I'm currently trying to set up a dockerized spring boot application on my server for a group project of my school, but I can't seem to figure out how to set it up so that the API (Spring Boot) is reachable over HTTPS. The client is a simple React Admin page, which works. It's only spring boot that I can't reach. The browser keeps telling me "you have been redirected too many times". The page is https://stocks-tracker-api.manuele-vaccari.ch/
The Spring Boot application is built with ./gradlew bootBuildImage --imageName=d3strukt0r/fhnw-stocks-tracker-api
version: "3.2"
services:
db:
image: mariadb
command:
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
healthcheck:
test: ["CMD", "mysqladmin", "ping"]
interval: 10s
timeout: 5s
retries: 3
networks:
- internal
volumes:
- ./database:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
MYSQL_USER: ${DB_USERNAME}
MYSQL_PASSWORD: ${DB_PASSWORD}
MYSQL_DATABASE: ${DB_DATABASE}
phpmyadmin:
image: phpmyadmin/phpmyadmin
depends_on:
- db
networks:
- internal
- traefik_proxy
dns:
- 1.1.1.1
- 1.0.0.1
environment:
UPLOAD_LIMIT: 100M
labels:
- traefik.enable=true
- traefik.http.routers.stocksTrackerPhpmyadmin0.entrypoints=http
- traefik.http.routers.stocksTrackerPhpmyadmin0.rule=Host(`${PHPMYADMIN_URL}`)
- traefik.http.routers.stocksTrackerPhpmyadmin0.middlewares=to_https
- traefik.http.routers.stocksTrackerPhpmyadmin.entrypoints=https
- traefik.http.routers.stocksTrackerPhpmyadmin.rule=Host(`${PHPMYADMIN_URL}`)
- traefik.http.routers.stocksTrackerPhpmyadmin.tls=true
- traefik.http.routers.stocksTrackerPhpmyadmin.tls.certresolver=le
api:
image: d3strukt0r/fhnw-stocks-tracker-api:nightly
depends_on:
- db
networks:
- internal
- traefik_proxy
dns:
- 1.1.1.1
- 1.0.0.1
# volumes:
# - ./data/:/data/
environment:
# https://stackoverflow.com/questions/46057625/externalising-spring-boot-properties-when-deploying-to-docker
# https://howtodoinjava.com/spring-boot2/datasource-configuration/
SPRING_APPLICATION_JSON: '{
"spring.datasource.url": "jdbc:mysql://db:3306/${DB_DATABASE}",
"spring.datasource.username": "${DB_USERNAME}",
"spring.datasource.password": "${DB_PASSWORD}",
"spring.datasource.driver-class-name": "com.mysql.jdbc.Driver",
"spring.jpa.database-platform": "org.hibernate.dialect.MySQL5InnoDBDialect",
"security.token.secret": "${API_TOKEN_SECRET}",
"server.port": 8081
}'
labels:
- traefik.enable=true
- traefik.http.services.stocks-tracker.loadbalancer.server.port=8081
- traefik.http.routers.stocksTrackerApi0.entrypoints=http
- traefik.http.routers.stocksTrackerApi0.rule=Host(`${API_URL}`)
- traefik.http.routers.stocksTrackerApi0.middlewares=to_https
- traefik.http.routers.stocksTrackerApi.entrypoints=https
- traefik.http.routers.stocksTrackerApi.rule=Host(`${API_URL}`)
- traefik.http.routers.stocksTrackerApi.tls=true
- traefik.http.routers.stocksTrackerApi.tls.certresolver=le
client:
image: d3strukt0r/fhnw-stocks-tracker-client:nightly
depends_on:
- api
networks:
- internal
- traefik_proxy
labels:
- traefik.enable=true
- traefik.http.routers.stocksTracker0.entrypoints=http
- traefik.http.routers.stocksTracker0.rule=Host(`${CLIENT_URL}`)
- traefik.http.routers.stocksTracker0.middlewares=to_https
- traefik.http.routers.stocksTracker.entrypoints=https
- traefik.http.routers.stocksTracker.rule=Host(`${CLIENT_URL}`)
- traefik.http.routers.stocksTracker.tls=true
- traefik.http.routers.stocksTracker.tls.certresolver=le
networks:
internal:
external: false
traefik_proxy:
external: true
Also for more information, here is the Traefik configuration
version: "2"
# Manage domain access to services
services:
traefik:
container_name: traefik
image: traefik
command:
- --api.dashboard=true
- --certificatesresolvers.le.acme.email=${ACME_EMAIL}
- --certificatesresolvers.le.acme.storage=acme.json
# - --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.dnschallenge=true
- --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --global.sendAnonymousUsage
- --log.level=INFO
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik_proxy
- --pilot.token=${PILOT_TOKEN}
restart: always
networks:
- traefik_proxy
ports:
- "80:80"
- "443:443"
dns:
- 1.1.1.1
- 1.0.0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./acme.json:/acme.json
# - ./acme-staging.json:/acme.json
environment:
CF_API_EMAIL: ${CLOUDFLARE_EMAIL}
CF_API_KEY: ${CLOUDFLARE_API_KEY}
labels:
- traefik.enable=true
- traefik.http.routers.traefik0.entrypoints=http
- traefik.http.routers.traefik0.rule=Host(`${TRAEFIK_URL}`)
- traefik.http.routers.traefik0.middlewares=to_https
- traefik.http.routers.traefik.entrypoints=https
- traefik.http.routers.traefik.rule=Host(`${TRAEFIK_URL}`)
- traefik.http.routers.traefik.middlewares=traefik_auth
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=le
- traefik.http.routers.traefik.service=api@internal
# Declaring the user list
#
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
- traefik.http.middlewares.traefik_auth.basicauth.users=${TRAEFIK_USERS}
# Standard middleware for other containers to use
- traefik.http.middlewares.to_https.redirectscheme.scheme=https
- traefik.http.middlewares.to_https_perm.redirectscheme.scheme=https
- traefik.http.middlewares.to_https_perm.redirectscheme.permanent=true
networks:
traefik_proxy:
external: true
What do I have to change for it to be reachable over HTTPS?
