CrewLink-server
CrewLink-server copied to clipboard
ottomated
provide a working example for HTTPS (Docker)
Can someone provide a working example for the https connection?
I build the docker container with this docker-compose.yml:
version: "3.8"
services:
server:
build: .
image: ottomated/crewlink-server:build
container_name: crewlinkserver
ports:
- 9736:9736
expose:
- 9736
environment:
ADDRESS: "https://sub.domain.com"
NAME: sub
HTTPS: #Enables https. You must place privkey.pem and fullchain.pem in your CWD.
# SSLPATH: Specifies an alternate path to SSL certificates.
restart: unless-stopped
Exact steps:
git clone https://github.com/ottomated/crewlink-server.git
cd crewlink-server
#create docker-compose.yaml with the content above
sudo docker-compose up -d
Basically this works. I (and everyone else) can connect to http://sub.domain.com:9736. Also this websites shows up:
CrewLink Server
This is a CrewLink Server running on https://sub.domain.com.
There are currently 0 connected users.
To launch your own server, click here.
Please notice the https!
Now i want to use https. But right now i can only access the voice relay chat over http. Many questions here, because the Readme.md didn't provide a good example for this:
- Is
HTTPS:enough? Or is this a boolean likeHTTPS: true? - What is the
CWDin this case? The crewlink-server directory? - Please provide a working example of how to create
privkey.pemandfullchain.pem
My domain https://sub.domain.com has actually a lets encrypt certificate, created with a service of my domain provider. So https://sub.domain.com is reachable with the browser.
So, short: Please provide a working example for creating privkey.pem and fullchain.pem and for the https connection (docker-compose).
I got it working as follows:
- Put
privkey.pemandfullchain.pemsomewhere inside the container, e.g. using a volume. - Fill
SSLPATHwith the path where you putprivkey.pemandfullchain.pem. - Expose port 443 instead of 9736, that's used for HTTPS.
For the server address, use https://sub.domain.com without a port number.
If you created the Let's Encrypt certificate with a service from your domain provider you might be able to download privkey.pem and fullchain.pem from them somewhere. You could also generate them yourself using Certbot with the command certbot certonly, however you'll need to search for more detailed instructions on that. Also note that the Let's Encrypt certificates are only valid for 3 months so you'll have to renew them in time or make it automatic.
Edit: my service looks like this:
crewlink:
image: crewlink
environment:
ADDRESS: mydomain.com
HTTPS: "true"
SSLPATH: /letsencrypt/
ports:
- 9736:9736
- 443:443
volumes:
- ./letsencrypt/:/letsencrypt/
I was struggling a couple of days with it, because my knowledge in reverse proxy etc is very bad. What i did now is install nginx proxy manager and setup an reverse proxy to the crewlink server link.
Only what i did is -e address=subdomain.mydomain.tld i can connect with the application but only need to test it with others.
that one has worked for me
version: "3"
services:
server:
build: .
image: ottomated/crewlink-server:build
container_name: crewlinkserver
volumes:
- /etc/letsencrypt/:/letsencrypt/
ports:
- 9736:9736
- 443:443
expose:
- 9736
- 443
environment:
ADDRESS: "https://crewlink.domain.tld"
NAME: crewlink
HTTPS: "true" #Enables https. You must place privkey.pem and fullchain.pem in your CWD.
SSLPATH: /letsencrypt/live/crewlink.domain.tld/ #Specifies an alternate path to SSL certificates.
restart: unless-stopped
but I had to change the folders rights for /etc/lentsecrypt/live and archive to 705. Archive because in the live folder are only symlinks :(
chmod -R 705 /etc/letsencrypt/{archive,live}
