We Keep Coding

404 page not found error with traefik and nextcloud (docker-compose)

I have setup a cloud server using docker-compose and traefik as reverse proxy as described here: https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/. I have received an ssl wildcard certificate of my home domain and can access the traefik dashboard. However, I did not succeed in getting the NextCloud container working. It produces an error "404 page not found".
I have used the following labels in the NextCloud service section:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud-secure.rule=Host(${NEXTCLOUDURL})"
- "traefik.http.routers.nextcloud-secure.tls=true"
- "traefik.http.routers.nextcloud.tls.passthrough=true"
- "traefik.http.routers.nextcloud.tls.certResolver=dns-cloudflare"
- "traefik.http.routers.nextcloud.middlewares=nextcloudheaders#docker,nextcloud-dav#docker"
- "traefik.http.routers.nextcloud.service=nextcloud"
- "traefik.docker.network=t2_proxy"
- "traefik.docker.network=nextcloud"
- "traefik.http.routers.nextcloud-secure.middlewares=nextcloudheaders#docker,nextcloud-dav#docker"
- "traefik.http.middlewares.nextcloudheaders.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.nextcloudheaders.headers.accessControlAllowOrigin=*"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"```
This is my docker-compose.yml file:
**
version: "3.9"
########################### NETWORKS
# There is no need to create any networks outside this docker-compose file.
# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
# Docker Compose version 3.5 or higher required to define networks this way.
networks:
t2_proxy:
name: t2_proxy
driver: bridge
ipam:
config:
- subnet: 192.168.90.0/24
nextcloud:
name: nextcloud
driver: bridge
default:
driver: bridge
########################### EXTENSION FIELDS
# Helps eliminate repetition of sections
# More Info on how to use this: https://github.com/htpcBeginner/docker-traefik/pull/228
# Common environment values
x-environment: &default-tz-puid-pgid
TZ: $TZ
PUID: $PUID
PGID: $PGID
# Keys common to some of the services in basic-services.txt
x-common-keys-core: &common-keys-core
networks:
- t2_proxy
security_opt:
- no-new-privileges:true
restart: always
# profiles:
# - core
# Keys common to some of the services in basic-services.txt
x-common-keys-monitoring: &common-keys-monitoring
networks:
- t2_proxy
security_opt:
- no-new-privileges:true
restart: always
# profiles:
# - monitoring
# Keys common to some of the dependent services/apps
x-common-keys-apps: &common-keys-apps
networks:
- t2_proxy
security_opt:
- no-new-privileges:true
restart: unless-stopped
# profiles:
# - apps
volumes:
nextcloud_root:
nextcloud_data:
nextcloud_config:
nextcloud_apps:
db_nextcloud:
############################ SERVICES
services:
############################# FRONTENDS
# Traefik 2 - Reverse Proxy
# Touch (create empty files) traefik.log and acme/acme.json. Set acme.json permissions to 600.
# touch $DOCKERDIR/appdata/traefik2/acme/acme.json
# chmod 600 $DOCKERDIR/appdata/traefik2/acme/acme.json
# touch $DOCKERDIR/logs/cloudserver/traefik/traefik.log # customize this
traefik:
<<: *common-keys-core # See EXTENSION FIELDS at the top
container_name: traefik
image: traefik:2.7
command: # CLI arguments
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=true
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
# - --entrypoints.https.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS # only needed if orange cloudflare in DNS records used
- --entryPoints.traefik.address=:8080
# - --entryPoints.ping.address=:8081
- --api=true
# - --api.insecure=true
- --api.dashboard=true
#- --ping=true
# - --serversTransport.insecureSkipVerify=true
- --log=true
- --log.filePath=/logs/traefik.log
- --log.level=debug # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/logs/access.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=204-299,400-499,500-599
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock # Use Docker Socket Proxy instead for improved security
# - --providers.docker.endpoint=tcp://socket-proxy:2375
# Automatically set Host rule for services
# - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME_CLOUD_SERVER`)
- --providers.docker.exposedByDefault=false
# - --entrypoints.https.http.middlewares=chain-oauth#file
- --entrypoints.https.http.tls.options=tls-opts#file
# Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services
- --entrypoints.https.http.tls.certresolver=dns-cloudflare
- --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER
- --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME_CLOUD_SERVER
# - --entrypoints.https.http.tls.domains[1].main=$DOMAINNAME2 # Pulls main cert for second domain
# - --entrypoints.https.http.tls.domains[1].sans=*.$DOMAINNAME2 # Pulls wildcard cert for second domain
- --providers.docker.network=t2_proxy
