QUESTION: WHAT changes do i need to have [with docker or phpmyadmin (or other)]
HTTP phpmyadmin without port ====> http://pma.mydn.tld or http://mydn.tld/pma
HTTPS phpmyadmin (w or wo port) => https://pma.mydn.tld or https://mydn.tld/pma
I mean … normally “without docker” i can use HTTPS://mydn.tld/phpmyadmin
… so how to make the access withoud docker - similar - with docker as well ???
BTW access to Wordpress @docker works normally the same way liike without docker HTTPS://mydn.tld/wordpress … so the certificates are on board … so how to manage it so the phpmyadmin also works as HTTPS with docker ??
You can use multiple services on the same IP/port, it will handle https/TLS and you can configure it via env vars or labels on the target service/container, no additional config files.
Thanks, - these resources looks heavy - could you suggest exact/specific cfg steps to fix HTTP myphpadmin to HTTPS ? 1/… 2/… 3/ … ??
Notes: I think reverse proxy at synology NAS is better change via Login Portal / Advance / Reverse Proxi (not manual change of automated nginx cfg files /etc/nginx/conf.d/. ) - I looked at HTTPS capable docker wordpress cfg and the complexity is similar to the YAML cfg for phpmyadmin above - its just curious that docker phpmyadmin is the trublemaker
great - the reverse proxy works and SSL (HTTPS works in both ways below) - but i do not like actual setup
1/ i can use docker IP addr but its change after any docker/container change, stop/start container etc … thus i need to change manualy reverse proxy often as well after it
2/ when I use ports in YAML e.g. 8080:80 (picture below 8091…8098) then for 8x docker i need occupied 8 port forward and block [8080 … 8087]
goal: 3/ is it possible via YAML creates “local name” of the service phpmyadmin which I can address outside above the docker level ??
Best practice is to use one reverse proxy on the same port within Docker. You would not publish any ports of the target application containers, they connect inside an implicit or explicit Docker network.
The screenshot is from Synology’s “Login Portal”, shwoing the reverse proxy settings. It is a reverse proxy on the host.
Though, the configuration doesn’t look right. The destination should be either http://localhost:<published container port> or the http://<syno ip or dns name>:<published container port>. If you try accessing container by their container ip directly, chances are good that you are doing something in a way it’s not supposed to be done.
yes - its from “Login Portal” and it works well - in fact there are two suboptions (SSL 433 with or without certificate but https is achieved) but ist offtopic for this discusion goal. (from above)
3/ is it possible via YAML creates “local name” of the service phpmyadmin which I can address outside above the docker level ??
so the GOAL is … I would like to know IF and HOW can I configure YAML (or something else in the docker at synology NAS) so the phpmyadmin will be accesible in easy way (similar to the wordpress) http(s)://:<80(443)>
ad 2/ I updated “localhost” which in fact goes to the same destination “see 2/ OR” without needs to make portforward rule at in-front router
bluepuma77 suggested link where the key interface suppose to be VIRTUAL_HOST (which is tricky part at new synology DSM7 and i am not sure how to proof that next commands works, or not, based on tests with reverese proxy it does not work )
extra_hosts:
- "phpmyadmin-0:174.XX.0.X"
?? or ??
environment:
#VIRTUAL_HOST: "pma.localhost"
… so suggestion is appreciated (and at the end i hope I will be able access phpmyadmin with YAML only and without reverse proxy or other stufs)
I must admin, that I am not able to follow your thoughts. Your train of thoughts sure makes sense to you, though it’s not easy to understand for someone else. The structure and mixed bold texts of your posts make them somehow hard to read, that’s why I only skimmed through the text.
Your scenario is most likely not complicated, and I am sure if you share all involved compose files, and tell which port of the compose files you want to be reachable through which domain, we should be able to sort it out. Please help us to help you. Otherwise, we end up with suggesting things that don’t work, because of things we don’t know about your setup.
@bluepuma77 wasn’t aware of the Login Portal reverse proxy. His response is about an alternative approach.
hm, you are probably right, pls try follow these steps and let me know your guess …
containerized wordpress in docker at synolgy NAS is simple to use - no YAML cfg - HTTPS goes probably directly to the docker->container->wordpress service at 172.XX.0.XX without write specific IP anywhare (X might change each modification in the docker)
but then sometimes you need access database (in my case ofthen) - thus you need simple and secured remote access via phpmayadmin to database - thus you need manually add YAML cfg to add phpmyadmin to the wordress container - and then to access it you need reverse proxi cfg , and then after docking all together you have options how to access phpmyadim …
– 1/ discover 172.XX.0.XX of the phpmyadmin in the specific container(s) and setup and modify each time revproxy setup(s) (which I do not want)
– 2/ use localhost:port … blocks port for each container / phpmyadmin service - now imagne yo have multiple wordpress + manually added YAML phpmyadmin containers and it means plenty of ports … blocked … and plenty of YAML cfgs for each phpmyadmin (for each database, for each worpress … per each container)
— 3/ Is there an option to address phpmyadmin(s) 172.XX.0.XX as a name(s) (so I do not care about X changes) from the same destianatiion wordpress domain + subdomain | alias withou port(s) … just by YAML cfgs? for example if wrodpress addr is HTTPS:// mywp#.tld (#… 0,1,2,3,4,5,6,7…) then i would like to use phpmyadmin like HTTPS:// pma.mywp#.tld or HTTPS:// mywp#.tld/pma/ ?
result: 172.X.0.X is not usable, localhost:XXXX block port and both needs rev proxi dfg … s anythink simpler is welcome
(red) see the port modified 80/8091 at XXXX-wp1-phpmyadmin-1 … which works to access it like localhost:8091
(blue) defeult XXXX-wp2-phpmyadmin-1 … failed to access by localhost:80 ( local web server at 80 works well)
(yellow + green) wordpress #1#2 can be accessible directly like web service e.g. https:// mywp1.tld and https:// mywp2.tld … so wordpress allows simple access … phpmyadmin #X not (either need port redir and revproxi or default 80 is not usable)… I am just curious how the access :443 is done for wordpress #1#2 which looks like there is no port 9000 redirection to 443 for 2 different domains
It is long, but it gets you more and better responses when your posts are well formatted. The most important part foy ou is: Dockerfiles, Compose files, logs and code section.
Avoid sharing picutures unless you need to share some graphics or GUI. Texts should be shared as code. Then you will not need to do tricks with URLs and you can separate your own thoughts from any code to make your posts easier to understand.
So as I see it, you have a Synology NAS which has a reverse proxy solution which is probably better known by Synology users. I’m not one of them, but you could probably find more on a Synology forum. There is probably a recommended way to use it and they should know the Synology best practices like how to use it with Docker containers.
What I would do is this:
I would use a standard reverse proxy container without depending on the GUI if it is possible, since those can listen to container changes using labels or environment variables so it doesn’t matter how many times you recreate the containers and what the new IP address of the container is. You just run a new container, set the right label or environment variable depending on which reverse proxy íou are using and it will recognize it and forward requests to the container without knowing what the IP address is. It will detect it automatically.
If you rely on a reverse proxy GUI, that was probably made for static IPs or ports, so it will do exactly what you described. It will just forward requests to a host IP or localhost or to a container IP. And as you wrote too, when you forward requests to the host IP or localhost, you will not be able to use the same ports, although that is exactly why you want to use a reverse proxy. And the container IP is not a solution unless you configure each container to have static IP addresses.
You could use different loopback IP addresses instead of ports, like
ports:
- 127.1.0.1:80:80
and for another project you would use another loopback IP:
ports:
- 127.1.0.2:80:80
But you would still need to manually configure these IPs in the compose file and in the reverse proxy of Synology.
So the only real dynamic solution using a reverse proxy that was designed for containers and that is what @bluepuma77 suggested.
These guides can be long, but this is what we all do. Read long guides to learn. It is still better than without a guide.
