x_old_misp_docker icon indicating copy to clipboard operation
x_old_misp_docker copied to clipboard

Published 20 hours ago verified publisher icon MISP

MISP behind Traefik

Open ghost opened this issue 5 years ago • 2 comments

Hi, I'm trying to serve MISP using Traefik as reverse proxy, but I can't seem to get it to work. When I try to connect to https://test.local/misp I'm redirected to https://test/

This is my docker-compose.yml:

version: '3'

networks:
  proxy:
    external: true
  internal:
    external: false


services:
  web:
    build: web
    depends_on:
      - db
    container_name: misp_web
    image: misp:latest
    restart: unless-stopped
    volumes:
      - /dev/urandom:/dev/random
      - ${DATA_DIR}/web:/var/www/MISP
    environment:
      - MYSQL_HOST=db
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MISP_ADMIN_EMAIL=${MISP_ADMIN_EMAIL}
      - MISP_ADMIN_PASSPHRASE=${MISP_ADMIN_PASSPHRASE}
      - MISP_BASEURL=${MISP_BASEURL}
      - POSTFIX_RELAY_HOST=${POSTFIX_RELAY_HOST}
      - TIMEZONE=${TIMEZONE}
    labels:
      - traefik.backend = misp
      - traefik.frontend.rule=Host:test.local;PathPrefixStrip:/misp
      - traefik.docker.network=proxy
      - traefik.port=443
    networks:
      - internal
      - proxy

  db:
    container_name: misp_db
    image: mysql/mysql-server:5.7
    restart: unless-stopped
    volumes:
      - ${DATA_DIR}/db:/var/lib/mysql
    environment:
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}

and this is my .env :

MYSQL_DATABASE=misp
MYSQL_USER=misp
MYSQL_PASSWORD=misp
MYSQL_ROOT_PASSWORD=misp

[email protected]
MISP_ADMIN_PASSPHRASE=admin
MISP_BASEURL=test.local/misp

POSTFIX_RELAY_HOST=relay.fqdn
TIMEZONE=Europe/Rome

DATA_DIR=./data

Can someone help me?

ghost avatar Sep 05 '19 13:09 ghost

I am running behind Traefik without any issues, so this isn't a MISP specific issue. Your rules look a little odd since needing to strip a path usually means that the same hostname is being used for multiple backends but you are also routing based on Host(some setups require it but it most won't), the "traefik.enable=true" label is also missing from your config(it can be optional depending on how you have Traefik configured, most require it. Can't really say without seeing the Traefik config/toml file since that is where the logic removing the TLD is probably occurring.

Also, I think docker handles the network name "internal" specially and autocreates an overlay network, not sure how that plays with docker-compose's autonaming, even if it works I'd add the db service to the internal network as well in the docker-compose file just so it is easier to read.

redNixon avatar Sep 07 '19 01:09 redNixon

Hi,

any update on this? Did you solve the problem?

I am trying to configure MISP behind Traefik but with no luck.

pietrogu avatar Nov 16 '21 12:11 pietrogu