502 Proxy Error ( docker + traefik + apache )

Question

I'm trying to setup traefik for SSL termination on my local development instance. Following up this guide I have the following configuration.

docker-compose.yml

version: '2.1'
services:
  mariadb:
    image: wodby/mariadb:10.2-3.0.2
    healthcheck:
        test: "/usr/bin/mysql --user=dummyuser --password=dummypasswd --execute \"SHOW DATABASES;\" | grep database"
        interval: 3s
        timeout: 1s
        retries: 5
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: dummy
      MYSQL_DATABASE: database
    volumes:
      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
      - mysql:/var/lib/mysql # I want to manage volumes manually.

  php:
    depends_on:
      mariadb:
        condition: service_healthy
    ports:
        - "25:25"
        - "587:587"
    environment:
      PHP_FPM_CLEAR_ENV: "no"
      DB_HOST: mariadb
      #DB_USER: dummy
      DB_PASSWORD: dummypasswd
      DB_NAME: database
      DB_DRIVER: mysql
      PHP_POST_MAX_SIZE: "256M"
      PHP_UPLOAD_MAX_FILESIZE: "256M"
      PHP_MAX_EXECUTION_TIME: 300
    volumes:
      - codebase:/var/www/html/
      - private:/var/www/html/private
  solr:
    image: mxr576/apachesolr-4.x-drupal-docker
    ports:
      - "8983:8983"
    labels:
      - 'traefik.backend=solr'
      - 'traefik.port=8983'
     # - 'traefik.frontend.rule=Host:192.168.33.10'
    volumes:
      - solr:/opt/solr/example/solr/collection1/data
    restart: always
  portainer:
    image: portainer/portainer
    command: --no-auth -H unix:///var/run/docker.sock
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - 'traefik.backend=portainer'
      - 'traefik.port=9000'
    restart: always
      apache:
        image: wodby/php-apache:2.4-2.0.2
    #    ports:
    #      - "80:80"
        depends_on:
          - php
        environment:
          APACHE_LOG_LEVEL: warn
          APACHE_BACKEND_HOST: php
          APACHE_SERVER_ROOT: /var/www/html/drupal
        volumes:
          - codebase:/var/www/html/
          - private:/var/www/html/private
        labels:
          - 'traefik.backend=apache'
          - 'traefik.docker.network=proxy'
          - "traefik.frontend.rule=Host:127.0.0.1"
          - "traefik.enable=true"
          - "traefik.port=80"
          - "traefik.default.protocol=http"
        restart: always
        networks:
          - proxy
      traefik:
        image: traefik
        command: -c /traefik.toml --web --docker --logLevel=INFO
        ports:
          - '80:80'
          - '443:443'
          - '8888:8080' # Dashboard
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
          - /codebase/traefik.toml:/traefik.toml
          - /codebase/certs/cert.crt:/cert.crt
          - /codebase/certs/cert.key:/cert.key
    volumes:
      solr:
        external: true
      mysql:
        external: true
      codebase:
        external: true
      private:
        external: true

    networks:
      proxy:
        external: true

traefik.toml

logLevel = "DEBUG" # <---
defaultEntryPoints = ["https", "http"] # <---

[accessLog]
[traefikLog]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
      certFile = "/cert.crt"
      keyFile = "/cert.key"

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedbydefault = false

When trying to verify the instance, I get a 502 Bad Gateway

 curl -i -k https://127.0.0.1
        HTTP/1.1 502 Bad Gateway
        Content-Length: 392
        Content-Type: text/html; charset=iso-8859-1
        Date: Fri, 14 Sep 2018 16:34:36 GMT
        Server: Apache/2.4.29 (Unix) LibreSSL/2.5.5
        X-Content-Type-Options: nosniff
        <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
        <html><head>
        <title>502 Proxy Error</title>
        </head><body>
        <h1>Proxy Error</h1>
        <p>The proxy server received an invalid
        response from an upstream server.<br />
        The proxy server could not handle the request <em><a href="/index.php">GET&nbsp;/index.php</a></em>.<p>
        Reason: <strong>DNS lookup failure for: php</strong></p></p>
        </body></html>

A reset for docker-compose and the docker network didn't help. I've checked the issue on their repo and it seems like nobody got a definitive solution. Anybody has an idea on how to solve this?

Edit:Update for full docker-compose file.

Answer 1

You are trying to connect to php container from apache service using service discovery. But php container is not attached to the network proxy , Because you haven't declared network for it. The same case is with mariabd as well. So, When you connect to apache/traefik they look for host php which is not attached to the network proxy and throw error 502 .

Unless and until you specify external network, Docker containers will not be connected to them.

Hence, You have to specify the network as follows for all the services in order to make docker service discovery work properly.

networks:
      - proxy

Bonus:

Since you have done port mapping. You can also use public Ip of your host machine followed by the port to connect to services from docker container and from outside containers as well.

Example:

Let us assume your ip is 192.168.0.123 then you can connect to php from any services in docker container and even from outside docker as 192.168.0.123:25 and 192.168.0.123:587 . This is because you have exposed ports 25,587 by mapping them to host ports 25,587 .

Some references:

1. Docker networking
2. Networking using the host network
3. Connect a container to a user-defined bridge
4. Networking with standalone containers
5. Service discovery
6. Networking in Compose (check "Specify custom networks" section)