I assume you are referring to the multi-site feature to have multiple Wordpress sites using one instance. That is a special feature, but not for everyone.
thank you rimelek
i want to solve next web access inconsistnce (with and without docker - wordpress vs phpmyadmin) so i will have the same web access ibehavior without and with docker
wordpress + phpmyadmin
: without docker : works well - as expected
: with docker : wordpress behave the same (nice) - phpmyadmin does not (need YAML port postfix, revproxi cfg, which multiplies with multiple instances)
BTW i tested your suggestion sooner with same EXIT code 1 (error) and the error comes from first 80 (eg - 127.1.0.1:80:80) so I am curious when Iooking at screenshot ebove docker ps that phpmyadmin service …wp1-phpmyadmin-1 || -2 must have different ports e.g. 8080, 8091 + rev proxi cfg and special access with docker … but …wp1-wordpress-1 || -2 have identical (9000/tcp) and same access with and without docker (it means that HTTP(S) service connect over the port 9000 and goes to wp1 || wp2 when I call https:// mywp1.tld || https:// mywp2.tld). This means that synology make it systematic - the way how I want to get with phpmyadmin via docker should be also systematic - the way with phpmyadmin now is not really usefull.
Note to solve the docker incosistsnce behavior with and without docker synology suggested is to use ports in YAML cfg like I did so far e.g. 8080:80 or 8091:80 + reverse proxi - but they also said I need to ask docker specialist for simpler way / consitent way to overpass this workaround from synology … which I do
You seem to be very deep into your topic, but we are not. So you should clearly structure your questions for people not familiar with the topic.
Synology Proxy Server is a simple tool. You can set the domain and target IP and port. Synology also has an option to create TLS certs for you. Check a guide like this.
You would let your Docker services only listen on host’s localhost, and then set the Syno reverse proxy to forward requests to localhost:port.
# compose of Docker service
ports:
- localhost:8080:8080
^ optional hostname or IP
^ port on host
^ port inside container
That way the services are only available externally via the reverse proxy - not directly.
Every service needs an own dedicated port on the host. Inside the container, the app should listen on IP 0.0.0.0 - if setting of an IP is required.
If you don’t want to mess with Synology Reverse Proxy and TLS certs manually, you should use a reverse proxy within a Docker container, that can handles TLS and can be automatically configured.
Finally note that not all web applications with a GUI can simply be placed under a path. This usually just works when the application itself supports setting something like a “base path”. Otherwise you need to use individual sub-domains for the services.
thanks bluepuma77
i just tested next way which works (not exactly i wanted but its better then using variable ports and unpredictable IP addr from container) BTW suggested 80:80 is not possible (error when docking) so i use 8080:80
so finally this way for phpmyadmin requires modify YAML and revproxy for each individidual phpmyadmin container which is there just to look at single one database for single one wordpress
… idea how to simpler access to phpmyadmin in docker is welcome …
wordpress usage is much simpler (with and without docker is the same, no YAML cfg, no revproxy)
https:// mywp1.tld => …-wp1-wordpress-1
https:// mywp2.tld => …-wp2-wordpress-1
Note that the “unpredictable IP” doesn’t matter any more when the reverse proxy is also within Docker, because the Docker internal DNS will resolve service/container names automatically to the IP.
And within a Docker network you don’t need to publish ports which might conflict, every service just uses its default port.
I don’t know what you are doing, localhost is always 127.0.0.1
me too and yes with suggested 80:80 the docking makes error (similar like the one below) and localhost in my case is occupied anyway … but the way i use in previous post works well - i would call it solution - its not what i want exactly but in actual setup i am happy with what i got - it behaves almost as localhost - fixed IP and port and ready to use systematically as revproxy for multiple instances
idea: what about exclude phpmyadmin from docker and connect contanerized database as remote database to regular phpmyadmin … i guess it should work - then i do not need this phpmyadmin in the docker and this creazy YAML+revproxy cfg for each wpX
Maybe you should clearly state (in bullet points) what you want to achieve, what the current state is and what still needs to be optimized.
For me in general it makes no difference if an application is running directly on host or within a container, I could always configure it the way I needed it - even when in a container.
