We Keep Coding

Custom installation of docker nextcloud

I'm trying to configure my nextcloud on my digitalocean server (debian 11). Using nginx proxy manager and nextcloud under docker
I change the root directory of the docker-compose (since I was out of disk space, I added a volume and mounted it at /var/lib/docker/volumes/volume_nyc1_01)
I created a new folder called nextcloud. Inside that created docker-co
Version: "3"
volumes:
nextcloud-data:
nextcloud-db:
npm-data:
npm-ssl:
npm-db:
networks:
frontend:
# add this if the network is already existing!
# external: true
backend:
services:
nextcloud-app:
image: nextcloud
restart: always
volumes:
- nextcloud-data:/var/lib/docker/volumes/volume_nyc1_01/var/www/html
environment:
- MYSQL_PASSWORD=raspberrypi
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=nextcloud-db
networks:
- frontend
- backend
nextcloud-db:
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- nextcloud-db:/var/lib/docker/volumes/volume_nyc1_01/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=raspberrypi
- MYSQL_PASSWORD=raspberrypi
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
networks:
- backend
npm-app:
image: jc21/nginx-proxy-manager:latest
restart: always
ports:
- "80:80"
- "81:81"
- "443:443"
environment:
- DB_MYSQL_HOST=npm-db
- DB_MYSQL_PORT=3306
- DB_MYSQL_USER=npm
- DB_MYSQL_PASSWORD=raspberrypi
- DB_MYSQL_NAME=npm
volumes:
- npm-data:/var/lib/docker/volumes/volume_nyc1_01/data
- npm-ssl:/var/lib/docker/volumes/volume_nyc1_01/etc/letsencrypt
networks:
- frontend
- backend
npm-db:
image: jc21/mariadb-aria:latest
restart: always
environment:
- MYSQL_ROOT_PASSWORD=raspberrypi
- MYSQL_DATABASE=npm
- MYSQL_USER=npm
- MYSQL_PASSWORD=raspberrypi
volumes:
- npm-db:/var/lib/docker/volumes/volume_nyc1_01/var/lib/mysql
networks:
- backend
As you could notice, I created through mkdir, each folder after volume_nyc1_01.
Finally I started the server, from /var/lib/docker/volumes/volume_nyc1_01/nextcloud, using docker-compose up -d
Once logged in the ip-addres-server:81, I created the proxy host with domain name mydomain.com and forward hostname/ip nextcloud-app port 80. Saved
When i check in the domain name, it just doesn't show anything. The same happens when tried to establish the ssl.
I know I'm missing something, but I searched a lot and couldn't find anything. I really appreciate any help or suggestion

