vikunja
/
vikunja
6
43
Fork 70
Code Issues 150 Pull Requests 12 Packages Releases 32 Activity

Frontend files not communicating. #1723

New Issue
Closed
opened 2020-05-10 23:46:24 +00:00 by OldManNiko · 11 comments
OldManNiko commented 2020-05-10 23:46:24 +00:00
Copy Link

I am very excited to try Vikunja out. I have nabbed your docker images, and despite my best efforts, have not been able to get the frontend to make an API call to the back end.

Here's the situation. I have a traefik reverse proxy, using traefik 2. I am listening with traefik on ports 80 and 443, and there is a rule for host(vikunja.example.com) which routes HTTP(80) to HTTPS(443) and uses an LE certificate to provide TLS. I am able to connect the the frontend.

curl -s https://vikunja.EXAMPLE.com

<html lang=en><head></head>
</html>

I can also see the backend api just fine.

curl -s http://vikunja.EXAMPLE.com:3456/api/v1/info
{"version":"0.12+73-f30e405229","frontend_url":"https://vikunja.EXAMPLE.com","motd":"","link_sharing_enabled":true,"max_file_size":"20MB","registration_enabled":true,"available_migrators":null,"task_attachments_enabled":true}

You have some recent commits, so I grabbed the master.zip files and volume mounted them as /usr/share/nginx/html. Still no dice. I have enabled some debug logging, and I can see logs from me hitting the frontend, but nothing shows in the api's logs as far as connections go. My curl commands against the api do show up in the logs.

Finally, I exec'd a shell onto the frontend container, and attempted to curl again against the api, which completed successfully, showing that the container can reach the api and the url for the api is working.

What I get is a login page, no credentials work, or even seem to process (nothing on the api backend). I can click reset, and still no dice. I've tried running the frontend files on just a local nginx proxy and still nothing. Any suggestions?

I am very excited to try Vikunja out. I have nabbed your docker images, and despite my best efforts, have not been able to get the frontend to make an API call to the back end. Here's the situation. I have a traefik reverse proxy, using traefik 2. I am listening with traefik on ports 80 and 443, and there is a rule for host(`vikunja.example.com`) which routes HTTP(80) to HTTPS(443) and uses an LE certificate to provide TLS. I am able to connect the the frontend. > curl -s https://vikunja.EXAMPLE.com > <!DOCTYPE html><html lang=en><head><title>Vikunja</title><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="Vikunja (/vɪˈkuːnjə/) - The to-do app to organize your life."><!--[if IE]><link rel="icon" href="/favicon.ico"><![endif]--><link rel=preload crossorigin=anonymous href=/fonts/fonts.css as=style><link rel=preload crossorigin=anonymous href=/fonts/open-sans-v15-latin-700italic.woff2 as=font><link rel=preload crossorigin=anonymous href=/fonts/open-sans-v15-latin-italic.woff2 as=font><link rel=preload crossorigin=anonymous href=/fonts/quicksand-v7-latin-300.woff2 as=font><link rel=preload crossorigin=anonymous href=/fonts/quicksand-v7-latin-500.woff2 as=font><link rel=preload crossorigin=anonymous href=/fonts/quicksand-v7-latin-700.woff2 as=font><link rel=preload crossorigin=anonymous href=/fonts/open-sans-v15-latin-regular.woff2 as=font><link rel=preload crossorigin=anonymous href=/fonts/open-sans-v15-latin-700.woff2 as=font><link rel=preload crossorigin=anonymous href=/fonts/quicksand-v7-latin-regular.woff2 as=font><link href=/fonts/fonts.css rel=stylesheet><link href=/css/app.e7a7eff9.css rel=preload as=style><link href=/css/chunk-vendors.a3fbd5f1.css rel=preload as=style><link href=/js/app.74ce1334.js rel=preload as=script><link href=/js/chunk-vendors.16d0f9fa.js rel=preload as=script><link href=/css/chunk-vendors.a3fbd5f1.css rel=stylesheet><link href=/css/app.e7a7eff9.css rel=stylesheet><link rel=icon type=image/png sizes=32x32 href=/images/icons/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/images/icons/favicon-16x16.png><link rel=manifest href=/manifest.json><meta name=theme-color content=#5974d9><meta name=apple-mobile-web-app-capable content=yes><meta name=apple-mobile-web-app-status-bar-style content=default><meta name=apple-mobile-web-app-title content=Vikunja><link rel=apple-touch-icon href=/images/icons/apple-touch-icon-152x152.png><link rel=mask-icon href=/images/icons/safari-pinned-tab.svg color=#5974d9><meta name=msapplication-TileImage content=/images/icons/msapplication-icon-144x144.png><meta name=msapplication-TileColor content=#000000></head><body><noscript><strong>We're sorry but Vikunja doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id=app></div><script>// > // This variable points the frontend to the api. > // It has to be the full url, including the last /api/v1 part and port. > // You can change this if your api is not reachable on the same port as the frontend. > window.API_URL = 'http://vikunja.EXAMPLE.com:3456/api/v1' > //</script><script src=/js/chunk-vendors.16d0f9fa.js></script><script src=/js/app.74ce1334.js></script></body></html> I can also see the backend api just fine. curl -s http://vikunja.EXAMPLE.com:3456/api/v1/info {"version":"0.12+73-f30e405229","frontend_url":"https://vikunja.EXAMPLE.com","motd":"","link_sharing_enabled":true,"max_file_size":"20MB","registration_enabled":true,"available_migrators":null,"task_attachments_enabled":true} You have some recent commits, so I grabbed the master.zip files and volume mounted them as /usr/share/nginx/html. Still no dice. I have enabled some debug logging, and I can see logs from me hitting the frontend, but nothing shows in the api's logs as far as connections go. My curl commands against the api do show up in the logs. Finally, I exec'd a shell onto the frontend container, and attempted to curl again against the api, which completed successfully, showing that the container can reach the api and the url for the api is working. What I get is a login page, no credentials work, or even seem to process (nothing on the api backend). I can click reset, and still no dice. I've tried running the frontend files on just a local nginx proxy and still nothing. Any suggestions?
konrad commented 2020-05-11 09:24:49 +00:00
Owner
Copy Link

