-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better SSL integration #158
Comments
I would just submit the PR. I have done this already for other parts. Adding and expose for port 443 would make a ton of sense. |
Hi @PabloVallejo, thanks for bringing this up. I think SSL is super important for us to have great built in support for. Your suggestion got me thinking, and I would like to propose and track a few items to level up 🍄 the use of SSL in the Cachet Docker image.
|
If you'd like to keep a modular design, maybe you would prefer to have an nginx in front of Cachet and keep this image simple. I use jwilder/nginx-proxy in a docker-compose like this, this image even has the option to use Let's Encrypt to automatically generate the certificates:
Also there are other options like Traefik. |
https://github.com/jwilder/nginx-proxy is my preferred solution, however I think #271 may need to be addressed upstream first. |
Hi, I'm having almost the same issue. I use the docker image, exposed with traefik (which handle letencrypts). However while I start the docker with |
I posted this on the main CachetHQ project but I'll share my custom solution to this here. I have OpenLiteSpeed acting as a reverse proxy for all of my docker web apps with LetsEncrypt. In order to make this script function without editing the php file for allowed hosts I used OpenLiteSpeed's mod rewrite functionality which is similar to Apache. I'm posting this here as I don't know git well enough to do a pull/merge or what ever it is. However I'm hoping that in the future this little bit of code will help people. While this isn't probably the preferred method for this, I noticed a few posts about it when I was going through the list of issues. I'm sure someone could take this and modify it to work out of the box with most web servers. This one is for Cachet-Proxy vhost This one is for the Docker-Proxy (Portainer) vhost That being said I actually run OpenLiteSpeed + Certbot on the docker host natively. Since I'm using it as a reverse proxy I only have to open 80:443:8443(OLS Admin) on that VPS. Since OpenLiteSpeed has a web interface for the backend while I'm building my docker images I'm usually proactively thinking about how/where I am going to set OpenLiteSpeed up for that application. You can test my configuration on my Cachet Page. I by no means am not a linux/docker expert but I can try and answer questions if you need help. |
Why not using Caddy as a sidecar container in front of Cachet ? https://caddyserver.com/ |
@sadortun Forgive the stupid question, but how would you go forward with this? |
Sidecar are deployed on the same Pod as the Cachet Pod and it in the path of the network to take up the SSL work from what I understand. In the Deployment yaml you would spell out 2 containers with the sidecar bing the inbound first touch container. |
Caddy would be a no-go, because it's not free for commercial usage. |
What if we simply allowed a user to at least drop an SSL cert in the conf folder, or something? |
Workaround: within
along with the rest |
I'm getting this too. I have cachet behind SSL terminating load balancer.
|
this fixed the issue for me |
I've successfully added SSL to the status page, I had to modify Dockerfile so that it copied the ssl files to the container.
Does adding an empty folder (conf/ssl) that is then copied in Dockerfile and also exposing port 443 make sense to you, if yes I can add a PR with those changes so that other users can setup setup connections easily.
Thanks,
The text was updated successfully, but these errors were encountered: