The problem:
From a browser on my windows machine, I can access the default django page via:
From the same windows machine:
So I know that the routing from the interweb to an internal docker container works.
Note: django app is minimum required for django app to display django default page
My home lab setup
Note: using cloudflare origin certificates, rather than letsencrypt
The traefik docker-compose.yml file is:
networks:
mynet:
external: true
services:
traefik:
image: docker.io/library/traefik:2.11.2
container_name: traefik
ports:
- 80:80
- 443:443
# -- (Optional) Enable Dashboard, don't do in production
- 8080:8080
environment:
- CF_DNS_API_TOKEN=[cloudflare token]
- TZ=[local timezone]
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config/traefik.yml:/etc/traefik/traefik.yml:ro # For the static configuration
- ./config/config.yml:/etc/traefik/config.yml:ro # For any dynamic configuration you add
- ./certs:/certs:ro # location for the certs
- ./logs:/var/log/traefik
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:[password]"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.entrypoints=web"
- "traefik.http.routers.traefik.rule=Host(`monitor.example.com`)"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`monitor.example.com`)"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
networks:
- mynet
The traefik config.yml for the django app is:
tls:
certificates:
- certFile: /certs/[origin cert].crt
keyFile: /certs/[origin cert].key
http:
routers:
django:
rule: "Host(`example.com`) || Host(`www.example.com`)"
entryPoints:
- "web"
service: django
services:
django:
loadBalancer:
servers:
- url: "http://192.168.1.100:5000"
In the traefik.yml file:
global:
checkNewVersion: false
sendAnonymousUsage: false
log:
level: INFO
api:
dashboard: true
insecure: true
entryPoints:
web:
address: :80
# http: # commenting this out to just try getting http working first
# redirections:
# entryPoint:
# to: websecure
# scheme: https
websecure:
address: :443
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: mynet
file:
filename: /etc/traefik/config.yml
watch: true
The django docker-compose file is:
volumes:
production_postgres_data: {}
production_postgres_data_backups: {}
production_django_media: {}
networks:
mynet:
external: true
services:
django:
build:
context: .
dockerfile: ./compose/production/django/Dockerfile
image: project_production_django
container_name: project_production_django
volumes:
- production_django_media:/app/project/media
depends_on:
- postgres
env_file:
- ./.envs/.production/.django
- ./.envs/.production/.postgres
networks:
- mynet
ports:
- 5000:5000
command: /start
postgres:
build:
context: .
dockerfile: ./compose/production/postgres/Dockerfile
image: project_production_postgres
container_name: project_production_postgres
volumes:
- production_postgres_data:/var/lib/postgresql/data
- production_postgres_data_backups:/backups
env_file:
- ./.envs/.production/.postgres
networks:
- mynet
In django settings I have
ALLOWED_HOSTS = ["localhost", "127.0.0.1", "192.168.1.100", ".example.com",]
Any other info required?
So what am I missing... :o(
Cheers in advance
I couldn't figure out how to use the config.yml to point to my django service i.e. what URL to use.
However, I did get it to work by adding labels to the django service in the docker compose file, sourced orignally from django-cookiecutter.
Reminder: am not using a certresolver/LetsEncrypt, rather using origin server certs from cloudflare.
Obviously replace example.com with your domain name.
volumes:
production_postgres_data: {}
production_postgres_data_backups: {}
# production_traefik: {}
production_django_media: {}
networks:
mynet:
external: true
services:
django:
build:
context: .
dockerfile: ./compose/production/django/Dockerfile
image: project_production_django
volumes:
- production_django_media:/app/project/media
depends_on:
- postgres
env_file:
- ./.envs/.production/.django
- ./.envs/.production/.postgres
labels:
- "traefik.enable=true" # This option overrides the provider value of exposedByDefault.
- "traefik.http.routers.django.rule=Host(`example.com`)"
- "traefik.http.services.django.loadbalancer.server.port=5000"
- "traefik.http.routers.django.tls=true"
networks:
- mynet
ports:
- 5000:5000
command: /start
postgres:
build:
context: .
dockerfile: ./compose/production/postgres/Dockerfile
image: project_production_postgres
# container_name: project_production_postgres
volumes:
- production_postgres_data:/var/lib/postgresql/data
- production_postgres_data_backups:/backups
env_file:
- ./.envs/.production/.postgres
networks:
- mynet