Solved: Discourse behind Traefik

I know this has been discussed before, but most of the older discussions regarded older versions of both discourse and traefik - so I’m standing here and need help :smiley:

What works?
Discourse was reachable from the outside and working fine until I commented out every exposed port.

Traefik is reachable from the outside as well.

What does not?
Trying to reach Discourse gives me a bad gateway error, but while trying different stuff I read I also got a 404.

My traefik setup:

cat docker-compose.yml
version: '3'
services:
  traefik:
    image: traefik:latest
#    network_mode: "host"
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/dynamic_conf.yml:/dynamic_conf.yml
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`mydyndns-url`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=redacted:***"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`mydyndns-url`)"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "providers.file.filename=/dynamic_conf.yml"
      - "traefik.http.routers.traefik-secure.middlewares=secHeaders@file,traefik-auth"
networks:
  proxy:
    external: true

I use

docker network create proxy
docker-compose -f /opt/containers/traefik/docker-compose.yml up -

to start stuff. I used data/traefik.yml from here and data/dynamic_conf.yml from the same guy

That works.

Inside my discourse (/var/discourse/containers/app.yml) I have this:

## this is the all-in-one, standalone Discourse Docker container template
##
## After making changes to this file, you MUST rebuild
## /var/discourse/launcher rebuild app
##
## BE *VERY* CAREFUL WHEN EDITING!
## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
## visit http://www.yamllint.com/ to validate this file as needed

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
#  - "templates/web.ssl.template.yml"
#  - "templates/web.letsencrypt.ssl.template.yml"

## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
#  - "7890:80"   # http
#  - "7891:443" # https

labels:
  app_name: discourse
  traefik.enable: true
  traefik.http.routers.discourse.entrypoints: http
  traefik.http.routers.discourse.rule: Host(`***`)      ## Hier eure Domain eintragen
  traefik.http.middlewares.discourse-https-redirect.redirectscheme.scheme: https
  traefik.http.routers.discourse.middlewares: discourse-https-redirect
  traefik.http.routers.discourse-secure.entrypoints: https
  traefik.http.routers.discourse-secure.rule: Host(`***`)      ## Hier eure Domain eintragen
  traefik.http.routers.discourse-secure.tls: true
  traefik.http.routers.discourse-secure.tls.certresolver: http
  traefik.http.routers.discourse-secure.service: discourse
  traefik.http.services.discourse.loadbalancer.server.port: 3000
  traefik.docker.network: proxy

docker_args:
  - "--network=proxy"

networks:
  - proxy
#  - default

params:
  db_default_text_search_config: "pg_catalog.english"

  ## Set db_shared_buffers to a max of 25% of the total memory.
  ## will be set automatically by bootstrap based on detected RAM, or you can override
  #db_shared_buffers: "256MB"

  ## can improve sorting performance, but adds memory usage per-connection
  #db_work_mem: "40MB"

  ## Which Git revision should this container use? (default: tests-passed)
  #version: tests-passed

env:
  LC_ALL: de_DE.UTF-8
  LANG: de_DE.UTF-8
  LANGUAGE: dn_DE.UTF-8
  EMBER_CLI_PROD_ASSETS: 1
  # DISCOURSE_DEFAULT_LOCALE: en

  ## How many concurrent web requests are supported? Depends on memory and CPU cores.
  ## will be set automatically by bootstrap based on detected CPUs, or you can override
  #UNICORN_WORKERS: 3

  ## TODO: The domain name this Discourse instance will respond to
  ## Required. Discourse will not work with a bare IP number.
  DISCOURSE_HOSTNAME: ***

  ## Uncomment if you want the container to be started with the same
  ## hostname (-h option) as specified above (default "$hostname-$config")
  #DOCKER_USE_HOSTNAME: true

  ## TODO: List of comma delimited emails that will be made admin and developer
  ## on initial signup example 'user1@example.com,user2@example.com'

///leaving email config out for privacy reasons - that worked when directly exposed

  ## The http or https CDN address for this Discourse instance (configured to pull)
  ## see https://meta.discourse.org/t/14857 for details
  #DISCOURSE_CDN_URL: https://discourse-cdn.example.com

  ## The maxmind geolocation IP address key for IP address lookup
  ## see https://meta.discourse.org/t/-/137387/23 for details
  DISCOURSE_MAXMIND_LICENSE_KEY: ***

## The Docker container is stateless; all data is stored in /shared
volumes:
  - volume:
      host: /var/discourse/shared/standalone
      guest: /shared
  - volume:
      host: /var/discourse/shared/standalone/log/var-log
      guest: /var/log

## Plugins go here
## see https://meta.discourse.org/t/19157 for details
hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - git clone https://github.com/discourse/docker_manager.git

## Any custom commands to run after building
run:
  - exec: echo "Beginning of custom commands"
  ## If you want to set the 'From' email address for your first registration, uncomment and change:
  ## After getting the first signup email, re-comment the line. It only needs to run once.
  #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
  - exec: echo "End of custom commands"

So… please!

What did I do wrong?

That suggests that your container is broken somehow, but that you have successfully configured traefik to connect to it, so you probably want to get back to that. Perhaps you didn’t wait long enough for the web server and rails to get started. I don’t see any obvious issues with the app.yml.

Thank you, @pfaffman!

I have waited a while (11 hours, and that computer isn’t THAT slow) - and that does not solve it.

I wonder if I managed to force discourse to connect to my network named “proxy”. Is there any way to check that?

docker ps tells me that discourse no longer uses ports, which is what I wanted. But I cant tell if discourse connects to anything.

./launcher enter app
wget www.google.de

shows me that discourse is connected to the internet. But I can’t reach it from the outside…

Try port 80, not 3000

1 Like

IT WORKS!!! Thank you VERY, VERY much. This was bothering me for a week now.

1 Like