Hi all!

I'm having trouble getting an Apiman docker instance up and running.

The setup is a docker-compose coordinated set of containers in a single VM, running on the cloud.

 $ docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                                                              NAMES
59a1047d84bd        apiman/on-wildfly11   "/opt/jboss/wildfly/…"   25 minutes ago      Up 25 minutes       8080/tcp                                                           apiman
ca8bd1e3bb99        traefik               "/traefik"               About an hour ago   Up 25 minutes       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp   traefik
2a11b776409c        nginx:alpine          "nginx -g 'daemon of…"   About an hour ago   Up 25 minutes       80/tcp                                                             nginx
21f8c3d3e14e        portainer/portainer   "/portainer"             2 hours ago         Up 25 minutes       9000/tcp                                                           portainer


Traefik proxies all connections and provides SSL termination. I'm using a LetsEncrypt wildcard certificate; each service has a DNS subdomain.
  • API-project.domain.tld -> apiman
  • WEB-project.domain.tld -> nginx (static pages)
  • PORTAINER-project.domain.tld -> portainer 
  • TRAEFIK-project.domain.tld -> traefik
All of this works. I can see on my browser each service including apimanui

The problem starts with the apiman login form. The form itself has a HTTP and not HTTPS action endpoint.

if I login with the admin/admin123! credentials and hit enter, I'll POST to the auth backend, receive a 302 REDIRECT, follow the redirect and then just prints Forbidden to the screen. Refresh or back now fails with Bad request to the screen. The only way to retry is clearing cookies and local storage.

I tried running the single line docker apiman incantation and it works on my laptop, but not when mixed with other containers. Here is my docker-compose file

-------------------
version: '2.4'
services:
 portainer:
   image: portainer/portainer
   container_name: portainer
   mem_limit: 1G
   restart: always
   volumes:
     - /var/run/docker.sock:/var/run/docker.sock
     - /mnt/disks/SSD1/portainer:/data
   networks:
    - network1
   labels:
     - "traefik.enable=true"
     - "traefik.backend=portainer"
     - "traefik.frontend.rule=Host:portainer-project.domain.tld"
     - "traefik.port=9000"
     - "traefik.protocol=http"

 apiman:
    image: apiman/on-wildfly11
    container_name: apiman
    mem_limit: 3G
    restart: always
    #volumes:
    #  - /mnt/disks/SSD1/apiman:/opt/jboss/wildfly/standalone:rw
    networks:
      - network1
    labels:
      - "traefik.enable=true"
      - "traefik.backend=apiman"
      - "traefik.frontend.rule=Host:api-project.domain.tld"
      - "traefik.port=8080"
      - "traefik.protocol=http"

 web:
    image: nginx:alpine
    container_name: nginx
    mem_limit: 512M
    restart: always
    networks:
      - network1
    labels:
      - "traefik.enable=true"
      - "traefik.backend=web"
      - "traefik.frontend.rule=Host:web-project.domain.tld"
      - "traefik.port=80"
      - "traefik.protocol=http"
   

 reverse-proxy:
    image: traefik # The official Traefik docker image
    container_name: traefik
    ports:
      - "80:80"     # The HTTP port
      - "8080:8080" # The Web UI (enabled by --api)
      - "443:443" # The Web UI (enabled by --api)
    networks:
      - network1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
      - /mnt/disks/SSD1/traefik/traefik.toml:/etc/traefik/traefik.toml
      - /mnt/disks/SSD1/certs:/certs
    labels:
      - "traefik.enable=true"
      - "traefik.backend=traefik"
      - "traefik.frontend.rule=Host:traefik-project.domain.tld"
      - "traefik.port=8080"
      - "traefik.protocol=http"


networks:
  network1:
   name: web
--------------------------------

My final questions are:
How can I configure apiman to be aware that it will be called from an https schema?
In general, What are the caveats of placing Apiman behind a reverse proxy?

Thanks!

--
J. Rubén Marrero V.
GPG: 0x1D7087F7