Invoice Ninja V5 - Error 403/404

Good morning.
I have been trying to get docker working for a week now.
I almost always get to error 403 error.
Maybe I am doing something wrong, because I have a docker-compose.yml, where I define all the dockers, I use Traefik 2.

ninja_nginx:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    <<: *min-limits
    image: nginx:latest
    container_name: ninja_nginx
    env_file: .envninja
    ports:
      - "8087:80"
    networks:
      proxy:
        ipv4_address: 192.168.90.66
    volumes:
      - $DOCKERDIR/appdata/invoiceninja/nginx/in-vhost.conf:/etc/nginx/conf.d/in-vhost.conf:ro
      - $DOCKERDIR/appdata/invoiceninja/public:/var/www/app/public:rw,delegated
      - $DOCKERDIR/appdata/invoiceninja/storage:/var/www/app/storage:rw,delegated
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ninja-nginx-rtr.tls=true"
      ## HTTP Routers
      - "traefik.http.routers.ninja-nginx-rtr.entrypoints=https"
      - "traefik.http.routers.ninja-nginx-rtr.rule=Host(`fact.$DOMAINNAME`)"
      ## Middlewares
      - "traefik.http.routers.ninja-nginx-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.ninja-nginx-rtr.service=ninja-nginx-svc"
      - "traefik.http.services.ninja-nginx-svc.loadbalancer.server.port=80"
    depends_on:
      - invoiceninja
    
  invoiceninja:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    <<: *min-limits
    image: invoiceninja/invoiceninja:latest
    container_name: invoiceninja
    env_file: .envninja
    networks:
      proxy:
        ipv4_address: 192.168.90.67
    volumes:      
      - $DOCKERDIR/appdata/invoiceninja/hosts:/etc/hosts:ro
      - $DOCKERDIR/appdata/invoiceninja/public:/var/www/app/public:rw,delegated
      - $DOCKERDIR/appdata/invoiceninja/storage:/var/www/app/storage:rw,delegated
    depends_on:
      - mariadb

I have a maria db docker where I have several databases, at least invoice ninja creates the tables well.
The .env file is as follows (it is called .envninja).

# IN application vars
APP_URL=https://fact.mydomain.com
APP_KEY=base64:XXXXXXXXXXXXXXXXXXXXXXX
APP_DEBUG=false
REQUIRE_HTTPS=true
PHANTOMJS_PDF_GENERATION=false
PDF_GENERATOR=snappdf
TRUSTED_PROXIES='*'

QUEUE_CONNECTION=database

# DB connection
DB_HOST=mariadb
DB_PORT=3306
DB_DATABASE=invoiceninja
DB_USERNAME=invoice_user
DB_PASSWORD=XXXXXXX

# Create initial user
# Default to these values if empty
# [email protected]
# IN_PASSWORD=changeme!
IN_USER_EMAIL=
IN_PASSWORD=

# Mail options
MAIL_MAILER=log
MAIL_HOST=my.mail.host
MAIL_PORT=587
MAIL_USERNAME=mail
MAIL_PASSWORD=password
MAIL_ENCRYPTION=TLS
MAIL_FROM_ADDRESS='mail'
MAIL_FROM_NAME='Self Hosted User'

# MySQL
MYSQL_ROOT_PASSWORD=XXXXXXXX
MYSQL_USER=ninja
MYSQL_PASSWORD=ninja
MYSQL_DATABASE=ninja

# V4 env vars
# DB_STRICT=false
# APP_CIPHER=AES-256-CBC

The file in-vhost.conf

server {
    listen 80 default_server;
    server_name _fact.mydomain.com;
    
    server_tokens off;
    
    client_max_body_size 100M;

    root /var/www/app/public/;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass invoiceninja:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }
}

I have tried changing the REQUIRE_HTTPS=true and false and adding TRUSTED_PROXIES=‘*’ or TRUSTED_PROXIES=‘192.168.0.0/16’.
I have also tried to do an installation without the domain, only with the Local IP “192.168.0.200”.

After a lot of research, accessing the containers themselves, I have seen that the nginx user of the invoiceninja is 1500:1500, but the ninja_nginx user is 101:101, so I don’t know if this is where the error is coming from.

I have made a chown -R 101:101 public and storage, and if I get that I no longer get the 403 error, but then I get a 404 error.

I don’t know what else to try.

@david do you have any suggestions?

I’m not an expert with docker + traefik, i do have a reference from the dockerfiles repo however from a user who was able to get traefik working:

This may help.