Redirect from non-www to www with Traefik 2

I would like to redirect from non-www to www.
What I would like to do:
Type in the browser:
https://domainname.com
obtain:
https://www.domainname.com
What I write:
version: "3.9"
services:
traefik:
build: ./traefik
image: image-traefik-eb:v.1.0
container_name: container-traefik-eb
command:
- --log.level=INFO
- --log.filePath=/data-log/traefik.log
- --log.format=json
- --accesslog=true
- --api.insecure
- --api.dashboard
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certresolver=leresolver
- --certificatesresolvers.leresolver.acme.tlsChallenge=true
- --certificatesresolvers.leresolver.acme.email=##########gmail.com
- --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
- --entrypoints.websecure.http.middlewares.redirect-non-www-to-www.redirectregex.permanent=true
- --entrypoints.websecure.http.middlewares.redirect-non-www-to-www.redirectregex.regex="^https?://(?:www\\.)?(.+)"
- --entrypoints.websecure.http.middlewares.redirect-non-www-to-www.redirectregex.replacement="https://www.${1}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./volumes/data-letsencrypt/:/letsencrypt
- ./volumes/data-log/:/data-log/
restart: always
ports:
- 80:80
- 443:443
networks:
- eb
- traefik-network
php:
build: ./php-apache
image: image-php-apache-eb:v.1.0
labels:
traefik.enable: 'true'
traefik.http.services.php.loadbalancer.server.port: 80
traefik.http.services.php.loadbalancer.server.scheme: http
traefik.http.routers.php.rule: Host(`www.#########.ml`,`#########.ml`)
traefik.http.routers.php.middlewares: redirect-non-www-to-www
volumes:
- ./volumes/data-php:/var/www/html
restart: always
depends_on:
- traefik
networks:
- eb
networks:
eb:
internal: true
traefik-network:
Dockerfile
FROM php:8.1-apache
EXPOSE 80
Dockerfile
FROM traefik:v2.8.0
Source from which I got the code:
https://medium.com/geekculture/how-to-redirect-from-non-www-to-www-with-traefik-659cb7197449
What I get:
ERROR: Invalid interpolation format for "command" option in service "traefik": "--entrypoints.websecure.http.middlewares.redirect-non-www-to-www.redirectregex.replacement="https://www.${1}""
ubuntu-22-04-lts#webserver:~/www.domainname.com$
A few steps forward:
With this new configuration:
A) I reach the dashboard in secure mode and on a valid certificate;
B) I reach the PHP service;
C) Redirect http to https and non-www to www;
With this new configuration:
D) I don't get a valid certificate for index.php (I get a certificate only for the dashboard)
E) I get a lot of error warnings on the nameserver.
version: "3.9"
services:
traefik:
build: ./traefik
image: image-traefik-eb:v.1.0
container_name: container-traefik-eb
command:
- --log.level=INFO
- --log.filePath=/data-log/traefik.log
- --log.format=json
- --accesslog=true
- --api.insecure=false
- --api.dashboard=true
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certresolver=leresolver
- --certificatesresolvers.leresolver.acme.tlsChallenge=true
- --certificatesresolvers.leresolver.acme.email=domain-name#gmail.com
- --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
labels:
traefik.enable: true
traefik.http.routers.dashboard.rule: Host(`www.traefik.domain-name.ga`)
traefik.http.routers.dashboard.service: api#internal
traefik.http.routers.dashboard.middlewares: auth
traefik.http.middlewares.auth.basicauth.users: user:***********************
traefik.http.routers.unmatchedwww.rule: HostRegexp(`{name:^www\..*}`)
traefik.http.routers.unmatchedwww.service: noop#internal
traefik.http.routers.unmatchedwww.priority: 2
traefik.http.routers.matchlast.rule: PathPrefix(`/`)
traefik.http.routers.matchlast.priority: 1
traefik.http.routers.matchlast.middlewares: addwww
traefik.http.middlewares.addwww.redirectregex.regex: ^https://(?:www\.)?(.*)
traefik.http.middlewares.addwww.redirectregex.replacement: https://www.$${1}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./volumes/data-letsencrypt/:/letsencrypt
- ./volumes/data-log/:/data-log/
restart: always
ports:
- 80:80
- 443:443
networks:
- eb
- traefik-network
php:
build: ./php-apache
image: image-php-apache-eb:v.1.0
labels:
traefik.enable: 'true'
traefik.http.services.php.loadbalancer.server.port: 80
traefik.http.services.php.loadbalancer.server.scheme: http
traefik.http.routers.php.rule: Host(`www.domain-name.ga`)
traefik.http.routers.php.tls.domains[0].main: domain-name.ga
traefik.http.routers.php.tls.domains[0].sans: www.domain-name.ga
volumes:
- ./volumes/data-php:/var/www/html
restart: always
depends_on:
- traefik
networks:
- eb
networks:
eb:
internal: true
traefik-network:
FROM traefik:v2.8.0
FROM php:8.1-apache
EXPOSE 80
A few steps forward:
With these codes I improve the situation:
traefik.http.routers.php.tls.certresolver: leresolver
Host(`www.traefik.domain-name.ga`,`traefik.domain-name.ga`)
but i have problems with these links:
'https://traefik.domain-name.ga/'
'http://traefik.domain-name.ga/'

