Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add https option to docker compose files #559

Closed
prasadtalasila opened this issue Feb 25, 2024 · 4 comments
Closed

Add https option to docker compose files #559

prasadtalasila opened this issue Feb 25, 2024 · 4 comments
Labels
enhancement New feature or request
Milestone
Release v0.6.0

Comments

@prasadtalasila
Copy link
Contributor

The current docker compose only works for http. This needs to be updated for two scenarios.

  1. Direct https installation
  2. http installation behind reverse proxy terminating https connection
@prasadtalasila prasadtalasila added the enhancement New feature or request label Feb 25, 2024
@prasadtalasila prasadtalasila added this to the Release v0.5.0 milestone Feb 25, 2024
@prasadtalasila
Copy link
Contributor Author

relevant notes from issue #303

The standard installation does not use HTTPS certificates. Add instructions in admin--> guides for

  1. add self-signed (ssl/) / LetsEncrypt certificates
  2. add or remove TLS certificates to gateway

@prasadtalasila prasadtalasila mentioned this issue Feb 28, 2024
Closed
@prasadtalasila
Copy link
Contributor Author

The traefik is configuring routes for other containers running on the system. For example,

Active docker containers ```log root@dtaas:~/DTaaS/docker# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ebbf7538806e intocps/dtaas-web:latest "docker-entrypoint.s…" 11 minutes ago Up 11 minutes docker-client-1 0b89ec2f21de traefik:v2.10 "/entrypoint.sh --lo…" 11 minutes ago Up 11 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp docker-traefik-1 0b5224d39d7b influxdb:2.7 "/entrypoint.sh infl…" 3 hours ago Up 3 hours 0.0.0.0:8090->8086/tcp, :::8090->8086/tcp influxdb 4bde32418418 gitlab/gitlab-ce:16.4.1-ce.0 "/assets/wrapper" 2 days ago Up 2 days (healthy) 22/tcp, 443/tcp, 0.0.0.0:8086->80/tcp, :::8086->80/tcp gitlab ```

and the resulting docker-traefik log:

Traefik logs ```log time="2024-05-10T14:05:14Z" level=info msg="Configuration loaded from flags." time="2024-05-10T14:05:14Z" level=info msg="Traefik version 2.10.7 built on 2023-12-06T15:54:59Z" ...... ...... time="2024-05-10T14:05:14Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web web-secure]" routerName=client time="2024-05-10T14:05:14Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web web-secure]" routerName=gitlab time="2024-05-10T14:05:14Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web web-secure]" routerName=influxdb time="2024-05-10T14:05:14Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web web-secure]" routerName=traefik-docker time="2024-05-10T14:05:14Z" level=debug msg="Creating middleware" routerName=gitlab@docker middlewareName=pipelining middlewareType=Pipelining serviceName=gitlab entryPointName=web time="2024-05-10T14:05:14Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=gitlab@docker serviceName=gitlab time="2024-05-10T14:05:14Z" level=debug msg="Creating server 0 http://172.17.0.2:22" routerName=gitlab@docker serviceName=gitlab serverName=0 entryPointName=web time="2024-05-10T14:05:14Z" level=debug msg="child http://172.17.0.2:22 now UP" time="2024-05-10T14:05:14Z" level=debug msg="Propagating new UP status" time="2024-05-10T14:05:14Z" level=debug msg="Added outgoing tracing middleware gitlab" middlewareType=TracingForwarder entryPointName=web routerName=gitlab@docker middlewareName=tracing time="2024-05-10T14:05:14Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=web routerName=influxdb@docker serviceName=influxdb middlewareName=pipelining time="2024-05-10T14:05:14Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=influxdb@docker serviceName=influxdb time="2024-05-10T14:05:14Z" level=debug msg="Creating server 0 http://172.17.0.3:8086" serverName=0 entryPointName=web routerName=influxdb@docker serviceName=influxdb time="2024-05-10T14:05:14Z" level=debug msg="child http://172.17.0.3:8086 now UP" time="2024-05-10T14:05:14Z" level=debug msg="Propagating new UP status" time="2024-05-10T14:05:14Z" level=debug msg="Added outgoing tracing middleware influxdb" entryPointName=web routerName=influxdb@docker middlewareName=tracing middlewareType=TracingForwarder time="2024-05-10T14:05:14Z" level=debug msg="Creating middleware" serviceName=traefik-docker middlewareType=Pipelining middlewareName=pipelining entryPointName=web routerName=traefik-docker@docker time="2024-05-10T14:05:14Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=traefik-docker@docker serviceName=traefik-docker time="2024-05-10T14:05:14Z" level=debug msg="Creating server 0 http://172.18.0.3:80" entryPointName=web routerName=traefik-docker@docker serviceName=traefik-docker serverName=0 time="2024-05-10T14:05:14Z" level=debug msg="child http://172.18.0.3:80 now UP" time="2024-05-10T14:05:14Z" level=debug msg="Propagating new UP status" time="2024-05-10T14:05:14Z" level=debug msg="Added outgoing tracing middleware traefik-docker" routerName=traefik-docker@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=web time="2024-05-10T14:05:14Z" level=debug msg="Creating middleware" entryPointName=web routerName=client@docker serviceName=client middlewareName=pipelining middlewareType=Pipelining time="2024-05-10T14:05:14Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=client@docker serviceName=client time="2024-05-10T14:05:14Z" level=debug msg="Creating server 0 http://172.18.0.2:4000" serverName=0 entryPointName=web routerName=client@docker serviceName=client time="2024-05-10T14:05:14Z" level=debug msg="child http://172.18.0.2:4000 now UP" time="2024-05-10T14:05:14Z" level=debug msg="Propagating new UP status" time="2024-05-10T14:05:14Z" level=debug msg="Added outgoing tracing middleware client" middlewareType=TracingForwarder entryPointName=web routerName=client@docker middlewareName=tracing time="2024-05-10T14:05:14Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery time="2024-05-10T14:05:14Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web-secure time="2024-05-10T14:05:14Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder time="2024-05-10T14:05:14Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder time="2024-05-10T14:05:14Z" level=debug msg="Creating middleware" middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal time="2024-05-10T14:05:14Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal time="2024-05-10T14:05:14Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal ```

There are two possibilities here. We either take advantage of this feature to simplify the docker compose files or tighten the docker compose configuration to disable this labeling behavior from traefik. This default labeling behavior is a good design choice but users may face problems with attaching their docker containers to a DTaaS installation.

@prasadtalasila
Copy link
Contributor Author

Problems arise if the DTaaS is running over https and gitlab is running over http. The following error comes in the browser console:

JsonService.ts:53 Mixed Content: The page at 'https://foo.com/' was loaded over HTTPS, but requested an insecure resource 'http://gitlab.foo.com/.well-known/openid-configuration'. This request has been blocked; the content must be served over HTTPS.
fetchWithTimeout @ JsonService.ts:53
Show 1 more frame

@prasadtalasila prasadtalasila mentioned this issue May 11, 2024
Closed
@prasadtalasila prasadtalasila removed this from the Release v0.5.0 milestone Jun 3, 2024
@prasadtalasila prasadtalasila added this to the Release v0.6.0 milestone Jun 19, 2024
@prasadtalasila prasadtalasila mentioned this issue Jul 5, 2024
Merged
@prasadtalasila
Copy link
Contributor Author

completed in PR #855

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Digital Twin as a Service
Status: Done
Milestone
Release v0.6.0
Development

No branches or pull requests
2 participants
@prasadtalasila @astitva1905