The docker container always has the latest release version, no need to mount the files.

Did you set the api url in the frontend?

The docker container always has the latest release version, no need to mount the files. Did you [set the api url in the frontend](https://vikunja.io/docs/install-frontend/#api-url-configuration-in-docker)?
adrinux commented 2020-05-11 14:02:52 +00:00
Copy Link

@OldManNiko I had similar issues, but got it working eventually. Without comparing config I think the main difference is that I'm not attempting to redirect 80 to 443 anymore. Both API and Frontend are only available over https.

@OldManNiko I had similar issues, but got it working eventually. Without comparing config I think the main difference is that I'm not attempting to redirect 80 to 443 anymore. Both API and Frontend are only available over https.
konrad commented 2020-05-11 14:56:35 +00:00
Owner
Copy Link

Finally, I exec’d a shell onto the frontend container, and attempted to curl again against the api, which completed successfully, showing that the container can reach the api and the url for the api is working.

Maybe that's the issue: The browser does the connection to the api, not the frontend api container. The frontend is run completely in the browser. Therefore the browser needs to be able to access the api.

> Finally, I exec’d a shell onto the frontend container, and attempted to curl again against the api, which completed successfully, showing that the container can reach the api and the url for the api is working. Maybe that's the issue: The browser does the connection to the api, not the frontend api container. The frontend is run completely in the browser. Therefore the browser needs to be able to access the api.
OldManNiko commented 2020-05-11 16:39:36 +00:00
Author
Copy Link

@konrad Yes, I did try setting the enviroment variable in the docker service itself:

enviroment:
VIKUNJA_API_URL: http://vikunja.EXAMPLE.com:3456/api/v1

When that failed to produce the expected results I then started moving the config files into volume mounts and editing them locally. I tried modifying the nginx.conf on the frontend, statically set the URL in the index.html all to no avail.

Thinking the issue might be traefik related (at least the networks associated with the proxy). I moved the containers to a bridge of the host. Still no dice, even though I could curl the url's (frontend and 3456:/api/v1) from each of the containers.

I then took @adrinux 's advice and placed the frontend on http with no https redirect. Once I did this, I am able to start the app, add a user and begin to use it.