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
# - --providers.file.filename=/path/to/file # Load dynamic configuration from a file
- --providers.file.watch=true # Only works on top level files in the rules folder
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
# - --metrics.prometheus=true
# - --metrics.prometheus.buckets=0.1,0.3,1.2,5.0
networks:
t2_proxy:
ipv4_address: 192.168.90.254 # You can specify a static IP
# socket_proxy:
#healthcheck:
# test: ["CMD", "traefik", "healthcheck", "--ping"]
# interval: 5s
# retries: 3
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080 # insecure api wont work
published: 8080
protocol: tcp
mode: host
volumes:
- $DOCKERDIR/appdata/traefik2/rules/cloudserver:/rules # file provider directory
- /var/run/docker.sock:/var/run/docker.sock:rw # Use Docker Socket Proxy instead for improved security
- $DOCKERDIR/appdata/traefik2/acme/acme.json:/acme.json # cert location - you must create this emtpy file and change permissions to 600
- $DOCKERDIR/logs/cloudserver/traefik:/logs # for fail2ban or crowdsec
- $DOCKERDIR/shared:/shared
environment:
- TZ=$TZ
- CF_API_EMAIL=$CLOUDFLARE_EMAIL
- CF_API_KEY=$CLOUDFLARE_API_KEY
- DOMAINNAME_CLOUD_SERVER # Passing the domain name to traefik container to be able to use the variable in rules.
# secrets:
#- cf_email
# - cf_api_key
# - htpasswd
labels:
#- "autoheal=true"
- "traefik.enable=true"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_CLOUD_SERVER`)"
- "traefik.http.routers.traefik-rtr.tls=true" # Some people had 404s without this
# - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
- "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER"
- "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME_CLOUD_SERVER"
# - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$DOMAINNAME2" # Pulls main cert for second domain
# - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$DOMAINNAME2" # Pulls wildcard cert for second domain
## Services - API
- "traefik.http.routers.traefik-rtr.service=api#internal"
## Healthcheck/ping
#- "traefik.http.routers.ping.rule=Host(`traefik.$DOMAINNAME_CLOUD_SERVER`) && Path(`/ping`)"
#- "traefik.http.routers.ping.tls=true"
#- "traefik.http.routers.ping.service=ping#internal"
## Middlewares
#- "traefik.http.routers.traefik-rtr.middlewares=chain-no-auth#file" # For No Authentication
#- "traefik.http.routers.traefik-rtr.middlewares=chain-auth-basic#file" # For Basic HTTP Authentication
#- "traefik.http.routers.traefik-rtr.middlewares=chain-oauth#file" # For Google OAuth
#- "traefik.http.routers.traefik-rtr.middlewares=chain-authelia#file" # For Authelia Authentication
- "traefik.http.routers.traefik-rtr.middlewares=middlewares-basic-auth#file"
db_nextcloud:
image: linuxserver/mariadb:arm64v8-latest
restart: always
volumes:
- db_nextcloud:/var/lib/mysql
environment:
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=${MYSQLPASSWORD}
- MYSQL_ROOT_PASSWORD=${MYSQLROOTPASSWORD}
networks:
- nextcloud
nextcloud:
image: nextcloud:24
restart: always
depends_on:
- db_nextcloud
volumes:
- nextcloud_root:/var/www/html
- nextcloud_data:/var/www/html/data
- nextcloud_config:/var/www/html/config
- nextcloud_apps:/var/www/html/apps
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=${MYSQLPASSWORD}
- MYSQL_HOST=db_nextcloud
- NEXTCLOUD_ADMIN_USER=ncpraef
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUDADMINPASSWORD}
- NEXTCLOUD_TRUSTED_DOMAINS="${NEXTCLOUDURL}"
- OVERWRITEPROTOCOL=https
- TRUSTED_PROXIES="172.17.0.0/12,192.168.90.0/24"
networks:
- t2_proxy
- nextcloud
labels:
- "traefik.enable=true"
# - "traefik.http.routers.nextcloud.rule=Host(`${NEXTCLOUDURL}`)"
# - "traefik.http.routers.nextcloud.middlewares=redirect-to-https#docker"
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# - "traefik.http.routers.nextcloud-secure.entrypoints=web-secure"
- "traefik.http.routers.nextcloud-secure.rule=Host(`${NEXTCLOUDURL}`)"
- "traefik.http.routers.nextcloud-secure.tls=true"
# - "traefik.http.routers.nextcloud.middlewares=chain-no-auth#file" # No Authentication
# - "traefik.http.routers.traefik-secure-secured.tls.certresolver=letsencrypthttpchallenge"
- "traefik.http.routers.nextcloud.tls.passthrough=true"
- "traefik.http.routers.nextcloud.tls.certResolver=dns-cloudflare"
- "traefik.http.routers.nextcloud.middlewares=nextcloudheaders#docker,nextcloud-dav#docker"
- "traefik.http.routers.nextcloud.service=nextcloud"
- "traefik.docker.network=t2_proxy"
- "traefik.docker.network=nextcloud"
- "traefik.http.routers.nextcloud-secure.middlewares=nextcloudheaders#docker,nextcloud-dav#docker"
- "traefik.http.middlewares.nextcloudheaders.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.nextcloudheaders.headers.accessControlAllowOrigin=*"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
**
Any idea would be appreciated why I cannot access the NextCloud URL cloud.<DOMAIN>?

