[Apiman-user] Apiman behind reverse proxy - help!
Juan Rubén Marrero Vizcaíno
ruben at xanum.mx
Thu Mar 28 20:46:52 EDT 2019
Hi all!
I'm having trouble getting an Apiman docker instance up and running.
The setup is a docker-compose coordinated set of containers in a single VM,
running on the cloud.
$ docker ps
CONTAINER ID IMAGE COMMAND
CREATED STATUS
PORTS NAMES
59a1047d84bd apiman/on-wildfly11 "/opt/jboss/wildfly/…" 25
minutes ago Up 25 minutes
8080/tcp apiman
ca8bd1e3bb99 traefik "/traefik" About an
hour ago Up 25 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp,
0.0.0.0:8080->8080/tcp traefik
2a11b776409c nginx:alpine "nginx -g 'daemon of…" About an
hour ago Up 25 minutes
80/tcp nginx
21f8c3d3e14e portainer/portainer "/portainer" 2 hours
ago Up 25 minutes
9000/tcp portainer
Traefik proxies all connections and provides SSL termination. I'm using a
LetsEncrypt wildcard certificate; each service has a DNS subdomain.
- API-project.domain.tld -> apiman
- WEB-project.domain.tld -> nginx (static pages)
- PORTAINER-project.domain.tld -> portainer
- TRAEFIK-project.domain.tld -> traefik
All of this works. I can see on my browser each service including apimanui
The problem starts with the apiman login form. The form itself has a HTTP
and not HTTPS action endpoint.
if I login with the admin/admin123! credentials and hit enter, I'll POST to
the auth backend, receive a 302 REDIRECT, follow the redirect and then just
prints Forbidden to the screen. Refresh or back now fails with Bad request
to the screen. The only way to retry is clearing cookies and local storage.
I tried running the single line docker apiman incantation and it works on
my laptop, but not when mixed with other containers. Here is my
docker-compose file
-------------------
version: '2.4'
services:
portainer:
image: portainer/portainer
container_name: portainer
mem_limit: 1G
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /mnt/disks/SSD1/portainer:/data
networks:
- network1
labels:
- "traefik.enable=true"
- "traefik.backend=portainer"
- "traefik.frontend.rule=Host:portainer-project.domain.tld"
- "traefik.port=9000"
- "traefik.protocol=http"
apiman:
image: apiman/on-wildfly11
container_name: apiman
mem_limit: 3G
restart: always
#volumes:
# - /mnt/disks/SSD1/apiman:/opt/jboss/wildfly/standalone:rw
networks:
- network1
labels:
- "traefik.enable=true"
- "traefik.backend=apiman"
- "traefik.frontend.rule=Host:api-project.domain.tld"
- "traefik.port=8080"
- "traefik.protocol=http"
web:
image: nginx:alpine
container_name: nginx
mem_limit: 512M
restart: always
networks:
- network1
labels:
- "traefik.enable=true"
- "traefik.backend=web"
- "traefik.frontend.rule=Host:web-project.domain.tld"
- "traefik.port=80"
- "traefik.protocol=http"
reverse-proxy:
image: traefik # The official Traefik docker image
container_name: traefik
ports:
- "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api)
- "443:443" # The Web UI (enabled by --api)
networks:
- network1
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can
listen to the Docker events
- /mnt/disks/SSD1/traefik/traefik.toml:/etc/traefik/traefik.toml
- /mnt/disks/SSD1/certs:/certs
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik-project.domain.tld"
- "traefik.port=8080"
- "traefik.protocol=http"
networks:
network1:
name: web
--------------------------------
My final questions are:
How can I configure apiman to be aware that it will be called from an https
schema?
In general, What are the caveats of placing Apiman behind a reverse proxy?
Thanks!
--
*J. Rubén Marrero V.*
GPG: 0x1D7087F7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20190328/68ad963a/attachment.html
More information about the Apiman-user
mailing list