In traefik 2.6 it is possible to choose which HTTP headers are logged. Is it also possible to log a specific cookie value as with Apache and NGINX?
I'm trying to setup traefik v2 on a development server we have.
The setup:
Docker serving dozens of nginx containers acting as a frontend for different projects. Every nginx container has a unique domain linked to it. Nginx is running on port 80. Every project has a separate docker-compose (traefik also has a separate docker-compose).
What I'm trying to accomplish:
Proxy all of the containers to traefik and add new ones on the go (new services are stopped/started all the time). Make traefik automatically redirect to HTTPS and contact the appropriate nginx container based on the hostname in order to serve the website.
Question: Is this even possible to do? I've been trying to figure it out for the past day or so but I can't get everything to work. Either the redirect doesn't work or if it does it returns 404.
Managed to find a guide that covers this:
https://chriswiegman.com/2019/10/serving-your-docker-apps-with-https-and-traefik-2/
To extend what the guide pointed to, the magic sauce is in LABELS. It can be broken down to this:
# Setup HTTP
# tells traefik that cany HTTP connection needs to be re-directed to HTTPS
- "traefik.http.middlewares.mysite-https.redirectscheme.scheme=https"
# 'web' (or any name) can be defined my traefik entrypoints. Web is port 80.
- "traefik.http.routers.mysite-http.entrypoints=web"
# tells to route incoming connections to 'mysitesdomain.com' to this service
- "traefik.http.routers.mysite-http.rule=Host(`mysitesdomain.com`)"
# Maps the above 'middleware' called 'mysite-https'
- "traefik.http.routers.mysite-http.middlewares=mysite-https#docker"
# Setup HTTPS
- "traefik.http.routers.mysite.entrypoints=web-secure"
- "traefik.http.routers.mysite.rule=Host(`mysitesdomain.com`)"
- "traefik.http.routers.mysite.tls=true"
- "traefik.http.routers.mysite.tls.certresolver=default"
What seems to be missing the loadbalancer definition.
- "traefik.http.services.replica_service.loadbalancer.server.port=80" # "80" is the container's incoming port.
I'm trying to host mailcatcher in docker swarm and serve it with Traefik. I'm running mailcatcher as a service which unfortunately hosts itself on the / root context path like localhost:10980/. I have a frontend rule /mailcatcher with PathPrefixStrip so the initial load works but then the app tries to reach host.com/assets which obviously doesn't exists. Does traefik has any solution like the sub_filter option in nginx to route these requests or do I have to add these as a frontend rule to be able to host it?
Thanks in advance
I know how to setup https for, say, clojure web app with nginx. How to do that for Phoenix?
In the prod.exs I have this:
config :my_app, MyApp.Endpoint,
url: [host: "my_website.com", port: 443],
http: [port: 4000],
# https: [port: 443,
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")],
cache_static_manifest: "priv/static/manifest.json"
I have this:
ssl_certificate: /etc/letsencrypt/live/my_app.com/fullchain.pem;
ssl_certificate_key: /etc/letsencrypt/live/my_app.com/privkey.pem;
I want to use nginx with Phoenix as well.
1) Should I remove "http: [port: 4000]," compeletely from "prod.exs"?
2) Should I instead uncomment "https: [port: 443,...." ? Or should I have them both? I don't want to website to be accessible at http or I'd let nginx take care of it by redirecting a user from http to https.
3) Or should I remove https and http and let nginx handle that?
4) How about the key "url" and its "port"?
If you are using Nginx to terminate the SSL part of the connection, then you leave the app server configured for HTTP and any port you like (4000 is fine as long as you configure Nginx to forward to it). If your server is configured correctly, it will not answer HTTP port 4000 requests, thus the SSL cannot be bypassed.
The SSL configuration you are referring to at the app server level configures the app server to terminate the SSL connection (no Nginx necessary). Phoenix apps are all "full featured" web servers thanks to cowboy. Thus, they can handle the SSL termination as well as serving the application's dynamic and static assets.
The URL configuration is so your application knows its domain and can generate full urls as well as paths.
If you're set on using nginx in front of your Phoenix app then use nginx to terminate the ssl connection (your option 3). You still need to configure http in Phoenix though since nginx will proxy to your app using http. Therefore:
config :my_app, MyApp.Endpoint,
url: [host: "my_website.com", port: 4000],
http: [port: 4000]
Which assumes you will configure nginx to proxy to your app on port 4000. You will also want to adjust the host config key to be the base url of your site since any URL's you generate will use this base name (as Jason mentioned).
I setup the squid with "HTTPS/SSL Interception" in pfsense and install the ca for all clients. Now it can log all the https request to access.log file. But it can only log the URLs of https requests, i wanna get to know if it can log the web content of request and response? Thanks.
You can refer squid log format directive. It controls the log format and if something which you want is not available there, you can apply patch
http://www.squid-cache.org/Doc/config/logformat/