I have a pretty monolithic docker-compose I use to get my homelab orechstrated. I am happy to share the relevant parts if you like. It looks like a bit of work with the reverse proxy and the frontend needs to be done to get this going on my configuration of Traefik 2. I am happy to help with any tests, or solutions you want to run by me.

@konrad Yes, I did try setting the enviroment variable in the docker service itself: <snip> enviroment: VIKUNJA_API_URL: http://vikunja.EXAMPLE.com:3456/api/v1 </snip> When that failed to produce the expected results I then started moving the config files into volume mounts and editing them locally. I tried modifying the nginx.conf on the frontend, statically set the URL in the index.html all to no avail. Thinking the issue might be traefik related (at least the networks associated with the proxy). I moved the containers to a bridge of the host. Still no dice, even though I could curl the url's (frontend and 3456:/api/v1) from each of the containers. I then took @adrinux 's advice and placed the frontend on http with no https redirect. Once I did this, I am able to start the app, add a user and begin to use it. I have a pretty monolithic docker-compose I use to get my homelab orechstrated. I am happy to share the relevant parts if you like. It looks like a bit of work with the reverse proxy and the frontend needs to be done to get this going on my configuration of Traefik 2. I am happy to help with any tests, or solutions you want to run by me.
konrad commented 2020-05-11 16:51:22 +00:00
Owner
Copy Link

I might be an idea to make the api available on the same host as the frontend under the /api/v1 sub path. That way, the frontend does not need any configuration.

Can you show the relevant part of the docker-compose.yml?

(I know the config examples in the docs are only traefik 1, I plan on updating that soon)

I might be an idea to make the api available on the same host as the frontend under the `/api/v1` sub path. That way, the frontend does not need any configuration. Can you show the relevant part of the `docker-compose.yml`? (I know the config examples in the docs are only traefik 1, I plan on updating that soon)
OldManNiko commented 2020-05-11 17:36:51 +00:00
Author
Copy Link
version: "3.7"

########################### NETWORKS

networks:
  traefik_proxy:
    external:
      name: traefik_proxy
  default:
    driver: bridge

########################### SERVICES
services:
Traefik 2 - Reverse Proxy
traefik:
container_name: traefik
image: traefik:chevrotin # the chevrotin tag refers to v2.2.x
restart: unless-stopped
command: # CLI arguments
--global.checkNewVersion=true
--global.sendAnonymousUsage=false
--entryPoints.http.address=:80
--entryPoints.https.address=:443
Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
--entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
--entryPoints.traefik.address=:8080
--api=true
      - --log=true
      - --log.level=WARN # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=traefik_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
#      - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
      - --providers.file.watch=true # Only works on top level files in the rules folder
      #- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
      - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge=true
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      #- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
    networks:
      - traefik_proxy
    security_opt:
      - no-new-privileges:true
    ports:            #https://www.reddit.com/r/docker/comments/c1wrep/traefik_reverse_proxy_question_docker_overlay/
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
    volumes:
      - $USERDIR/docker/traefik2/rules:/rules # file provider directory
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $USERDIR/docker/traefik2/acme/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600
      - $USERDIR/docker/traefik2/traefik.log:/traefik.log # for fail2ban - make sure to touch file before starting container
      - $USERDIR/docker/shared:/shared
    environment:
      - CF_API_EMAIL=$CLOUDFLARE_EMAIL
      - CF_API_KEY=$CLOUDFLARE_API_KEY
    labels:
      - "traefik.enable=true"
      # HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
      - "traefik.http.routers.traefik-rtr.tls=true"
      - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare"
      - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
      - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
############################# DATABASES

# MariaDB - MySQL Database
  mariadb:
    container_name: mariadb
    image: linuxserver/mariadb:latest
    restart: always
    networks:
      - traefik_proxy
    security_opt:
      - no-new-privileges:true
    ports:
      - "3306:3306"
    volumes:
      - $USERDIR/docker/mariadb/data:/config
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
      - TZ=$TZ
  vikunja-api:
    image: vikunja/api:latest
    container_name: vikunja-api
    restart: unless-stopped
    networks:
      - traefik_proxy
      - default
    security_opt:
      - no-new-privileges:true
    volumes:
     #- $USERDIR/docker/vikunja:/etc/vikunja
      - $USERDIR/docker/vikunja/logs:/logs
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
    ports:
      - "3456:3456"
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      # Specify only http or comment out to use all entrypoints.
      - "traefik.http.routers.vikunja-api-rtr.entrypoints=http"
      - "traefik.http.routers.vikunja-api-rtr.rule=Host(`vikunja.$DOMAINNAME`) && PathPrefix(`/api/v1`)"
      #- "traefik.http.middlewares.vikunja-api-middleware.redirectscheme.scheme=http"
      - "traefik.http.middlewares.vikunja-api-middleware.redirectscheme.port=3456"
      - "traefik.http.routers.vikunja-api-rtr.middlewares=vikunja-api-middleware@docker"
      ## HTTP Services
      #- "traefik.http.routers.vikunja-api-rtr.service=vikunja-api-svc"
      #  Uncomment to have Traefik proxy 3456 (note remove network default prior)
      #- "traefik.http.services.vikunja-api-svc.loadbalancer.server.port=3456"

