Docker: 20.10.22
Docker Compose: 2.15.1
mariadb: 10.10
Passbolt: 3.10.0-1-ce
traefik: 2.9
I have the firewall rules and public DNS entries configured properly, so I can hit the website by FQDN (internal/external).
If I remove the traefik module from the docker-compose-ce.yaml (and move the port config to the passbolt container settings) everything works fine. (Of course then I get SSL certificate errors).
Pretty much using the instructions from the docker templates from passbolt. Also followed a well done youtube video by Christian Lempa
When I run
docker-compose -f docker-compose-ce.yaml up
it seems to launch fine - I don’t see any errors. All 3 containers launch. The last entry by traefik is as follows:
time="2023-02-21T17:44:53Z" level=info msg="Testing certificate renew..." providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
But when I browse to it the browser returns:
This page isnt working
pb.mydomain.com redirected you too many times
Try cleaning your cookies
ERR_TOO_MANY_REDIRECTS
docker-compose-ce.yaml:
version: '3.9'
services:
db:
image: mariadb:10.10
restart: unless-stopped
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=true
- MYSQL_DATABASE=passbolt
- MYSQL_USER=passbolt
- MYSQL_PASSWORD=P4ssb0lt
volumes:
- database_volume:/var/lib/mysql
passbolt:
image: passbolt/passbolt:3.10.0-1-ce
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
environment:
- APP_FULL_BASE_URL=https://pb.mydomain.com
- DATASOURCES_DEFAULT_HOST=db
- DATASOURCES_DEFAULT_USERNAME=passbolt
- DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt
- DATASOURCES_DEFAULT_DATABASE=passbolt
- EMAIL_TRANSPORT_DEFAULT_HOST=smtp.office365.com
- EMAIL_TRANSPORT_DEFAULT_PORT=587
- EMAIL_TRANSPORT_DEFAULT_USERNAME=$EMAIL_TRANSPORT_DEFAULT_USERNAME
- EMAIL_TRANSPORT_DEFAULT_PASSWORD=$EMAIL_TRANSPORT_DEFAULT_PASSWORD
- EMAIL_TRANSPORT_DEFAULT_TLS=true
- EMAIL_DEFAULT_FROM_NAME=admin@mydomain.com
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command: ["/usr/bin/wait-for.sh", "-t", "15", "db:3306", "--", "/docker-entrypoint.sh"]
traefik:
image: traefik:2.9
container_name: "traefik"
restart: always
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/traefik.yaml:ro
- ./conf/:/etc/traefik/conf
- ./shared/:/shared
labels:
traefik.enable: "true"
traefik.http.routers.passbolt-http.entrypoints: "web"
traefik.http.routers.passbolt-http.rule: "Host(`pb.mydomain.com`)"
traefik.http.routers.passbolt-http.middlewares: "SslHeader@file"
traefik.http.routers.passbolt-https.middlewares: "SslHeader@file"
traefik.http.routers.passbolt-https.entrypoints: "websecure"
traefik.http.routers.passbolt-https.rule: "Host(`pb.mydomain.com`)"
traefik.http.routers.passbolt-https.tls: "true"
traefik.http.routers.passbolt-https.tls.certresolver: "letsencrypt"
volumes:
database_volume:
gpg_volume:
jwt_volume:
traefik.yaml:
global:
sendAnonymousUsage: false
log:
level: INFO
format: common
providers:
docker:
endpoint: 'unix:///var/run/docker.sock'
watch: true
exposedByDefault: false
swarmMode: false
file:
directory: /etc/traefik/conf/
watch: true
api:
dashboard: false
debug: false
insecure: false
entryPoints:
web:
address: ':80'
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ':443'
certificatesResolvers:
letsencrypt:
acme:
email: 'admin@mydomain.com'
storage: /shared/acme.json
caServer: 'https://acme-v02.api.letsencrypt.org/directory'
keyType: EC256
httpChallenge:
entryPoint: web
tlsChallenge: {}
tls.yaml and headers.yaml are unchanged from the passbolt template versions