Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lets Encrypt SSL #52

Open
djcroman opened this issue Nov 19, 2022 · 5 comments
Open

Lets Encrypt SSL #52

djcroman opened this issue Nov 19, 2022 · 5 comments

Comments

@djcroman
Copy link

Hello,
is there a Guide to install SSL Let´s Encrypt Certicate?
I install Sesdashboard over AWS.

Thank you
Dany
@Nikeev
Copy link
Owner

Nikeev commented Nov 20, 2022

Hello!

Unfortunately, there is no Let´s Encrypt SSL install guide for SesDashboard. But you could use third party guides for common nginx with docker installation. I found this one: https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 I didn't try it myself, but it looks fine to me.

In the future I'm planning to improve installation and add ssl support, but there is no estimation time for that.

Thanks.

@jgimenez
Copy link

jgimenez commented Dec 13, 2022
edited
Loading

Here's an example on how I edited the docker-compose.yml file to set it up with traefik:

services:

    mysql:
      restart: always
      env_file:
        - ./.env.local
      image: mysql:8
      container_name: sesdashboard-mysql
      working_dir: /application
      volumes:
        - .:/application
        - sesdashboard-mysql-datavolume:/var/lib/mysql
#      ports:
#        - "8085:3306"
      logging:
        driver: "json-file"
        options:
          max-size: "50m"

    webserver:
      restart: always
      image: nginx:alpine
      container_name: sesdashboard-webserver
      working_dir: /application
      volumes:
          - .:/application
          - ./phpdocker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
      ports:
        - "80"
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.admin.rule=Host(`sesdashboard.xxxxx.com`)"
        - "traefik.http.routers.admin.entrypoints=websecure"
        - "traefik.http.routers.admin.tls.certresolver=myresolver"
      logging:
        driver: "json-file"
        options:
          max-size: "50m"

    php-fpm:
      restart: always
      build: phpdocker/php-fpm
      container_name: sesdashboard-php-fpm
      working_dir: /application
      volumes:
        - .:/application
        - ./phpdocker/php-fpm/php-ini-overrides.ini:/etc/php/7.4/fpm/conf.d/99-overrides.ini
      logging:
        driver: "json-file"
        options:
          max-size: "50m"

    traefik:
      image: traefik:2.9
      restart: unless-stopped
      ports:
        - "443:443"
      command:
        - "--providers.docker=true"
        - "--providers.docker.exposedbydefault=false"
        - "--entrypoints.websecure.address=:443"
        - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
        - "[email protected]"
        - "--certificatesresolvers.myresolver.acme.storage=/ssl/acme.json"
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./traefik/ssl:/ssl
      logging:
        driver: "json-file"
        options:
          max-size: "50m"

volumes:
  sesdashboard-mysql-datavolume:
    driver: local

@MaximilianKohler
Copy link

MaximilianKohler commented Mar 27, 2024
edited
Loading

It would be easier with Caddy (vs Let´s Encrypt). Here's an example: https://github.com/samyogdhital/listmonk-caddy-reverse-proxy - you just add some lines to the docker-compose.yml and then edit the simple caddy file.

The easiest might be to just copy jgimenez's traefik config.

This was referenced Mar 27, 2024
Closed
Closed
@MaximilianKohler
Copy link

@jgimenez Based on that config, you have no external/global version of nginx running right? I'm installing this on an nginx vhost so I get Error starting userland proxy: listen tcp4 0.0.0.0:443: bind: address already in use when I use your config. So I changed the ports like this:

    webserver:
      restart: unless-stopped
      image: nginx:alpine
      container_name: sesdashboard-webserver
      working_dir: /application
      volumes:
          - .:/application
          - ./phpdocker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
      ports:
       - "82:80"

    traefik:
      image: traefik:2.9
      restart: unless-stopped
      ports:
        - "8443:443"
      command:
        - "--providers.docker=true"
        - "--providers.docker.exposedbydefault=false"
        - "--entrypoints.websecure.address=:443"

Along with a basic proxy pass to port 82 in the vhost nginx config:

server {
	    listen              443 ssl;
		server_name			sesdashboard.example.com; 

  location / {
        proxy_pass  http:https://127.0.0.1:82;
     proxy_set_header   Host            $http_host;
     proxy_set_header   X-Real-IP       $remote_addr;
     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;  
    }

}

server {
    listen              80;
	server_name			sesdashboard.example.com; 
	  location / {
return 301 https://$host$request_uri;
	  }
}

Does that seem correct?

It's resulting in a "file not found" error #68 (comment).

If I change "82:80" to just "80" or "82", like you have it, I get a 502 error instead. I've tried disabling my firewall to no avail.

Changing --entrypoints.websecure.address=:443 to 8443 makes no difference.

@MaximilianKohler
Copy link

MaximilianKohler commented Mar 29, 2024
edited
Loading

Looking at this caddy setup for comparison https://github.com/samyogdhital/listmonk-caddy-reverse-proxy/blob/main/docker-compose.yml, they map it to app:9000 https://github.com/samyogdhital/listmonk-caddy-reverse-proxy/blob/main/caddy/Caddyfile. Would the equivalent of that be webserver:82?

docker ps
CONTAINER ID   IMAGE                              COMMAND                  CREATED        STATUS       PORTS                                             NAMES
498da6b21b59   traefik:2.9                        "/entrypoint.sh --pr…"   3 hours ago    Up 3 hours   80/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp   sesdashboard-traefik-1
8adc9120c3dd   nginx:alpine                       "/docker-entrypoint.…"   3 hours ago    Up 3 hours   0.0.0.0:82->80/tcp, :::82->80/tcp                 sesdashboard-webserver
f22e95623bc8   sesdashboard-php-fpm               "/usr/sbin/php-fpm8.…"   29 hours ago   Up 3 hours   9000/tcp                                          sesdashboard-php-fpm
1afbe03b4a3b   mysql:8.0                          "docker-entrypoint.s…"   29 hours ago   Up 3 hours   3306/tcp, 33060/tcp                               sesdashboard-mysql

I'm doubtful that matters though.

They remove the main 9000 port from the docker-compose file, but sesdashboard doesn't have a config.toml, and that's where the 9000 port is https://github.com/samyogdhital/listmonk-caddy-reverse-proxy/blob/main/config.toml. Does it have something equivalent that has a port?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jgimenez @Nikeev @MaximilianKohler @djcroman