  vikunja:
    image: vikunja/frontend
    container_name: vikunja
    restart: unless-stopped
    networks:
      - default
      - traefik_proxy
    security_opt:
      - no-new-privileges:true
    environment:
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
      - VIKUNJA_API_URL=http://vikunja.$DOMAINNAME.com:3456/api/v1
      #volumes:
      #- $USERDIR/docker/vikunja/frontend:/usr/share/nginx/html
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.vikunja-rtr.entrypoints=http"
      - "traefik.http.routers.vikunja-rtr.rule=Host(`vikunja.$DOMAINNAME`)"
        #- "traefik.http.routers.vikunja-rtr.tls=true"
      - "traefik.http.routers.vikunja-rtr.service=vikunja-svc"
      - "traefik.http.services.vikunja-svc.loadbalancer.server.port=80"
``` version: "3.7" ########################### NETWORKS networks: traefik_proxy: external: name: traefik_proxy default: driver: bridge ########################### SERVICES services: Traefik 2 - Reverse Proxy traefik: container_name: traefik image: traefik:chevrotin # the chevrotin tag refers to v2.2.x restart: unless-stopped command: # CLI arguments --global.checkNewVersion=true --global.sendAnonymousUsage=false --entryPoints.http.address=:80 --entryPoints.https.address=:443 Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/ --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22 --entryPoints.traefik.address=:8080 --api=true - --log=true - --log.level=WARN # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC - --accessLog=true - --accessLog.filePath=/traefik.log - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines - --accessLog.filters.statusCodes=400-499 - --providers.docker=true - --providers.docker.endpoint=unix:///var/run/docker.sock - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`) - --providers.docker.exposedByDefault=false - --providers.docker.network=traefik_proxy - --providers.docker.swarmMode=false - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory. # - --providers.file.filename=/path/to/file # Load dynamic configuration from a file. - --providers.file.watch=true # Only works on top level files in the rules folder #- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge=true - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare #- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate networks: - traefik_proxy security_opt: - no-new-privileges:true ports: #https://www.reddit.com/r/docker/comments/c1wrep/traefik_reverse_proxy_question_docker_overlay/ - target: 80 published: 80 protocol: tcp mode: host - target: 443 published: 443 protocol: tcp mode: host - target: 8080 published: 8080 protocol: tcp mode: host volumes: - $USERDIR/docker/traefik2/rules:/rules # file provider directory - /var/run/docker.sock:/var/run/docker.sock:ro - $USERDIR/docker/traefik2/acme/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600 - $USERDIR/docker/traefik2/traefik.log:/traefik.log # for fail2ban - make sure to touch file before starting container - $USERDIR/docker/shared:/shared environment: - CF_API_EMAIL=$CLOUDFLARE_EMAIL - CF_API_KEY=$CLOUDFLARE_API_KEY labels: - "traefik.enable=true" # HTTP-to-HTTPS Redirect - "traefik.http.routers.http-catchall.entrypoints=http" - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" # HTTP Routers - "traefik.http.routers.traefik-rtr.entrypoints=https" - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)" - "traefik.http.routers.traefik-rtr.tls=true" - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME" - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME" ## Services - API - "traefik.http.routers.traefik-rtr.service=api@internal" ############################# DATABASES # MariaDB - MySQL Database mariadb: container_name: mariadb image: linuxserver/mariadb:latest restart: always networks: - traefik_proxy security_opt: - no-new-privileges:true ports: - "3306:3306" volumes: - $USERDIR/docker/mariadb/data:/config - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: - PUID=$PUID - PGID=$PGID - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD - TZ=$TZ vikunja-api: image: vikunja/api:latest container_name: vikunja-api restart: unless-stopped networks: - traefik_proxy - default security_opt: - no-new-privileges:true volumes: #- $USERDIR/docker/vikunja:/etc/vikunja - $USERDIR/docker/vikunja/logs:/logs environment: - PUID=$PUID - PGID=$PGID - TZ=$TZ ports: - "3456:3456" labels: - "traefik.enable=true" ## HTTP Routers # Specify only http or comment out to use all entrypoints. - "traefik.http.routers.vikunja-api-rtr.entrypoints=http" - "traefik.http.routers.vikunja-api-rtr.rule=Host(`vikunja.