docker compose: add nginx-proxy profile with auto-ssl#282
docker compose: add nginx-proxy profile with auto-ssl#282ChrisJohnNOAA merged 1 commit intoERDDAP:mainfrom
Conversation
Adds an `nginx-proxy` profile to the example docker-compose.yml which manages automatic creation and renewal of letsencrypt SSL certificates using HTTP-01 ACME challenges. At least partially addresses ERDDAP#249
|
I dunno why the build is failing when only Maybe third time's the charm? |
ChrisJohnNOAA
left a comment
ChrisJohnNOAA
left a comment
There was a problem hiding this comment.
Looking over this it looks good. I'd like to go through running it locally before I merge it and that will probably need to wait till next week.
Thanks so much for this!
|
Sounds good! Let me know if you run into any issues. |
So I know getting certificates for localhost is extremely complicated. This doesn't do anything to support that, correct? But it should just work if they actually own a domain and set the .env properly? |
Correct, this does not cover self-signed certificates. An admin would need to generate a self-signed cert themselves, set up a nginx or other webserver configuration using that cert, and also install and trust that cert on any devices they wanted to use to connect to their ERDDAP (i.e. they'd need to know their way around PKI already). The approach in this PR supports any public hostname, including dynamic DNS hostnames like Duck DNS. |
ChrisJohnNOAA
left a comment
ChrisJohnNOAA
left a comment
There was a problem hiding this comment.
It'd be great to support localhost for development, but that's not worth the complication since it's not needed for anything in development.
2 participants
Description
Adds an
nginx-proxyprofile to the example docker-compose.yml which manages automatic creation and renewal of letsencrypt SSL certificates using HTTP-01 ACME challenges.At least partially addresses #249
Type of change
Please delete options that are not relevant.
Checklist before requesting a review