sesdashboard
sesdashboard copied to clipboard
Nikeev
Lets Encrypt SSL
Hello, is there a Guide to install SSL Let´s Encrypt Certicate? I install Sesdashboard over AWS.
Thank you Dany
Hello!
Unfortunately, there is no Let´s Encrypt SSL install guide for SesDashboard. But you could use third party guides for common nginx with docker installation. I found this one: https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 I didn't try it myself, but it looks fine to me.
In the future I'm planning to improve installation and add ssl support, but there is no estimation time for that.
Thanks.
Here's an example on how I edited the docker-compose.yml file to set it up with traefik:
services:
mysql:
restart: always
env_file:
- ./.env.local
image: mysql:8
container_name: sesdashboard-mysql
working_dir: /application
volumes:
- .:/application
- sesdashboard-mysql-datavolume:/var/lib/mysql
# ports:
# - "8085:3306"
logging:
driver: "json-file"
options:
max-size: "50m"
webserver:
restart: always
image: nginx:alpine
container_name: sesdashboard-webserver
working_dir: /application
volumes:
- .:/application
- ./phpdocker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
ports:
- "80"
labels:
- "traefik.enable=true"
- "traefik.http.routers.admin.rule=Host(`sesdashboard.xxxxx.com`)"
- "traefik.http.routers.admin.entrypoints=websecure"
- "traefik.http.routers.admin.tls.certresolver=myresolver"
logging:
driver: "json-file"
options:
max-size: "50m"
php-fpm:
restart: always
build: phpdocker/php-fpm
container_name: sesdashboard-php-fpm
working_dir: /application
volumes:
- .:/application
- ./phpdocker/php-fpm/php-ini-overrides.ini:/etc/php/7.4/fpm/conf.d/99-overrides.ini
logging:
driver: "json-file"
options:
max-size: "50m"
traefik:
image: traefik:2.9
restart: unless-stopped
ports:
- "443:443"
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "[email protected]"
- "--certificatesresolvers.myresolver.acme.storage=/ssl/acme.json"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/ssl:/ssl
logging:
driver: "json-file"
options:
max-size: "50m"
volumes:
sesdashboard-mysql-datavolume:
driver: local
It would be easier with Caddy (vs Let´s Encrypt). Here's an example: https://github.com/samyogdhital/listmonk-caddy-reverse-proxy - you just add some lines to the docker-compose.yml and then edit the simple caddy file.
The easiest might be to just copy jgimenez's traefik config.
@jgimenez Based on that config, you have no external/global version of nginx running right? I'm installing this on an nginx vhost so I get Error starting userland proxy: listen tcp4 0.0.0.0:443: bind: address already in use when I use your config. So I changed the ports like this:
webserver:
restart: unless-stopped
image: nginx:alpine
container_name: sesdashboard-webserver
working_dir: /application
volumes:
- .:/application
- ./phpdocker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
ports:
- "82:80"
traefik:
image: traefik:2.9
restart: unless-stopped
ports:
- "8443:443"
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
Along with a basic proxy pass to port 82 in the vhost nginx config:
server {
listen 443 ssl;
server_name sesdashboard.example.com;
location / {
proxy_pass http://127.0.0.1:82;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name sesdashboard.example.com;
location / {
return 301 https://$host$request_uri;
}
}
Does that seem correct?
It's resulting in a "file not found" error https://github.com/Nikeev/sesdashboard/issues/68#issuecomment-2024271944.
If I change "82:80" to just "80" or "82", like you have it, I get a 502 error instead. I've tried disabling my firewall to no avail.
Changing --entrypoints.websecure.address=:443 to 8443 makes no difference.
Looking at this caddy setup for comparison https://github.com/samyogdhital/listmonk-caddy-reverse-proxy/blob/main/docker-compose.yml, they map it to app:9000 https://github.com/samyogdhital/listmonk-caddy-reverse-proxy/blob/main/caddy/Caddyfile. Would the equivalent of that be webserver:82?
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
498da6b21b59 traefik:2.9 "/entrypoint.sh --pr…" 3 hours ago Up 3 hours 80/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp sesdashboard-traefik-1
8adc9120c3dd nginx:alpine "/docker-entrypoint.…" 3 hours ago Up 3 hours 0.0.0.0:82->80/tcp, :::82->80/tcp sesdashboard-webserver
f22e95623bc8 sesdashboard-php-fpm "/usr/sbin/php-fpm8.…" 29 hours ago Up 3 hours 9000/tcp sesdashboard-php-fpm
1afbe03b4a3b mysql:8.0 "docker-entrypoint.s…" 29 hours ago Up 3 hours 3306/tcp, 33060/tcp sesdashboard-mysql
I'm doubtful that matters though.
They remove the main 9000 port from the docker-compose file, but sesdashboard doesn't have a config.toml, and that's where the 9000 port is https://github.com/samyogdhital/listmonk-caddy-reverse-proxy/blob/main/config.toml. Does it have something equivalent that has a port?