Getting Bad Gateway with XWIKI behind Traefik reverse proxy

Hey together,

I started to initaly rais up a XWIKI Instance and followed most of the instructions on the Github page.
Database (MariaDB) starts fine and smooth and also the XWIKI COntainer has no problems (without this warning about the office manager -.-).

But after all I get a Bad Gateway error even after I copied out tomcat config files and implemented them into the container if I must reconfigure them and I also added the https url to the wiki and the protocol https into the xwiki.cfg file but nothing changed.

I hope to get some help on this. I can share some of the files if needed/required/wanted. Simple hit me up with what you need and I’ll respond with it when I am back at my PC :slight_smile:


Edit: How can I insert code snippets with there corresponding language? Can not find the correct Symbol/Code for it. If disabled/not installed, please install/enable it. Reading code as plain text is horrible.

Usually a networking issue within Docker (or backend not available on the docker instance).

Verify that traefik has access to the docker network. As this is very dynamic, so there is no way to tell you where to look in such an environment

Well, all our pages working smoothly witth traefik and docker and configs are also correct (copied from another working instance).

Mayby XWiki needs another setting because of the reverse proxy Traefik or maybe Tomcat does?

But as long as I don’t have any code block thingy to paste my configs here, I can’t show anything, tbh.

You could use the “preformattet” style to paste the config it is not tooo big. Or attach a file (never tried to be honest).

Where is your Traefik running? How does docker provide network access for this instance. You should try to connect locally in the docker to see if you can at least curl the local url successfully. Bad Gateway will potentially be returned for any HTTP 5xx on the backend …

Treafik runs as container but not Docker so no D’n’D. But tldr; our Traefik has splitted confs to be more dynamic all followed by the Traefiks Documentation.

For the wiki and all other normal https pages, the entrypoint is https incl. mytlschallenge to get the Let’s Encrypt SSL Certificate and Middlewares are chained as chain-no-auth@file which basicly means that the page can be accesed liek any normal webpage incl. secHeaders@file and rateLimit@file to reduce overload if someone means todo an attack or similar.

I definitly think that I miss smth. with either Tomcat or XWiki Config itself.

Edit: The http and https entry in Traefik are all checked green, so no werrors within the traefik container nor with the networks.

Well, let’s focus on the docker where xWiki is installed. Can you access the xWiki Port that Traefik should access from another shell where curl is installed? Otherwise you would need a shell in the docker image and install curl. This is to validate what your tomcat does and if the xwiki.war was deployed successfully (this you will see in the log too). I would start to access the tomcat without https for now. curl ip:port, then ip:port/xwiki and see what you get

Oh, there is no :port added.

I’ll try and attache the docker-compose from the xwiki. CHange the ending from TXT to yml as yml is stupidly not allowed, why ever.

Ignore the variables in the volumes section as they are working smoothly because all docker-compose where pushed to our containered GitLab and published over Pipelines which creates all containers, does file checking (lint) and creates also all required networks. It also supports build when Dockerfile ist supplied.

Since Treafik has all important configs setted in respective and seperated files, the lables sections is clean.

What I think … could it be that I must set the loadbalancer server port to 8080 instead of 80?

docker-compose2.txt (1.5 KB)

Before I look at the file, yes, tomcat will listen to 8080 by default. And, 8443 is NOT enabled if you did not inject that config with a certificate …

Wow, it was the loadbalancer Port for now.
Actually the wiki tries to initialize and it worked \0/

Could be added to the Github page to set the loadbalancer server port to 8080 when using Traefiks loadbalancer :smiley:

This depends on what you use to deploy the war. Tomcat is 8080, but others might use different default ports. And, you can configure in your compose file what tomcat should listen on … and and. So it does not make sense to hardwire this IMHO


Hmm, Must I take care about Log4J because of the current breach from what I have read in the web?
Will open a seperate thread for it because XWiki uses Log4J and I don’t wanna get slayed ^^

There is already one by @tmortagne

1 Like

Wanted to write you a PM … want to ask if I should start empty or with the Demo Flavor or the XWWiki Standard Flavor to sneak arround before importing all the stuff from our old wiki.

Standard, I suggest

1 Like

Extension Manager works smooth so I think that there should no problems by now \0/