Hi all! I'm having trouble getting an Apiman docker instance up and running. The setup is a docker-compose coordinated set of containers in a single VM, running on the cloud. $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 59a1047d84bd apiman/on-wildfly11 "/opt/jboss/wildfly/…" 25 minutes ago Up 25 minutes 8080/tcp apiman ca8bd1e3bb99 traefik "/traefik" About an hour ago Up 25 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp traefik 2a11b776409c nginx:alpine "nginx -g 'daemon of…" About an hour ago Up 25 minutes 80/tcp nginx 21f8c3d3e14e portainer/portainer "/portainer" 2 hours ago Up 25 minutes 9000/tcp portainer Traefik proxies all connections and provides SSL termination. I'm using a LetsEncrypt wildcard certificate; each service has a DNS subdomain. - API-project.domain.tld -> apiman - WEB-project.domain.tld -> nginx (static pages) - PORTAINER-project.domain.tld -> portainer - TRAEFIK-project.domain.tld -> traefik All of this works. I can see on my browser each service including apimanui The problem starts with the apiman login form. The form itself has a HTTP and not HTTPS action endpoint. if I login with the admin/admin123! credentials and hit enter, I'll POST to the auth backend, receive a 302 REDIRECT, follow the redirect and then just prints Forbidden to the screen. Refresh or back now fails with Bad request to the screen. The only way to retry is clearing cookies and local storage. I tried running the single line docker apiman incantation and it works on my laptop, but not when mixed with other containers. Here is my docker-compose file ------------------- version: '2.4' services: portainer: image: portainer/portainer container_name: portainer mem_limit: 1G restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock - /mnt/disks/SSD1/portainer:/data networks: - network1 labels: - "traefik.enable=true" - "traefik.backend=portainer" - "traefik.frontend.rule=Host:portainer-project.domain.tld" - "traefik.port=9000" - "traefik.protocol=http" apiman: image: apiman/on-wildfly11 container_name: apiman mem_limit: 3G restart: always #volumes: # - /mnt/disks/SSD1/apiman:/opt/jboss/wildfly/standalone:rw networks: - network1 labels: - "traefik.enable=true" - "traefik.backend=apiman" - "traefik.frontend.rule=Host:api-project.domain.tld" - "traefik.port=8080" - "traefik.protocol=http" web: image: nginx:alpine container_name: nginx mem_limit: 512M restart: always networks: - network1 labels: - "traefik.enable=true" - "traefik.backend=web" - "traefik.frontend.rule=Host:web-project.domain.tld" - "traefik.port=80" - "traefik.protocol=http" reverse-proxy: image: traefik # The official Traefik docker image container_name: traefik ports: - "80:80" # The HTTP port - "8080:8080" # The Web UI (enabled by --api) - "443:443" # The Web UI (enabled by --api) networks: - network1 volumes: - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events - /mnt/disks/SSD1/traefik/traefik.toml:/etc/traefik/traefik.toml - /mnt/disks/SSD1/certs:/certs labels: - "traefik.enable=true" - "traefik.backend=traefik" - "traefik.frontend.rule=Host:traefik-project.domain.tld" - "traefik.port=8080" - "traefik.protocol=http" networks: network1: name: web -------------------------------- My final questions are: How can I configure apiman to be aware that it will be called from an https schema? In general, What are the caveats of placing Apiman behind a reverse proxy? Thanks! -- *J. Rubén Marrero V.* GPG: 0x1D7087F7