Trying to set up a docker-compose to run traefik as a reverse proxy, use letsencrypt for SSL certs, and run vikunja.
version: "3"
services:
traefik:
image: traefik:2.4.8
command:
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --providers.docker=true
- --api=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
- --certificatesresolvers.letsencrypt.acme.email=${EMAIL}
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
labels:
- traefik.http.routers.to-https.rule=HostRegexp(`{host:.+}`)
- traefik.http.routers.to-https.entrypoints=http
- traefik.http.routers.to-https.middlewares=to-https
- traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)
- traefik.http.routers.traefik.entrypoints=https
- traefik.http.routers.traefik.middlewares=auth
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=${CERT_RESOLVER}
- traefik.http.middlewares.to-https.redirectscheme.scheme=https
- traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_USER}:${TRAEFIK_PASSWORD_HASH}
ports:
- 80:80
- 443:443
volumes:
- ./data/letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
api:
image: vikunja/api
environment:
VIKUNJA_DATABASE_HOST: db
VIKUNJA_DATABASE_PASSWORD: ${TRAEFIK_PASSWORD_HASH}
VIKUNJA_DATABASE_TYPE: mysql
VIKUNJA_DATABASE_USER: vikunja
VIKUNJA_DATABASE_DATABASE: vikunja
VIKUNJA_SERVICE_ENABLEREGISTRATION: "true"
VIKUNJA_SERVICE_FRONTENDURL: "https://vikunja.${DOMAIN}"
volumes:
- ./files:/app/vikunja/files
networks:
- web
- default
depends_on:
- db
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.vikunja-api.rule=Host(`vikunja.${DOMAIN}`) && PathPrefix(`/api/v1`, `/dav/`, `/.well-known/`)"
- "traefik.http.routers.vikunja-api.entrypoints=https"
- "traefik.http.routers.vikunja-api.tls.certResolver=${CERT_RESOLVER}"
- "traefik.http.routers.vikunja-api.service=vikunja-api-svc"
- "traefik.http.services.vikunja-api.loadbalancer.server.port=3456"
- "traefik.http.routers.vikunja-api.tls=true"
frontend:
image: vikunja/frontend
environment:
VIKUNJA_API_URL: "https://vikunja.${DOMAIN}/api/v1"
labels:
- "traefik.enable=true"
- "traefik.http.routers.vikunja-frontend.rule=Host(`vikunja.${DOMAIN}`)"
- "traefik.http.routers.vikunja-frontend.entrypoints=https"
- "traefik.http.routers.vikunja-frontend.tls.certResolver=${CERT_RESOLVER}"
networks:
- web
- default
restart: unless-stopped
db:
image: mariadb:10
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_ROOT_PASSWORD: ${TRAEFIK_PASSWORD_HASH}
MYSQL_USER: vikunja
MYSQL_PASSWORD: ${TRAEFIK_PASSWORD_HASH}
MYSQL_DATABASE: vikunja
volumes:
- ./db:/var/lib/mysql
restart: unless-stopped
command: --max-connections=1000
networks:
web:
external: true
traefik runs. I get an SSL cert for the vikunja subdomain, but I don’t get a registration button.
this shows up in the logs:
docker logs traefik_api_1
usermod: no changes
2021/12/09 00:32:20 Config File "config" Not Found in "[/app/vikunja /etc/vikunja /app/vikunja/.config/vikunja]"
2021/12/09 00:32:20 Using default config.
2021-12-09T00:32:20.406821425Z: CRITICAL â–¶ migration/Migrate 002 Migration failed: dial tcp 172.26.0.2:3306: connect: connection refused
usermod: no changes
2021/12/09 00:32:21 Config File "config" Not Found in "[/app/vikunja /etc/vikunja /app/vikunja/.config/vikunja]"
2021/12/09 00:32:21 Using default config.
2021-12-09T00:32:21.621572082Z: CRITICAL â–¶ migration/Migrate 002 Migration failed: Error 1045: Access denied for user 'vikunja'@'172.26.0.5' (using password: YES)
docker logs traefik_db_1
#i cut a bunch of stuff that seemed to be "normal" log entries#
2021-12-09 0:32:21 3 [Warning] Access denied for user 'vikunja'@'172.26.0.5' (using password: YES)
not quite sure what’s going on if someone can help.