Traefik Acme "MissingEndpoint" 'Endpoint' configuration is required for this service

I've been using Traefik for a while now to get and renew an ACME wildcard certificate. It uses AWS Route 53 for a DNS Challenge. The cert recently expired, having failed to renew with an error I can't find a solution anywhere. "Endpoint" doesn't seem to exist in any documentation on Traefik I can find.
route53: MissingEndpoint: 'Endpoint' configuration is required for this service
FULL ERROR:
time="2022-05-09T20:23:49Z" level=error msg="Error renewing certificate from LE: {*.internal.<DOMAIN REMOVED> []}, error: one or more domains had a problem:\n[*.internal.<DOMAIN REMOVED>] [*.internal.<DOMAIN REMOVED>] acme: error presenting token: route53: MissingEndpoint: 'Endpoint' configuration is required for this service\n" providerName=dns-route53.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" here
Here's a cut down version of my docker-compose file to define Traefik:
services:
traefik:
image: "traefik:latest"
environment:
- AWS_ACCESS_KEY_ID=${TRAEFIK_AWS_ACCESS_KEY_ID}
- AWS_SECRET_ACCESS_KEY=${TRAEFIK_AWS_SECRET_ACCESS_KEY}
- AWS_REGION=${AWS_REGION}
- AWS_HOSTED_ZONE_ID=${ROUTE53_HOSTED_ZONE_ID}
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--entrypoints.https.http.tls.certResolver=dns-route53"
- "--entrypoints.public.http.tls.certResolver=dns-route53"
- "--entrypoints.https.http.tls.domains[0].main=*.${DOMAIN}"
- "--certificatesresolvers.dns-route53.acme.dnsChallenge=true"
- "--certificatesResolvers.dns-route53.acme.dnsChallenge.provider=route53"
- "--certificatesResolvers.dns-route53.acme.email=dns#${DOMAIN}"
- "--certificatesResolvers.dns-route53.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
restart: always
I'm using:
Traefik version 2.6.6 built on 2022-05-03T16:58:48Z"
Docker version 20.10.14, build a224086 (all services as a single docker-compose)
AWS Route 53

This likely won't help anyone, but this specific problem was caused because AWS_REGION was set incorrectly.

TLS challenge with docker-compose: acme: error presenting token: timeout

I'm running the basic TLS challenge docker example:
version: "3.3"
services:
traefik:
image: "traefik:v2.4"
restart: always
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- ${DATA_FOLDER}/letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
n8n:
image: mjysci/n8n:latest-rpi
restart: always
ports:
- "127.0.0.1:5678:5678"
labels:
- traefik.enable=true
- traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.n8n.tls=true
- traefik.http.routers.n8n.entrypoints=websecure
- traefik.http.routers.n8n.tls.certresolver=mytlschallenge
- traefik.http.middlewares.n8n.headers.SSLRedirect=true
- traefik.http.middlewares.n8n.headers.STSSeconds=315360000
- traefik.http.middlewares.n8n.headers.browserXSSFilter=true
- traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
- traefik.http.middlewares.n8n.headers.forceSTSHeader=true
- traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
- traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
- traefik.http.middlewares.n8n.headers.STSPreload=true
environment:
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER
- N8N_BASIC_AUTH_PASSWORD
- N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
- N8N_PORT=5678
- N8N_PROTOCOL=https
- NODE_ENV=production
- WEBHOOK_TUNNEL_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${DATA_FOLDER}/.n8n:/home/node/.n8n
But when I'm running it says:
level=error msg="Unable to obtain ACME certificate for domains \"<MY_DOMAIN>\": unable to generate a certificate for the domains [<MY_DOMAIN>]: error: one or more domains had a problem:\n[<MY_DOMAIN>] [<MY_DOMAIN>] acme: error presenting token: timeout 2021-02-01 10:09:04.491784271 +0000 UTC m=+378.657940910\n" providerName=mytlschallenge.acme routerName=n8n#docker rule="Host(`<MY_DOMAIN>`)"
In the browser, the application is available and works well with HTTPS but it says the certificate isn't valid (obviously). What could be wrong here?