$DOMAINNAME`) && PathPrefix(`/api/v1`)" #- "traefik.http.middlewares.vikunja-api-middleware.redirectscheme.scheme=http" - "traefik.http.middlewares.vikunja-api-middleware.redirectscheme.port=3456" - "traefik.http.routers.vikunja-api-rtr.middlewares=vikunja-api-middleware@docker" ## HTTP Services #- "traefik.http.routers.vikunja-api-rtr.service=vikunja-api-svc" # Uncomment to have Traefik proxy 3456 (note remove network default prior) #- "traefik.http.services.vikunja-api-svc.loadbalancer.server.port=3456" vikunja: image: vikunja/frontend container_name: vikunja restart: unless-stopped networks: - default - traefik_proxy security_opt: - no-new-privileges:true environment: environment: - PUID=$PUID - PGID=$PGID - TZ=$TZ - VIKUNJA_API_URL=http://vikunja.$DOMAINNAME.com:3456/api/v1 #volumes: #- $USERDIR/docker/vikunja/frontend:/usr/share/nginx/html labels: - "traefik.enable=true" ## HTTP Routers - "traefik.http.routers.vikunja-rtr.entrypoints=http" - "traefik.http.routers.vikunja-rtr.rule=Host(`vikunja.$DOMAINNAME`)" #- "traefik.http.routers.vikunja-rtr.tls=true" - "traefik.http.routers.vikunja-rtr.service=vikunja-svc" - "traefik.http.services.vikunja-svc.loadbalancer.server.port=80" ```
konrad commented 2020-05-11 19:10:11 +00:00
Owner
Copy Link

You should only need to provide the entrypoints and rule parameters.
Traefik should recognize Vikunja's port and proxy requests to /api/v1 to it automatically. IIRC you should not need anything else.

The ports option you configured is actually counterproductive: That will make the api container available on port 3456 on the host while completely bypassing traefik.

You should only need to provide the `entrypoints` and `rule` parameters. Traefik should recognize Vikunja's port and proxy requests to `/api/v1` to it automatically. IIRC you should not need anything else. The `ports` option you configured is actually counterproductive: That will make the api container available on port `3456` on the host while completely bypassing traefik.
adrinux commented 2020-05-11 20:05:10 +00:00
Copy Link

Here's my setup for comparison - this gets included into my docker-compose file by Ansible so there are some jinja2 vars in there but you should be able to translate it.

(EDIT: I generate wildcard Letsencrypt certs on the host and include them via my traefik dynamic conf so all that's needed here is the enable tls label)

vikunja-backend:
    container_name: 'vikunja-backend'
    image: vikunja/api
    environment:
      VIKUNJA_DATABASE_HOST: 'vikunja-db'
      VIKUNJA_DATABASE_PASSWORD: "{{ vikunja_db_password }}"
      VIKUNJA_DATABASE_TYPE: 'mysql'
      VIKUNJA_DATABASE_USER: 'vikunja'
      VIKUNJA_DATABASE_DATABASE: 'vikunja'
      VIKUNJA_REDIS_ENABLED: 1
      VIKUNJA_REDIS_HOST: 'vikunja-redis:6379'
      VIKUNJA_CACHE_ENABLED: 1
      VIKUNJA_CACHE_TYPE: redis
      VIKUNJA_SERVICE_FRONTENDURL: "https://vikunja.{{ traefik_domain }}"
      VIKUNJA_SERVICE_ENABLEREGISTRATION: 0
      VIKUNJA_MIGRATION_WUNDERLIST_ENABLE: 0
      VIKUNJA_MAILER_ENABLED: 1
      VIKUNJA_MAILER_HOST: "{{ fqdn }}"
      VIKUNJA_MAILER_PORT: 587
      VIKUNJA_MAILER_USERNAME: 'vikunja'
      VIKUNJA_MAILER_PASSWORD: "{{ vikunja_email_password }}"
      VIKUNJA_MAILER_FROMEMAIL: "vikunja@{{ fqdn }}"
      VIKUNJA_MAILER_SKIPTLSVERIFY: 'true'
      PUID: "{{ docker_user_uid }}"
      PGID: "{{ docker_user_gid }}"
    volumes:
      - source: "{{ docker_data_dir }}/vikunja-backend"
        target: '/app/vikunja/files'
        type: 'bind'
    depends_on:
      - vikunja-db
      - vikunja-redis
    restart: "{{ restart_policy }}"
    labels:
      traefik.enable: 'true'
      traefik.http.routers.vikunja-backend.rule: "Host(`vikunja.{{ traefik_domain }}`) && PathPrefix(`/api/v1`)"
      traefik.http.routers.vikunja-backend.tls: 'true'
    networks:
      - 'default'
