Mautic Community Forums

Traefik as reverse proxy for Mautic

Ubuntu 20.04
My PHP version that is linked to docker image mautic/mautic:v4 :
My MySQL/MariaDB version is powertic/percona-docker

I try to install mautic behind a reverse Traefik proxy with docker-compose. The configuration works well for the portainer container. The configuration even worked with Mautic before.

However, lately I am getting a ‘Gateway timeout’. If I activate MAUTIC_TRUSTED_PROXIES I am getting a 404.

version: '3.3'

services:
  traefik:
    container_name: traefik
    image: 'traefik:latest'
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --log.level=DEBUG
      - --certificatesresolvers.leresolver.acme.httpchallenge=true
      - --certificatesresolvers.leresolver.acme.email=${EMAIL}
      - --certificatesresolvers.leresolver.acme.storage=/etc/traefik/acme.json
      - --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - ./traefik:/etc/traefik
    labels:
      - 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
      - 'traefik.http.routers.http-catchall.entrypoints=web'
      - 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

  portainer:
    image: portainer/portainer-ce:2.6.3
    command: -H unix:///var/run/docker.sock
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.frontend.rule=Host(`containers.${SITE}`)'
      - 'traefik.http.routers.frontend.entrypoints=websecure'
      - 'traefik.http.services.frontend.loadbalancer.server.port=9000'
      - 'traefik.http.routers.frontend.service=frontend'
      - 'traefik.http.routers.frontend.tls.certresolver=leresolver'

  mautic-app:
    image: mautic/mautic:v4
    restart: always
    volumes:
      - mautic_data:/var/www/html
    environment:
      - MAUTIC_DB_HOST=mautic-database
      - MAUTIC_DB_USER=${MAUTIC_DB_USER}
      - MAUTIC_DB_PASSWORD=${MAUTIC_DB_PASSWORD}
      - MAUTIC_DB_NAME=mautic
      #- MAUTIC_TRUSTED_PROXIES=0.0.0.0/0
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.marketing.rule=Host(`mautic.${SITE}`)'
      - 'traefik.http.routers.marketing.entrypoints=websecure'
      - 'traefik.http.services.marketing.loadbalancer.server.port=80'
      - 'traefik.http.routers.marketing.service=marketing'
      - 'traefik.http.routers.marketing.tls.certresolver=leresolver'
    depends_on:
      - mautic-database
    networks:
      - mautic-net

  mautic-database:
    image: powertic/percona-docker
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: ${MAUTIC_DB_PASSWORD}
    volumes:
      - database:/var/lib/mysql
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --sql-mode=""
    networks:
      - mautic-net
volumes:
  portainer_data:
    driver: local
  database:
    driver: local
  mautic_data:
    driver: local

networks:
  mautic-net:
    driver: bridge

Here My Docker-Compose.yml

version: '3'

volumes:
  backup-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${CONTAINERVOLUMES}/backup
#  elastic-data:
#    driver: local-persist
#    driver_opts:
#      mountpoint: ${CONTAINERVOLUMES}/elastic
  mariadb-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${CONTAINERVOLUMES}/mariadb
  redis-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${CONTAINERVOLUMES}/redis
  www-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${CONTAINERVOLUMES}/html

services:
#  sshd:
#    image: hermsi/alpine-sshd
#    container_name: ${COMPOSE_PROJECT_NAME}-SSH
#    environment:
#      ROOT_PASSWORD: ${ROOT_PASSWORD}
#    ports:
#      - "${SSH_PORT}:22"
#    volumes:
#      - www-data:/var/www/html

  DBBackup:
    image: fradelg/mysql-cron-backup
    container_name: ${COMPOSE_PROJECT_NAME}-DBBackup
    restart: unless-stopped
    depends_on:
      - mysql
    volumes:
      - backup-data:/backup
    environment:
      TZ: ${TIMEZONE}
      MYSQL_HOST: mysql
      MYSQL_USER: root
      MYSQL_PASS: ${MARIADB_ROOT_PASSWORD}
      MAX_BACKUPS: 10
      INIT_BACKUP: 1
      # Every day at 03:00
      CRON_TIME: 5 6,18 * * *
      # Make it small
      GZIP_LEVEL: 9

#  elastic:
#    image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
#    container_name: ${COMPOSE_PROJECT_NAME}-Elastic
#    volumes:
#      - elastic-data:/usr/share/elasticsearch/data
#    ulimits:
#      memlock:
#        soft: -1
#        hard: -1
#      nofile:
#        soft: 65535
#        hard: 65535
#    environment:
#      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
#      - discovery.type=single-node
#      - bootstrap.memory_lock=true
#    expose:
#      - 9200
#      - 9300

  mysql:
    image: mariadb:10.5
    container_name: ${COMPOSE_PROJECT_NAME}-MariaDB
    # command für mysql 8.x
    # command: --default-authentication-plugin=mysql_native_password --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    # command für mariadb
    command: --default-authentication-plugin=mysql_native_password --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    volumes:
      - mariadb-data:/var/lib/mysql
      - ./configs/mariadb:/etc/mysql/conf.d
    environment:
      MYSQL_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MARIADB_DATABASE}
      MYSQL_USER: ${MARIADB_USER}
      MYSQL_PASSWORD: ${MARIADB_PASSWORD}
      TZ: ${TIMEZONE}

  redis:
    image: redis:alpine
    container_name: ${COMPOSE_PROJECT_NAME}-Redis
    volumes:
      - redis-data:/data