i'm having the same problem on some domains.
It looks like its a timeout.
i tried to restart traefik now. same issue again.
ps: add traefik in the title of the thread, you may gain more visibility and answers.
EDIT: I reverted to version 2.3.7 and it works again.
there must be a bug in 2.4 (latest)
i created an issue :
https://github.com/traefik/traefik/issues/7848

How do you enable Feature Gates in K8s?

I need to enable a few Feature Gates on my bare-metal K8s cluster(v1.13). I've tried using the kubelet flag --config to enable them, as kubelet --feature-gates <feature gate> throws an error saying that the feature has been deprecated.
I've created a .yml file with the following configuration:
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
feature-gates:
VolumeSnapshotDataSource=true
and after running: "kubelet --config , I got the following error:
I0119 21:59:52.987945 29087 server.go:417] Version: v1.14.2
I0119 21:59:52.988165 29087 plugins.go:103] No cloud provider specified.
W0119 21:59:52.988188 29087 server.go:556] standalone mode, no API client
F0119 21:59:52.988203 29087 server.go:265] failed to run Kubelet: no client provided, cannot use webhook authentication
Does anyone know what could be happening and how to fix this problem?

You don't apply --feature-gates to the kubelet. You do it to the API-server. Depending on how have you installed kubernetes on bare metal, you would need to either stop API-server, edit the command you start it with and add the following parameter:
--feature-gates=VolumeSnapshotDataSource=true
Or, if it is in a pod, find the manifest, edit it and re-deploy it (it should happen automatically, once you finish editing). It should look like this:
...
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
- --advertise-address=10.132.0.48
- --allow-privileged=true
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --enable-admission-plugins=NodeRestriction
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://127.0.0.1:2379
- --insecure-port=0
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
- --requestheader-allowed-names=front-proxy-client
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=6443
- --service-account-key-file=/etc/kubernetes/pki/sa.pub
- --service-cluster-ip-range=10.96.0.0/12
- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
- --feature-gates=VolumeSnapshotDataSource=true
image: k8s.gcr.io/kube-apiserver:v1.16.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 8
httpGet:
host: 10.132.0.48
path: /healthz
port: 6443
scheme: HTTPS
...

It(VolumeSnapshotDataSource) is a default feature in 1.17 beta releases. It needs to be enabled in API server if the kubernetes version is less than 1.17.

How to set up Kafka for Hyperledger Fabric 1.0?

I want to set up Kafka and am looking at https://github.com/hyperledger/fabric/blob/release/bddtests/dc-orderer-kafka.yml
I have downloaded the latest fabric-release.zip and have grepped with no success: I cannot figure out where the following bash variables for the orderer in dc-orderer-kafka.yml are initialized or what they should be:
- ORDERER_GENERAL_LOCALMSPID=${ORDERER1_ORDERER_GENERAL_LOCALMSPID}
- ORDERER_GENERAL_LOCALMSPDIR=${ORDERER1_ORDERER_GENERAL_LOCALMSPDIR}
- ORDERER_GENERAL_TLS_PRIVATEKEY=${ORDERER1_ORDERER_GENERAL_TLS_PRIVATEKEY}
- ORDERER_GENERAL_TLS_CERTIFICATE=${ORDERER1_ORDERER_GENERAL_TLS_CERTIFICATE}
- ORDERER_GENERAL_TLS_ROOTCAS=${ORDERER1_ORDERER_GENERAL_TLS_ROOTCAS}
Does anyone have an example of default values?
Thanks in advance!

An example you were looking for:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
Found at docker-compose-base.yaml