I have taken your config and removed HTTPS configuration (so I tested with only HTTP, so no additional layers of complexity, just testing plain HTTP and redirect logic). You will need to adjust and add HTTPS on your own since we are not using any HTTPS with Traeifk so I can't really help you with that. But nonetheless:
About your redirect logic, I had to move
traefik.http.middlewares.redirect-non-www-to-www.redirectregex
logic to the Labels section of the depending service instead of the traefik configuration to make it work. I created a custom domain called 'my-custom-domain.org' and I edited my hosts' file, to point it to my local dev environment.
In the end i came down to the working configuration:
version: "3.9"
services:
traefik:
image: traefik:v2.8.1
container_name: container-traefik-eb
command:
- --log.level=INFO
- --log.format=json
- --accesslog=true
- --api.insecure
- --api.dashboard
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always
ports:
- 80:80
- 443:443
networks:
- eb
php:
image: nginx:latest
labels:
traefik.enable: 'true'
traefik.http.services.php.loadbalancer.server.port: 80
#traefik.http.services.php.loadbalancer.server.scheme: http
traefik.http.routers.php.rule: Host(`www.my-custom-domain.org`,`my-custom-domain.org`)
traefik.http.routers.php.service: php
traefik.http.routers.php.entrypoints: web
traefik.http.routers.php.middlewares: redirect-non-www-to-www
traefik.http.middlewares.redirect-non-www-to-www.redirectregex.permanent: true
traefik.http.middlewares.redirect-non-www-to-www.redirectregex.regex: "^http://my-custom-domain.org/(.*)"
traefik.http.middlewares.redirect-non-www-to-www.redirectregex.replacement: "http://www.my-custom-domain.org/$${1}"
restart: always
depends_on:
- traefik
networks:
- eb
networks:
eb:
external: true
I have tested this configuration in incognito mode and it works as intended for all http://my-custom-domain.org -> http://www.my-custom-domain.org redirects.
I hope you find it useful and are successful with HTTPS additions, or that any other member which works with Traefik here will be able to help you with that issue.

Using a docker container with a VPN

I'm kinda new to docker so maybe my question is stupid, however, I've been unable to find a solution for it for a while now and it's starting to bother me so I'm asking here:
I have a default bridge network inside which there are few containers, one of them is running gluetun which is a vpn client and the rest is what's known as apache guacamole which is used as a remote desktop gateway.
It looks something like this:
networks:
guacnetwork_compose:
driver: bridge
services:
#gluten
gluetun:
image: qmcgaw/gluetun
#trqbva da mu dadem net_admin inache openvpn ne raboti
cap_add:
- NET_ADMIN
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
# - 4823:4822
# networks:
# enable_ipv6=false
volumes:
environment:
- VPNSP=custom
- VPN_TYPE=openvpn
# OpenVPN:
- OPENVPN_USER=
- OPENVPN_PASSWORD=
- OPENVPN_CUSTOM_CONFIG=
# Timezone for accurate log times
# - TZ=
#guacd
guacd:
container_name: guacd_compose
image: guacamole/guacd
network_mode: "service:gluetun"
# networks:
# guacnetwork_compose:
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
# ports:
# - 4823:4822
guacd-no-vpn:
container_name: guacd_compose_no_vpn
image: guacamole/guacd
networks:
- guacnetwork_compose
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
# guacamole
guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE:
POSTGRES_HOSTNAME:
POSTGRES_PASSWORD:
POSTGRES_USER:
image: guacamole/guacamole
links:
- gluetun
networks:
- guacnetwork_compose
ports:
## if not nginx
## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
- 8080/tcp
restart: always
Basically what I want to happen is for the guacd container to use the network of the VPN container and then communicate with the GUI which is the guacamole container. Currently, the guacd is using the gluetun network, however, I can not get it to communicate with the guacamole container despite my efforts. Could somebody tell me what am I doing wrong?

Minio install behind Traefik

I had the previous version (from last yr) of minio running well behind traefik and on portainer with no issues. I attempted an upgrade 4 days ago to the new version and it's been downhill since then. I get the login page but it won't accept credentials; Error:
{"code":500,"detailedMessage":"Post \"https://storage.example.com/\": dial tcp <ip>:443: i/o timeout","message":"invalid Login"}
I suspect it has something to do with the TLS certificate.
Below is my compose file, I've generated the certs as required; any assistance is is welcomed:
minio:
image: minio/minio
container_name: minio
restart: unless-stopped
command: server /data --certs-dir "./minio-data/certs" --address ":9000" --console-address ":9001"
networks:
- traefik-proxy2
expose:
- "9000"
- "9001"
volumes:
- ./minio-data:/data
environment:
- "MINIO_ROOT_USER=love"
- "MINIO_ROOT_PASSWORD=love1234"
- "MINIO_BROWSER_REDIRECT_URL=https://stash.example.com"
- "MINIO_SERVER_URL=https://storage.example.com"
labels:
- "traefik.enable=true"
- "traefik.http.services.minio.loadbalancer.server.port=9000"
- "traefik.http.routers.minio.rule=Host(`storage.example.com`)"
- "traefik.http.middlewares.minio-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.minio.middlewares=minio-https-redirect"
- "traefik.http.routers.minio.entrypoints=https"
- "traefik.http.routers.minio.service=minio"
- "traefik.http.routers.minio.tls=true"
- "traefik.http.routers.minio.tls.certresolver=http"
- "traefik.http.services.minio-console.loadbalancer.server.port=9001"
- "traefik.http.routers.minio-console.rule=Host(`stash.example.com`)"

