How do I set a DNS of the dashboard in docker with traefik?

[mneumann]

I am trying to deploy the following stack:

version: "3.7"

services:
wordpress_ahs:
image: ghcr.io/ndigitals/openlitespeed:latest
volumes:
- /root/ah/lsws/conf:/usr/local/lsws/conf
- /root/ah/lsws/admin/conf:/usr/local/lsws/admin/conf
- /root/ah/bin/container:/usr/local/bin
- /root/ah/sites:/var/www/vhosts/
- /root/ah/acme:/root/.acme.sh/
- /root/ah/logs:/usr/local/lsws/logs/
#ports:
# - 80:80
# - 443:443
# - 443:443/udp
# - 7080:7080
restart: always
networks:
- network_public
environment:
TZ: Europe/Vienna
deploy:
mode: replicated
# Vamos ter apenas uma instância
replicas: 1
placement:
constraints:
- node.hostname == worker-de1
resources:
limits:
cpus: "1"
memory: 2048M
labels:
# Main site
- traefik.enable=true
- traefik.http.routers.wordpress_ahs.rule=Host(`www.domain.com`)
- traefik.http.routers.wordpress_ahs.entrypoints=websecure
- traefik.http.routers.wordpress_ahs.priority=1
- traefik.http.routers.wordpress_ahs.tls.certresolver=letsencryptresolver
- traefik.http.routers.wordpress_ahs.service=wordpress_ahs
- traefik.http.services.wordpress_ahs.loadbalancer.server.port=80
- traefik.http.services.wordpress_ahs.loadbalancer.passHostHeader=1
# Admin dashboard
- traefik.http.routers.wordpress_ahsa.rule=(Host(`admin.domain.com`))
- traefik.http.routers.wordpress_ahsa.entrypoints=websecure
- traefik.http.routers.wordpress_ahsa.priority=1
- traefik.http.routers.wordpress_ahsa.tls.certresolver=letsencryptresolver
- traefik.http.routers.wordpress_ahsa.service=wordpress_ahs
- traefik.http.services.wordpress_ahsa.loadbalancer.server.port=7080
- traefik.http.services.wordpress_ahsa.loadbalancer.passHostHeader=1

networks:
network_public:
name: network_public
external: true

When I access those addreses I get on www.domain.com a 404 page, which is expected, but on the admin.domain.com I get a 404 page as well, which should be showing the login to the admin area. When I expose the port, I get a security certificate warning, but the login to the dashboard is showing. Am I doing something wrong?

 

[timnolte]

@mneumann I'm not quite sure why you are getting a 404 when you are attempting to proxy the OLS console. I am currently running the OLS arm Docker image behind an Nginx proxy, though I am also running the Nginx proxy via Docker as well and I'm connecting the Nginx proxy to the OLS 7080 port via a private Docker bridge network. I haven't delved into using traefik, however, I'm thinking that traefik is not actually able to access the Docker private network that OLS is running on. This would also be the case with any virtual hosts you setup in OLS. I have many domains setup in my Nginx proxy and I'm connecting them to the Docker container name and the HTTPS port 443, however you would also need to ensure that traefik is on the same Docker bridge network as the OLS container for either port 80 or 443 to load as well.

Can you confirm is the 404 you are receiving is a traefik 404 or an OLS provided 404?

 

[mneumann]

It is in both cases a OLS provided 404

 

[timnolte]

@mneumann hmm, it sure seems like perhaps your traefik configuration is not right. If you are receiving an OLS 404 when attempting to use the proxy address that should be forwarding to the console 7080 port, but when exposing it directly it's working that sure seems to me like a traefik issue. What do you find in the OLS logs?

 

[mneumann]

In the docker log of the container I find:

[OK] litespeed: pid=33.

I guess that OLS has an access log, where do I find that? I have trouble finding this kind of things inside the documentation.

 

[timnolte]

@mneumann so you mapped the OLS logs in your traefik configuration:

- /root/ah/logs:/usr/local/lsws/logs/

 

[mneumann]

I checked the log files and I get both times a get request to the root with 404 and a favicon request right after that. For the web URL and the admin URL basically the same response. Should the admin URL show up in the log files or not?

 

[timnolte]

@mneumann seems like traefik isn't proxying to console port properly, like it's completely dropping the 7080 port and just sending traffic to the standard port.

I seem to recall there isn't a default valid site running by default with the image and it will return a 404 if you don't have a vhost setup.

I'll have to look at my running instance logs and see what I find when making requests to the console.

 

[timnolte]

@mneumann OK, just checked and the admin console logs are stored in /usr/local/lsws/admin/logs/ so if you want to retain those logs between container rebuilds you'll want to map that path like you are with the vhost logs.

 

[mneumann]

Just found out the problem was really with my traefik configuration

 

[ImBIOS]

I'm using Coolify, and have the same problem. @mneumann how do you solve it?

 

[eclosao]

@ImBIOS I managed to solve it by changing the port on Traefik.
before
- traefik.http.services.wordpress.loadbalancer.server.port=80 <<<<<

after

- traefik.http.services.wordpress.loadbalancer.server.port=8088 <<<<<