CrewLink-server
CrewLink-server copied to clipboard
provide a working example for HTTPS (Docker)
Can someone provide a working example for the https connection?
I build the docker container with this docker-compose.yml
:
version: "3.8"
services:
server:
build: .
image: ottomated/crewlink-server:build
container_name: crewlinkserver
ports:
- 9736:9736
expose:
- 9736
environment:
ADDRESS: "https://sub.domain.com"
NAME: sub
HTTPS: #Enables https. You must place privkey.pem and fullchain.pem in your CWD.
# SSLPATH: Specifies an alternate path to SSL certificates.
restart: unless-stopped
Exact steps:
git clone https://github.com/ottomated/crewlink-server.git
cd crewlink-server
#create docker-compose.yaml with the content above
sudo docker-compose up -d
Basically this works. I (and everyone else) can connect to http://sub.domain.com:9736
. Also this websites shows up:
CrewLink Server
This is a CrewLink Server running on https://sub.domain.com.
There are currently 0 connected users.
To launch your own server, click here.
Please notice the https!
Now i want to use https
. But right now i can only access the voice relay chat over http
. Many questions here, because the Readme.md
didn't provide a good example for this:
- Is
HTTPS:
enough? Or is this a boolean likeHTTPS: true
? - What is the
CWD
in this case? The crewlink-server directory? - Please provide a working example of how to create
privkey.pem
andfullchain.pem
My domain https://sub.domain.com
has actually a lets encrypt certificate, created with a service of my domain provider. So https://sub.domain.com
is reachable with the browser.
So, short: Please provide a working example for creating privkey.pem
and fullchain.pem
and for the https connection (docker-compose).
I got it working as follows:
- Put
privkey.pem
andfullchain.pem
somewhere inside the container, e.g. using a volume. - Fill
SSLPATH
with the path where you putprivkey.pem
andfullchain.pem
. - Expose port 443 instead of 9736, that's used for HTTPS.
For the server address, use https://sub.domain.com
without a port number.
If you created the Let's Encrypt certificate with a service from your domain provider you might be able to download privkey.pem
and fullchain.pem
from them somewhere. You could also generate them yourself using Certbot with the command certbot certonly
, however you'll need to search for more detailed instructions on that. Also note that the Let's Encrypt certificates are only valid for 3 months so you'll have to renew them in time or make it automatic.
Edit: my service looks like this:
crewlink:
image: crewlink
environment:
ADDRESS: mydomain.com
HTTPS: "true"
SSLPATH: /letsencrypt/
ports:
- 9736:9736
- 443:443
volumes:
- ./letsencrypt/:/letsencrypt/
@mhvis i give it a try and get back to you in the next days
I was struggling a couple of days with it, because my knowledge in reverse proxy etc is very bad. What i did now is install nginx proxy manager and setup an reverse proxy to the crewlink server link.
Only what i did is -e address=subdomain.mydomain.tld i can connect with the application but only need to test it with others.
that one has worked for me
version: "3"
services:
server:
build: .
image: ottomated/crewlink-server:build
container_name: crewlinkserver
volumes:
- /etc/letsencrypt/:/letsencrypt/
ports:
- 9736:9736
- 443:443
expose:
- 9736
- 443
environment:
ADDRESS: "https://crewlink.domain.tld"
NAME: crewlink
HTTPS: "true" #Enables https. You must place privkey.pem and fullchain.pem in your CWD.
SSLPATH: /letsencrypt/live/crewlink.domain.tld/ #Specifies an alternate path to SSL certificates.
restart: unless-stopped
but I had to change the folders rights for /etc/lentsecrypt/live and archive to 705. Archive because in the live folder are only symlinks :(
chmod -R 705 /etc/letsencrypt/{archive,live}