I was getting the same Invalid Login error: Post "http://minio.localhost/": dial tcp: lookup minio.localhost on 127.0.0.11:53: no such host.
The following docker-compose.yml works. The solution is NOT to use MINIO_DOMAIN or MINIO_SERVER_URL. See # comments at environment: variables.
version: "3.3"
services:
minio:
# Please use fixed versions :D
image: minio/minio:RELEASE.2021-10-06T23-36-31Z
networks:
- traefik-proxy2
volumes:
- minio-data:/data
command:
- server
- /data
- --console-address
- ":9001"
environment:
- MINIO_ROOT_USER=love
- MINIO_ROOT_PASSWORD=love1234
# Do NOT use MINIO_DOMAIN or MINIO_SERVER_URL with Traefik.
# All Routing is done by Traefik, just tell minio where to redirect to.
- MINIO_BROWSER_REDIRECT_URL=http://stash.localhost
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=traefik-proxy2
- traefik.constraint-label=traefik-proxy2
- traefik.http.routers.minio.service=minio
- traefik.http.routers.minio.rule=Host(`storage.localhost`)
- traefik.http.services.minio.loadbalancer.server.port=9000
- traefik.http.routers.minio-console.service=minio-console
- traefik.http.routers.minio-console.rule=Host(`stash.localhost`)
- traefik.http.services.minio-console.loadbalancer.server.port=9001
volumes:
minio-data:
networks:
traefik-proxy2:
external: true

Traefik: Simple Letsencrypt HTTPS redirect to whoami service throws "404 page not found"

I've tried to get this up and running for two days now and some simple HTTP -> HTTPs redirect does not work! :(
Pretty simple use case:
whoami.my-example-domain.com:80 => redirect to whoami.my-example-domain.com:443 and then traefik internally redirects to :80 of my whoami service docker container.
Here's the docker-compose.yml
version: "3"
services:
reverse-proxy:
image: traefik:alpine
command:
- --logLevel=WARN
- --defaultentrypoints=http,https
- --entrypoints=Name:http Address::80 Redirect.EntryPoint:https
- --entrypoints=Name:https Address::443 TLS
- --acme
- --acme.email=myemail#gmail.com
- --acme.storage=acme.json
- --acme.entryPoint=https
- --acme.httpChallenge.entryPoint=http
- --acme.OnHostRule=true
- --acme.onDemand=false
- --acme.acmeLogging=true
- --docker
- --docker.watch
- --docker.exposedbydefault=false
- --docker.domain=docker.localhost
restart: always
networks:
- web
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /opt/data/traefik/acme.json:/acme.json
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:whoami.some-example-domain.com"
- "traefik.port=80"
- "traefik.frontend.entryPoints=http"
networks:
web:
external: true
When I now call http://whoami.some-example-domain.com (this is just a demo domain and won't work) => it redirects to HTTPs... which is cool, but then it throws the famous "404 page not found" traefik standard error.
If already tried to set the following labels to the container:
"traefik.port=80"
"traefik.frontend.entryPoints=http"
That didn't work either.
Any help would be appreciated! Thanks in advance!
Regards,
Sascha

You have to remove traefik.frontend.entryPoints (linked to defaultentrypoints) or use traefik.frontend.entryPoints=http,https
version: "3"
services:
reverse-proxy:
image: traefik:v1.7.8
command:
- --logLevel=WARN
- --defaultentrypoints=http,https
- --entrypoints=Name:http Address::80 Redirect.EntryPoint:https
- --entrypoints=Name:https Address::443 TLS
- --acme
- --acme.email=myemail#gmail.com
- --acme.storage=acme.json
- --acme.entryPoint=https
- --acme.httpChallenge.entryPoint=http
- --acme.OnHostRule=true
- --acme.onDemand=false
- --acme.acmeLogging=true
- --docker
- --docker.exposedbydefault=false
- --docker.domain=some-example-domain.com
restart: always
networks:
- web
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /opt/data/traefik/acme.json:/acme.json
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:some-example-domain.com"
networks:
- web
networks:
web:
external: true