Add HTTPS support with Let's Encrypt Certificate
Closed this issue · 6 comments
Looks like the time has come
That's coincidence :)
I tried a setup with nginx-proxy and https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
I'm getting things working and I can connect over my public domain, but I get following error while configuring the postgres db:
Could not connect to PostgreSQL server.
the connection attempt failed. (after 10 attempt(s); total time spent waiting 477.416 ms; driver version 42.1; java.version=1.8.0_131; jdk.tls.client.protocols=[]; jdk.certpath.disabledalgorithms=[md2, md5, rsa keysize < 1024, dsa keysize < 1024, ec keysize < 224]; jdk.tls.disabledalgorithms=[sslv3, rc4, md5withrsa, dh keysize < 768, ec keysize < 224])
SQL exception: The connection attempt failed. (after 10 attempt(s); total time spent waiting 477.416 ms; driver version 42.1; java.version=1.8.0_131; jdk.tls.client.protocols=[]; jdk.certpath.disabledAlgorithms=[MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224]; jdk.tls.disabledAlgorithms=[SSLv3, RC4, MD5withRSA, DH keySize < 768, EC keySize < 224])
Oops, sorry disregard my last mail, it works great. I forget to specify a virtual network for the postgress service in the docker-compose file.
Happy to share the adapted docker-compose.yml with you.
version: '2'
volumes:
postgres_data: {}
postgres_backup: {}
teamcity_server_data: {}
teamcity_server_logs: {}
services:
postgres:
build: ./postgres
volumes:
- postgres_data:/var/lib/postgresql/data
- postgres_backup:/backups
env_file: .env
restart: always
networks:
- reverse-proxy
teamcity-server:
build: ./server
volumes:
- teamcity_server_data:/data/teamcity_server/datadir
- teamcity_server_logs:/opt/teamcity/logs
networks:
- reverse-proxy
environment:
- VIRTUAL_HOST=abc.xyz.com
- LETSENCRYPT_EMAIL=paul@unknown.com
- LETSENCRYPT_HOST=abc.xyz.com
expose:
- "8111"
depends_on:
- postgres
env_file: .env
restart: always
teamcity-agent:
image: jetbrains/teamcity-minimal-agent
env_file: .env
restart: always
networks:
reverse-proxy:
external:
name: reverse-proxy
@paulvanbladel Thank you for your help. Looks like nginx-proxy is the most right way to do this.
Unfortunately I haven't free time right now. I'll try to add HTTPs support and update readme soon. However, if you are interested and you have time, you could make PR ;)
Vadim,
Nice,
Just wondering, is this setup not assuming now that on your docker host, ONLY teamcity will run together with the reverse-proxy (and the cool automatic cert renew service) ?
So, the point is that the nginx-proxy and lets-encrypt monitor in a way docker containers that are added on that machine. So, my feeling is that these 2 guys should be started in a separate docker-compose in such a way when you do a docker-compose down of teamcity not all other services are impacted because the nginx stuff is down. See what I mean?
I might have some time later this week and play with it and report back.
Thanks a lot already for the great work.
Cheers
@paulvanbladel Yep, you're right.
This configuration assume only TC App for proxying.
If I got your message correct, you're talking about using nginx proxy for few App's on the same host, not only TC. Probably it makes sense. But ussualy, in my cases, I need just one CI server on just one instance.
I might have some time later this week and play with it and report back.
Nice idea!
If you may propose more universal solution, I'll be glad to discuss it.