      - 'frontend'

  vikunja-frontend:
    container_name: 'vikunja-frontend'
    image: vikunja/frontend
    environment:
      PUID: "{{ docker_user_uid }}"
      PGID: "{{ docker_user_gid }}"
    labels:
      traefik.enable: 'true'
      traefik.http.routers.vikunja-frontend.rule: "Host(`vikunja.{{ traefik_domain }}`) && PathPrefix(`/`)"
      traefik.http.routers.vikunja-frontend.tls: 'true'
    depends_on:
      - vikunja-backend
    networks:
      - 'default'
      - 'frontend'
    restart: "{{ restart_policy }}"

  vikunja-db:
    container_name: 'vikunja-db'
    image: linuxserver/mariadb
    environment:
      MYSQL_ROOT_PASSWORD: "{{ mariadb_root_password }}"
      MYSQL_USER: 'vikunja'
      MYSQL_PASSWORD: "{{ vikunja_db_password }}"
      MYSQL_DATABASE: 'vikunja'
      TZ: 'Europe/London'
      PUID: "{{ docker_user_uid }}"
      PGID: "{{ docker_user_gid }}"
    volumes:
      - source: "{{ docker_data_dir }}/vikunja-mariadb"
        target: '/config'
        type: 'bind'
    restart: "{{ restart_policy }}"
    networks:
      - 'default'

  vikunja-redis:
    container_name: 'vikunja-redis'
    image: redis
    environment:
      PUID: "{{ docker_user_uid }}"
      PGID: "{{ docker_user_gid }}"
    networks:
      - 'default'
    restart: "{{ restart_policy }}"
Here's my setup for comparison - this gets included into my docker-compose file by **Ansible** so there are some **jinja2** vars in there but you should be able to translate it. (EDIT: I generate wildcard Letsencrypt certs on the host and include them via my traefik dynamic conf so all that's needed here is the enable tls label) ```yaml vikunja-backend: container_name: 'vikunja-backend' image: vikunja/api environment: VIKUNJA_DATABASE_HOST: 'vikunja-db' VIKUNJA_DATABASE_PASSWORD: "{{ vikunja_db_password }}" VIKUNJA_DATABASE_TYPE: 'mysql' VIKUNJA_DATABASE_USER: 'vikunja' VIKUNJA_DATABASE_DATABASE: 'vikunja' VIKUNJA_REDIS_ENABLED: 1 VIKUNJA_REDIS_HOST: 'vikunja-redis:6379' VIKUNJA_CACHE_ENABLED: 1 VIKUNJA_CACHE_TYPE: redis VIKUNJA_SERVICE_FRONTENDURL: "https://vikunja.{{ traefik_domain }}" VIKUNJA_SERVICE_ENABLEREGISTRATION: 0 VIKUNJA_MIGRATION_WUNDERLIST_ENABLE: 0 VIKUNJA_MAILER_ENABLED: 1 VIKUNJA_MAILER_HOST: "{{ fqdn }}" VIKUNJA_MAILER_PORT: 587 VIKUNJA_MAILER_USERNAME: 'vikunja' VIKUNJA_MAILER_PASSWORD: "{{ vikunja_email_password }}" VIKUNJA_MAILER_FROMEMAIL: "vikunja@{{ fqdn }}" VIKUNJA_MAILER_SKIPTLSVERIFY: 'true' PUID: "{{ docker_user_uid }}" PGID: "{{ docker_user_gid }}" volumes: - source: "{{ docker_data_dir }}/vikunja-backend" target: '/app/vikunja/files' type: 'bind' depends_on: - vikunja-db - vikunja-redis restart: "{{ restart_policy }}" labels: traefik.enable: 'true' traefik.http.routers.vikunja-backend.rule: "Host(`vikunja.{{ traefik_domain }}`) && PathPrefix(`/api/v1`)" traefik.http.routers.vikunja-backend.tls: 'true' networks: - 'default' - 'frontend' vikunja-frontend: container_name: 'vikunja-frontend' image: vikunja/frontend environment: PUID: "{{ docker_user_uid }}" PGID: "{{ docker_user_gid }}" labels: traefik.enable: 'true' traefik.http.routers.vikunja-frontend.rule: "Host(`vikunja.{{ traefik_domain }}`) && PathPrefix(`/`)" traefik.http.routers.vikunja-frontend.tls: 'true' depends_on: - vikunja-backend networks: - 'default' - 'frontend' restart: "{{ restart_policy }}" vikunja-db: container_name: 'vikunja-db' image: linuxserver/mariadb environment: MYSQL_ROOT_PASSWORD: "{{ mariadb_root_password }}" MYSQL_USER: 'vikunja' MYSQL_PASSWORD: "{{ vikunja_db_password }}" MYSQL_DATABASE: 'vikunja' TZ: 'Europe/London' PUID: "{{ docker_user_uid }}" PGID: "{{ docker_user_gid }}" volumes: - source: "{{ docker_data_dir }}/vikunja-mariadb" target: '/config' type: 'bind' restart: "{{ restart_policy }}" networks: - 'default' vikunja-redis: container_name: 'vikunja-redis' image: redis environment: PUID: "{{ docker_user_uid }}" PGID: "{{ docker_user_gid }}" networks: - 'default' restart: "{{ restart_policy }}" ```
konrad commented 2020-05-11 20:27:15 +00:00
Owner
Copy Link

Meanwhile, I've added an example config for traefik 2 to the docs.

Meanwhile, I've added [an example config for traefik 2](https://vikunja.io/docs/full-docker-example/#example-with-traefik-2) to the docs.
