2

### --- NGINX ----

NGINX_TAG=1.25-5.33.0
#NGINX_TAG=1.24-5.33.0
#NGINX_TAG=1.25-5.33.0

NGINX_VHOST_PRESET=drupal10
#NGINX_VHOST_PRESET=drupal9
#NGINX_VHOST_PRESET=drupal8
#NGINX_VHOST_PRESET=drupal7

### --- SOLR ---

SOLR_TAG=8-4.18.2
#SOLR_TAG=7-4.18.2
#SOLR_TAG=6-4.18.2
#SOLR_TAG=5-4.18.2

SOLR_CONFIG_SET="search_api_solr_4.1.6"
#SOLR_CONFIG_SET="search_api_solr_4.0.1"
#SOLR_CONFIG_SET="search_api_solr_8.x-3.9"
#SOLR_CONFIG_SET="search_api_solr_8.x-3.2"
#SOLR_CONFIG_SET="search_api_solr_8.x-2.7"
#SOLR_CONFIG_SET="search_api_solr_8.x-1.2"
#SOLR_CONFIG_SET="search_api_solr_7.x-1.14"

### --- ELASTICSEARCH ---

ELASTICSEARCH_TAG=7-5.18.9
#ELASTICSEARCH_TAG=6-5.18.9

### --- KIBANA ---

KIBANA_TAG=7-5.18.9
#KIBANA_TAG=6-5.18.9

### --- REDIS ---

REDIS_TAG=7-4.1.1
#REDIS_TAG=6-4.1.1
#REDIS_TAG=5-4.1.1

### --- NODE ---

NODE_TAG=16.14.0-stretch
#NODE_TAG=16-dev-1.23.3
#NODE_TAG=14-dev-1.23.3

### --- VARNISH ---

VARNISH_TAG=6.0-4.14.1
#VARNISH_TAG=4.1-4.14.1

### --- POSTGRESQL ----

POSTGRES_TAG=15-1.31.1
#POSTGRES_TAG=14-1.31.1
#POSTGRES_TAG=13-1.31.1
#POSTGRES_TAG=12-1.31.1
#POSTGRES_TAG=11-1.31.1

### OTHERS

ADMINER_TAG=4-3.24.4
ALPINE_TAG=3.18.2
APACHE_TAG=2.4-4.12.1
ATHENAPDF_TAG=2.16.0
DRUPAL_NODE_TAG=1.0-2.0.0
MEMCACHED_TAG=1-2.15.2
OPENSMTPD_TAG=6-1.18.1
PMA_TAG=5.2.1
RSYSLOG_TAG=latest
SELENIUM_CHROME_TAG=3.141
WEBGRIND_TAG=1-1.30.0
XHPROF_TAG=3.7.6
ZOOKEEPER_TAG=3.8

Logs output docker-compose logs

drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: End of log at LSN=46684
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: 128 rollback segments are active.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: log sequence number 46684; transaction id 14
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] Plugin 'FEEDBACK' is disabled.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
drupal_mariadb  | 2023-10-04 15:14:48 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] InnoDB: Buffer pool(s) load completed at 231004 15:14:48
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] Server socket created on IP: '0.0.0.0'.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] Server socket created on IP: '::'.
drupal_mariadb  | 2023-10-04 15:14:48 0 [Note] mariadbd: ready for connections.
drupal_crond    | crond: file www-data:
drupal_mariadb  | Version: '10.11.5-MariaDB-1:10.11.5+maria~ubu2204'  socket: '/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_mailhog  | [APIv1] KEEPALIVE /api/v1/events
drupal_crond    | crond: wakeup dt=60
drupal_crond    | crond: file www-data:

traefik.yml :

# traefik/traefik.yml
#global:
#  sendAnonymousUsage: false

api:
  dashboard: true
  insecure: true

providers:
  docker:
    watch: true
    exposedByDefault: false
  file:
    filename: /etc/traefik/config.yml
    watch: true

#log:
#  level: INFO
#  format: common

entryPoints:
  web:
    address: ":80"
#    http:
#      redirections:
#        entrypoint:
#          to: websecure
#          scheme: https
  websecure:
    address: ":443"

config.yml :

tls:
  certificates:
    - certFile: "/etc/certs/local-cert.pem"
      keyFile: "/etc/certs/local-key.pem"
heyyo-droid commented 5 months ago

What works for me. It redirects all HTTP traffic to HTTPS.

traefik.yml

## STATIC CONFIG (restart traefik to update)

# shows you a log msg if a newer image tag can be used
global:
  checkNewVersion: true

# log default is ERROR, but WARN is more helpful
log:
  level: WARN
  # level: INFO

# enable dashboard on 8080 with auth
# api:
#   insecure: true
#   dashboard: true

# enable ping so the `traefik healthcheck` works
# ping: {}

providers:
  docker:
    # exposedByDefault: true
    watch: true
  file:
    fileName: /traefik.yml
    watch: true

# listen on 80/443, and redirect all 80 to 443 via 301
entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: :443

tls:
  certificates:
    - certFile: /certs/localcert.pem
      keyFile: /certs/localkey.pem
# when testing certs, enable this so traefik doesn't use
# it's own self signed. By default if it can't find a matching
# cert, it'll just create it's own which will cause cert warnings
# in browser
  options:
    default:
      sniStrict: true

docker-compose.yml

  nginx:
  ...
    labels:
    - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"    
    - traefik.http.routers.${PROJECT_NAME}_nginx.tls=true
  ... 
  traefik:
    image: traefik
    container_name: "${PROJECT_NAME}_traefik"
    ports:
    - "${PROJECT_PORT}:80"
    - "${PROJECT_PORT_SECURE}:443"
    - '8080:8080' # Dashboard
    volumes:
    - ./traefik.yml:/traefik.yml:ro
    - /etc/ssl:/certs
    - /var/run/docker.sock:/var/run/docker.sock:ro

Comments or improvements are welcome