New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a docker-compose & let's encrypt user-guide #5121
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Good job. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your time.
It's a little bit too raw:
- The purpose of the guide is to explain LE with Docker so the use of the provider File does not seem appropriate.
- the guide is not sync with the beta version
- some points are a little ambiguous
I would prefer a simpler user guide based on something like this:
version: "3.3"
services:
traefik:
image: "traefik:v2.0.0-beta1"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --api.dashboard=true
- --providers.docker=true
- --global.sendAnonymousUsage=true
- --certificatesresolvers.basic.acme.email=postmaster@mydomain.com
- --certificatesresolvers.basic.acme.storage=/acme.json
- --certificatesresolvers.basic.acme.tlsChallenge
ports:
- "80:80"
- "443:443"
- "8080:8080"
labels:
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
volumes:
- "./acme.json:/acme.json"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: containous/whoami
labels:
- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=basic"
Thanks for your review, I'll try to revamp this during the weekend. |
This comment has been minimized.
This comment has been minimized.
@ldez Hi again =) Thanks.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @pbenefice,
thanks once again.
I did reread your guide and I'm a bit cocerned about the DNS Challenge section, as the variables to set and stuff differ per DNS provider.
Maybe we could replace this with the TLS Challenge? WDYT?
Hi @SantoDE, thanks for your feedback. IMHO the DNS challenge is important. It is the only challenge allowing for wildcard cert generation and it does not require to be directly exposed to the internet. I can add a section detailing the TLS challenge if you wish, but my opinion is that the DNS one has real advantages and should be introduced (which doesn't force users to adopt it). Edit : I could also split the guide to add a docker-compose section, with a page for the http challenge, a page for dns, ... It might be less confusing and easier to read for user interested in specific challenges, WDTY ? |
Hey @pbenefice, I agree. That would be a nice idea :) And yeah, maybe we make it clear that the DNS stuff changes per provider (values). I also think detailing TLS might be a good idea :) |
Well, I did something wrong with git, and lost all the work ^^ |
Thanks @SantoDE WDTY ? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for all you hard work! LGTM to me 👼
ping @dduportal
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
What does this PR do?
Addind a User Guide to the existing documentation giving an example with docker-compose and let's encrypt
behind a basic authMotivation
https://community.containo.us/t/a-global-http-https-redirection/864More
Added/updated testsAdditional Notes
I wanted to know if you could be interested in this ?
If yes, feel free to give me feedback =) (I did it quite quickly)
Thanks.