Page 1 of 1

"Bad Gateway" Error when settting up Cyclos Website for HTTPS with Docker, Traefik, and Letsencrypt

Posted: Wed Jan 02, 2019 8:09 am
by atitokor
Following a lead from viewtopic.php?t=3160 - thanks @dman and @raphaelbalbinot - I created 3 Docker containers behind a Traefik proxy (also a Docker container) to run my Cyclos operation; 4 containers total, complete with elegant web-based sub-domains for monitoring and database admin (similar to phpMyAdmin), plus backend Postgres Cyclos DB and the Cyclos frontend. All containers are up, everything runs fine, except that the website (my Cyclos frontend) is returning a "Bad Gateway" error message, and does not display any content. It is suggested the issue may be related to Tomcat container's listening port, and I'd like to know if anybody has an idea. Please see my setup in CONFIGURATION 1 below.

Part of my challenge is that the Docker installation method recommended in Cyclos 4 Pro Installation Guide worked elegantly but I could not find a way to secure it with https. Please see that setup in CONFIGURATION 2 below.

Any help with either of these approaches will be highly appreciated.
Thanks in advance!
Art Atitokor


CONFIGURATION 1: SSL Installed. Site secured. STICKING POINT:- Site content does not display. Getting error message "Bad gateway"
If you need help to reproduce this issue, this guide is superb https://www.digitalocean.com/community/ ... untu-18-04
======================================================================================================

1a. TRAEFIK.TOML

Code: Select all

# traefik.toml Global Configuration
debug = true
checkNewVersion = true
logLevel = "DEBUG"
InsecureSkipVerify = true

# Access log
filePath = "/path/to/traefik/access.log"
format = "common"

#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["http", "https"]

#Define The Following EntryPoints
[entryPoints]

#1st Enable Traefik Dashboard on port 8080
#with basic authentication method
 [entryPoints.dashboard]
  address = ":8080"
   [entryPoints.dashboard.auth]
    [entryPoints.dashboard.auth.basic]
     users = ["username:$apr1$bGak4Axn&%9.iQLN+0OLvHJws4jh1TAQv9N."]

#Force HTTPS
 [entryPoints.http]
  address = ":80"
   [entryPoints.http.redirect]
    entryPoint = "https"
 [entryPoints.https]
  address = ":443"
   [entryPoints.https.tls]

#Enable Dashboard API
[api]
entrypoint="dashboard"

#Enable retry sending a request if network error
[retry]

#Letsencrypt configuration with Letsencrypt ACME HTTP challenge
[acme]
email = "user@domain.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
 [acme.httpChallenge]
 entryPoint = "http"
[[acme.domains]]
   main = "DOMAIN.COM"
[[acme.domains]]
   main = "MONITOR.DOMAIN.COM"
[[acme.domains]]
   main = "DBADMIN.DOMAIN.COM"

#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "domain.com"
watch = true
network = "web"

1b. TRAEFIK PROXY CONTAINER

Code: Select all

docker run --restart=unless-stopped -d \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $PWD/traefik.toml:/traefik.toml \
-v $PWD/acme.json:/acme.json \
-p 80:80 \
-p 443:443 \
-l traefik.frontend.rule=Host:monitor.domain.com \
-l traefik.port=8080 \
--network web \
--name traefik \
traefik:1.7.6-alpine


1c. DOCKER-COMPOSE.YML

Code: Select all

#docker-compose.yml
version: "3.7"

networks:
  web:
    external: true
  internal:
    external: false

services:
 app:
    image: cyclos/cyclos
    restart: unless-stopped
    volumes:
    - "/var/lib/docker/volumes/htdoc/cyclos"  #persistent data-source that can survive container destruction
    environment:
       DB_NAME: "exampledb"
       DB_USER: "exampleuser"
       DB_PASSWORD: "secret"
    labels:
      - "traefik.enable=true"
      - traefik.backend=app
      - traefik.frontend.rule=Host:www.domain.com
      - traefik.docker.network=web
      - traefik.port=80
    networks:
      - internal
      - web
    depends_on:
      - db

  db:
    image: cyclos/db
    restart: unless-stopped
    volumes:
    - "./pgdata:/var/lib/postgresql/data/mwdata" #persistent data-source that can survive container destruction
    environment:
       POSTGRES_DB: 'exampledb'
       POSTGRES_USER: 'exampleuser'
       POSTGRES_PASSWORD: 'secret'
       PGDATA: /var/lib/postgresql/data/data
    networks:
      - internal
    labels:
      - traefik.enable=false # to specify that Traefik should not expose this container to the internet.

  adminer:
    image: adminer:4.7-standalone
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - traefik.backend=adminer
      - traefik.frontend.rule=Host:dbadmin.domain.com
      - traefik.docker.network=web
      - traefik.port=8080
    networks:
      - internal
      - web
    depends_on:
      - db
      
CONFIGURATION 2: Site displays. Love application; elegant, feature-rich, flexible. STICKING POINT - Can't find a way to secure as HTTPS with SSL/TLS

2a. Create Cyclos Database

Code: Select all

docker run --restart=unless-stopped -d \
    --name=db \
    --mount source=exampledata,target=/cyclos \ #to make sure data is not deleted when container is destroyed
    --net=example-net \
    --hostname=example-db \
    -e POSTGRES_DB=cyclosdb \
    -e POSTGRES_USER=username \
    -e POSTGRES_PASSWORD=secret \
    cyclos/db
      

2b. Install Cyclos and set the database

Code: Select all

docker run --restart=unless-stopped -d \
    --name=app \
    --mount source=sitedata,target=/cyclos \ #to make sure data is not deleted when container is destroyed
    -p 80:8080 \
    -p 443:8443 \
    --net=example-net \
    -e DB_HOST=example-db \
    -e DB_NAME=cyclosdb \
    -e DB_USER=username \
    -e DB_PASSWORD=secret \
    cyclos/cyclos
      
Any help with either of these approaches will be highly appreciated.
Thanks
Art Atitokor

Re: "Bad Gateway" Error when settting up Cyclos Website for HTTPS with Docker, Traefik, and Letsencrypt

Posted: Fri Jun 21, 2019 4:54 pm
by raphaelbalbinot
Hello,
Traefik no longer works. I'm using nginx quoted in the original post a good time and works perfectly.