-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding section to generate SSL certificats with Traefik #41
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -579,6 +579,47 @@ traefik: | |
entrypoints.otherentrypoint.address: ':9000' | ||
``` | ||
|
||
## Generate SSL certificates with Letsencrypt | ||
|
||
You can use Traefik to generate SSL certificates automatically with [Letsencrypt](https://letsencrypt.org/): | ||
|
||
```yaml | ||
# Deploy to these servers. | ||
servers: | ||
web: | ||
hosts: | ||
- 192.168.0.1 | ||
labels: | ||
traefik.http.routers.hey-web.entrypoints: websecure | ||
traefik.http.routers.hey-web.rule: Host(`example.com`) | ||
traefik.http.routers.hey-web.tls.certresolver: letsencrypt | ||
|
||
# Configure custom arguments for Traefik | ||
traefik: | ||
options: | ||
publish: | ||
- "443:443" | ||
volume: | ||
- "/letsencrypt/acme.json:/letsencrypt/acme.json" | ||
args: | ||
entryPoints.web.address: ":80" | ||
entryPoints.websecure.address: ":443" | ||
entryPoints.web.http.redirections.entryPoint.to: websecure | ||
entryPoints.web.http.redirections.entryPoint.scheme: https | ||
entryPoints.web.http.redirections.entrypoint.permanent: true | ||
Comment on lines
+607
to
+609
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. These lines will ensure that all There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If using Rails and There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Seems to work for me with just |
||
certificatesResolvers.letsencrypt.acme.email: "example@hey.com" | ||
certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" | ||
certificatesResolvers.letsencrypt.acme.httpchallenge: true | ||
certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web | ||
``` | ||
|
||
Also, create the `acme.json` file and give it correct permissions on each hosts: | ||
```bash | ||
$ mkdir -p /letsencrypt && touch /letsencrypt/acme.json && chmod 600 /letsencrypt/acme.json | ||
``` | ||
Comment on lines
+616
to
+619
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think it would be nice to clarify that the file should be created before deploying otherwise we would be mounting a volume on a file that does not exist, which creates a directory and will prevent all of this from working – plus, it's hard to understand why. I was thinking on something like this:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If you do
instead, you do not have to create the file beforehand. Is there a downside to that approach? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hmm no, I cannot think of any downside 🤔 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I can confirm using:
in |
||
|
||
Now you can access your app throught `https`. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
|
||
## Configuring build args for new images | ||
|
||
Build arguments that aren't secret can also be configured: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be "Let's Encrypt" rather than "Letsencrypt"