#  nginx:
#    image: nginx:1.21-alpine
#    container_name: ${COMPOSE_PROJECT_NAME}-Nginx
#    volumes:
#      - www-data:/var/www/html
#      - ./configs/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
#    networks:
#      - default
#      - proxy
#    labels:
#      - traefik.enable=true
#      # Routers
#      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=${HOSTRULE}
#      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure
#      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=myresolver
#      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.service=${COMPOSE_PROJECT_NAME}_SVC
#      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=${COMPOSE_PROJECT_NAME}_Header
#      - traefik.http.services.${COMPOSE_PROJECT_NAME}_SVC.loadBalancer.server.port=80
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Header.headers.customrequestheaders.X-Forwarded-Proto=https
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Header.headers.customrequestheaders.X-Forwarded-Ssl=on
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Header.headers.customrequestheaders.X-Forwarded-Port=443
#      - traefik.docker.network=traefik_proxy

  phpfpm:
    image: thecodingmachine/php:7.4-v4-apache
    container_name: ${COMPOSE_PROJECT_NAME}-PHP-fpm
    environment:
      TZ: ${TIMEZONE}
      APACHE_RUN_USER: docker
      APACHE_RUN_GROUP: docker
      PHP_EXTENSION_BCMATH: 1
      PHP_EXTENSION_GD: 1
      PHP_EXTENSION_GMP: 1
      PHP_EXTENSION_IMAGICK: 1
      PHP_EXTENSION_INTL: 1
      PHP_EXTENSION_MYSQLI: 1
      PHP_INI_DISPLAY_ERRORS: 0
      PHP_INI_DATE_TIMEZONE: ${TIMEZONE}
      PHP_INI_MAX_EXECUTION_TIME: 360
      PHP_INI_MEMORY_LIMIT: 756M
      PHP_INI_UPLOAD_MAX_FILESIZE: 64M
      PHP_INI_POST_MAX_SIZE: 64M
      APACHE_DOCUMENT_ROOT: /var/www/html/${COMPOSE_PROJECT_NAME}-Projekt
      CRON_USER_1: root
      CRON_SCHEDULE_1: 01 03 * * *
      CRON_COMMAND_1: /backup/HTML-Backup.sh
      CRON_USER_2: docker
      CRON_SCHEDULE_2: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59 * * * *
      CRON_COMMAND_2: php /var/www/html/${COMPOSE_PROJECT_NAME}-Projekt/bin/console mautic:emails:send
      CRON_USER_3: docker
      CRON_SCHEDULE_3: 0,15,30,45 * * * *
      CRON_COMMAND_3: php /var/www/html/${COMPOSE_PROJECT_NAME}-Projekt/bin/console mautic:segments:update
      CRON_USER_4: docker
      CRON_SCHEDULE_4: 5,20,35,50 * * * *
      CRON_COMMAND_4: php /var/www/html/${COMPOSE_PROJECT_NAME}-Projekt/bin/console mautic:campaigns:update
      CRON_USER_5: docker
      CRON_SCHEDULE_5: 10,25,40,55 * * * *
      CRON_COMMAND_5: php /var/www/html/${COMPOSE_PROJECT_NAME}-Projekt/bin/console mautic:campaigns:trigger
    labels:
      - traefik.enable=true
      # Routers
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=${HOSTRULE}
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=myresolver
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.service=${COMPOSE_PROJECT_NAME}_SVC
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=${COMPOSE_PROJECT_NAME}_Header
      - traefik.http.services.${COMPOSE_PROJECT_NAME}_SVC.loadBalancer.server.port=80
      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Header.headers.customrequestheaders.X-Forwarded-Proto=https
      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Header.headers.customrequestheaders.X-Forwarded-Ssl=on
      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Header.headers.customrequestheaders.X-Forwarded-Port=443
      - traefik.docker.network=traefik_proxy
    volumes:
      - www-data:/var/www/html
      - backup-data:/backup
#      - ./configs/nginx/docker.conf:/etc/php/8.0/fpm/pool.d/docker.conf
#      - ./configs/nginx/www.conf:/etc/php/8.0/fpm/pool.d/www.conf
#      - ./configs/nginx/zz-docker.conf:/etc/php/8.0/fpm/pool.d/zz-docker.conf
#Nur bei FPM und NGINX
#    networks:
#      default:
#        aliases:
#          - fpm
    networks:
      - default
      - proxy

networks:
  proxy:
    external:
      name: ${PROXY_NETWORK}