-
-
Save ismailyenigul/0d25f37337bf9b56f537488670121365 to your computer and use it in GitHub Desktop.
| ## Trafik Multi Network Deployment | |
| 1. Create Traefik network | |
| ` # docker network create --driver=bridge --attachable --internal=false traefik ` | |
| 2. Edit `traefik2/docker-compose.yml` | |
| - Change ACME email | |
| - Change --providers.docker.network=traefik value if you created different network then `traefik` | |
| 3. Deploy traefik | |
| `docker-compose -f traefik2/docker-compose.yml up -d` | |
| 4. Edit `nextcloud/docker-compose.yml` | |
| - Change traefik.http.routers.nextcloud.rule Host | |
| - Remove `traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue` and `contentSecurityPolicy` | |
| if you dont need to iframe access from your external website | |
| - Change PostgreSQL environments | |
| - Edit `TRUSTED_PROXIES` with your traefik network address | |
| 5. Deploy nextcloud | |
| `docker-compose -f nextcloud/docker-compose.yml up -d` | |
| $ cat traefik2/docker-compose.yml | |
| # Create network first | |
| # docker network create --driver=bridge --attachable --internal=false traefik | |
| #NOTES: | |
| #1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com | |
| # cat docker-compose.yml | |
| version: '3.3' | |
| volumes: | |
| letsencrypt: | |
| driver: local | |
| services: | |
| traefik: | |
| image: traefik:v2.2 | |
| container_name: traefik | |
| restart: always | |
| command: | |
| - "--log.level=DEBUG" | |
| - "--api.insecure=true" | |
| - "--providers.docker=true" | |
| - "--providers.docker.network=traefik" | |
| - "--providers.docker.exposedbydefault=true" | |
| - "--entrypoints.web.address=:80" | |
| - "--entrypoints.websecure.address=:443" | |
| - "--entrypoints.web.http.redirections.entryPoint.to=websecure" | |
| - "--entrypoints.web.http.redirections.entryPoint.scheme=https" | |
| - "--certificatesresolvers.myresolver.acme.httpchallenge=true" | |
| - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" | |
| - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com" | |
| - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| networks: | |
| - default | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - letsencrypt:/letsencrypt | |
| networks: | |
| default: | |
| external: | |
| name: traefik | |
| $ cat nextcloud/docker-compose.yml | |
| # Create netxcloud network first | |
| # docker network create nextcloud | |
| #NOTES: | |
| #1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com | |
| #2. TRUSTED_PROXIES values based on your 'traefik docker network run docker network inspect traefik' to see the network | |
| #3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and | |
| #traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain | |
| version: '3.3' | |
| volumes: | |
| nextcloud-www: | |
| driver: local | |
| nextcloud-db: | |
| driver: local | |
| redis: | |
| driver: local | |
| services: | |
| db: | |
| restart: always | |
| image: postgres:11 | |
| networks: | |
| - nextcloud | |
| environment: | |
| - POSTGRES_USER=nextcloud | |
| - POSTGRES_PASSWORD=password | |
| - POSTGRES_DB=nextcloud | |
| volumes: | |
| - nextcloud-db:/var/lib/postgresql/data | |
| redis: | |
| image: redis:latest | |
| restart: always | |
| networks: | |
| - nextcloud | |
| volumes: | |
| - redis:/var/lib/redis | |
| nextcloud: | |
| image: nextcloud:latest | |
| restart: always | |
| networks: | |
| - default | |
| - nextcloud | |
| depends_on: | |
| - redis | |
| - db | |
| labels: | |
| - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect | |
| - traefik.http.routers.nextcloud.tls.certresolver=myresolver | |
| - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`) | |
| - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com | |
| - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net | |
| - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 | |
| - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true | |
| - traefik.http.middlewares.nextcloud.headers.stsPreload=true | |
| - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav | |
| - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/ | |
| environment: | |
| - POSTGRES_DB=nextcloud | |
| - POSTGRES_USER=nextcloud | |
| - POSTGRES_PASSWORD=password | |
| - POSTGRES_HOST=db | |
| - NEXTCLOUD_ADMIN_USER=admin | |
| - NEXTCLOUD_ADMIN_PASSWORD=adminpass | |
| - REDIS_HOST=redis | |
| - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com | |
| - TRUSTED_PROXIES=172.19.0.0/16 | |
| volumes: | |
| - nextcloud-www:/var/www/html | |
| networks: | |
| default: | |
| external: | |
| name: traefik | |
| nextcloud: | |
| internal: true | |
Hello thanks for writing this up. This is exactly what i was looking for so that I can use Traefik for other containers also and not just nextcloud.
everything went smoothly but i am getting "404 page not found" when I am trying to set up next cloud in the browser.
I am getting this log for nextcloud from portainer
`
Configuring Redis as session handler
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.23.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.23.0.4. Set the 'ServerName' directive globally to suppress this message
[Thu Jun 25 03:12:05.835939 2020] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.7 configured -- resuming normal operations
[Thu Jun 25 03:12:05.836109 2020] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
`
only thing I changed is the - POSTGRES_DB=nextcloud to default or else it was showing errors
other container db and redis saying both says ready to accept connections.
I am on raspberry pi 4 running OMV5 with dockers
any help will be appreciated
404 means that treafik can't map your requested hostname to the nextcloud container.
you can check traefik container logs. Above apache logs is not an issue.
Ensure that Host value - traefik.http.routers.nextcloud.rule=Host(nextcloud.mydomain.com) is same as your domain name.
Hi, thanks for sharing your compose files. I have a question I am trying to get nextcloud working with:
"traefik.http.routers.nextcloud-secure.rule=Host(my.example.net)" && PathPrefix(/nx)"
and somehow I can't get it working I allways get redirection errors have you ever tryed a solution like that? with traefik 1 it worked like a charm but somehow I can't get it running with traefik 2.
Greetings and thanks
wHyEt
Hi @wHyEt
Please check https://docs.traefik.io/migration/v1-to-v2/#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services
- "traefik.http.routers.router0.rule=Host(`test.localhost`) && PathPrefix(`/test`)"
Hi @ismailyenigul
thanks a lot for your files, help me so much.
I have one question, when deploy nextcloud file, this created another internal network
b81dd7d84cf0 nextcloud bridge local 1265ff7689c2 nextcloud_nextcloud bridge local
Do you know what happened?
I copy/paste your code, change domains and create network nextcloud that you say for persistent network. I want to add another service, in future.
thx
there you go..perfect..surprised it is exact as v1...works for what i was trying to do
thanks!