👍 2
OldManNiko commented 2020-05-11 23:03:41 +00:00
Author
Copy Link

Thanks so much! I am closing this ticket as it is now resolved. You have been a great help. Final config:

  vikunja-api:
    image: vikunja/api
    container_name: vikunja-api
    restart: unless-stopped
    networks:
      - traefik_proxy
    security_opt:
      - no-new-privileges:true
    environment:
      PUID: "$PUID"
      PGID: "$PGID"
      TZ: $TZ
      VIKUNJA_DATABASE_HOST: mariadb
      VIKUNJA_DATABASE_PASSWORD: SUPERSECRETPASSWORD
      VIKUNJA_DATABASE_TYPE: "mysql"
      VIKUNJA_DATABASE_DATABASE: "vikunja"
      VIKUNJA_DATABASE_USER: "vikunja"
      VIKUNJA_SERVICE_FRONTEND_URL: "https://vikunja.$DOMAINNAME"
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.vikunja-api-rtr.entrypoints=https"
      - "traefik.http.routers.vikunja-api-rtr.rule=Host(`vikunja.$DOMAINNAME`) && PathPrefix(`/api/v1`)"
      - "traefik.http.routers.vikunja-api-rtr.tls=true"

  vikunja:
    image: vikunja/frontend
    container_name: vikunja
    restart: unless-stopped
    networks:
      - traefik_proxy
    security_opt:
      - no-new-privileges:true
    environment:
      PUID: $PUID
      PGID: $PGID
      TZ: $TZ
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.vikunja-rtr.entrypoints=https"
      - "traefik.http.routers.vikunja-rtr.rule=Host(`vikunja.$DOMAINNAME`)"
      - "traefik.http.routers.vikunja-rtr.tls=true"
Thanks so much! I am closing this ticket as it is now resolved. You have been a great help. Final config: ``` vikunja-api: image: vikunja/api container_name: vikunja-api restart: unless-stopped networks: - traefik_proxy security_opt: - no-new-privileges:true environment: PUID: "$PUID" PGID: "$PGID" TZ: $TZ VIKUNJA_DATABASE_HOST: mariadb VIKUNJA_DATABASE_PASSWORD: SUPERSECRETPASSWORD VIKUNJA_DATABASE_TYPE: "mysql" VIKUNJA_DATABASE_DATABASE: "vikunja" VIKUNJA_DATABASE_USER: "vikunja" VIKUNJA_SERVICE_FRONTEND_URL: "https://vikunja.$DOMAINNAME" labels: - "traefik.enable=true" ## HTTP Routers - "traefik.http.routers.vikunja-api-rtr.entrypoints=https" - "traefik.http.routers.vikunja-api-rtr.rule=Host(`vikunja.$DOMAINNAME`) && PathPrefix(`/api/v1`)" - "traefik.http.routers.vikunja-api-rtr.tls=true" vikunja: image: vikunja/frontend container_name: vikunja restart: unless-stopped networks: - traefik_proxy security_opt: - no-new-privileges:true environment: PUID: $PUID PGID: $PGID TZ: $TZ labels: - "traefik.enable=true" ## HTTP Routers - "traefik.http.routers.vikunja-rtr.entrypoints=https" - "traefik.http.routers.vikunja-rtr.rule=Host(`vikunja.$DOMAINNAME`)" - "traefik.http.routers.vikunja-rtr.tls=true" ```
konrad commented 2020-05-12 06:54:43 +00:00
Owner
Copy Link

Glad I could help.

Glad I could help.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
renovate/pnpm-9.x
renovate/vue-monorepo
renovate/lowlight-3.x
renovate/golang.org-x-sync-0.x
renovate/major-dev-dependencies
renovate/github.com-asaskevich-govalidator-11.x
renovate/github.com-wneessen-go-mail-0.x
renovate/golangci-golangci-lint-1.x
feature/better-filter-syntax
fix/tiptap-task-list
renovate/flexsearch-0.x
feature/zod-schema
renovate/github.com-typesense-typesense-go-1.x
renovate/github.com-golang-jwt-jwt-v4-5.x
automatic-year-range-for-go-header-template
feature/hide-forbidden-related-tasks
renovate/golang-1.x
release/0.20
release/0.17
release/0.16
release/0.15
release/0.14
release/0.13
v0.23.0
v0.22.1
v0.22.0
v0.21.0
v0.20.4
v0.20.3
v0.20.2
v0.20.1
v0.20.0
v0.19.2
v0.19.1
v0.19.0
v0.18.1
v0.18.0
v0.17.1
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.1
v0.13
v0.12
v0.11
v0.10
v0.9
v0.8
v0.7
v0.6
v0.5
v0.4
v0.3
v0.2
v0.1
Labels
Clear labels   
dependencies

   
duplicate

This issue or pull request already exists

  
help wanted

Need some help

  
invalid

Something is wrong

  
kind/bug

Something is not working

  
kind/feature

New feature

  
needs reproduction

   
question

More information is needed

  
security

   
wontfix

This won't be fixed

No Label
dependencies
duplicate
help wanted
invalid
kind/bug
kind/feature
needs reproduction
question
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/vikunja#1723
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?