Clarify TLS label on server deployment
yamalight opened this issue · 2 comments
yamalight commented
Better document server label:
--label traefik.http.routers.exoframe-server.tls.certresolver=exoframeChallenge
Needs to be specified only when letsencrypt is enabled. Otherwise it should be removed.
Maybe split the deployment into two parts (with/without letsencrypt)? 🤔
yamalight commented
Also clarify that http->https redirect on exoframe-server deployment needs to be added manually with following labels:
--label traefik.http.middlewares.exoframe-server-redirect.redirectscheme.scheme=https
--label traefik.http.routers.exoframe-server-web.entrypoints=web
--label traefik.http.routers.exoframe-server-web.middlewares=exoframe-server-redirect@docker
--label traefik.http.routers.exoframe-server.entrypoints=websecure
// possibly also:
--label traefik.http.routers.exoframe-server-web.rule=Host(`your.domain`)
yamalight commented
Full set of flags:
docker run -d \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /upb/users/e/ermilov/profiles/unix/cs/.exoframe:/root/.exoframe \
-v /upb/users/e/ermilov/profiles/unix/cs/.ssh/authorized_keys:/root/.ssh/authorized_keys:ro \
-e EXO_PRIVATE_KEY=mykey \
--label traefik.enable=true \
--label "traefik.http.routers.exoframe-server.rule=Host(\`domain.com\`)" \
--label "traefik.http.routers.exoframe-server-web.rule=Host(\`domain.com\`)" \
--label traefik.http.routers.exoframe-server.tls.certresolver=exoframeChallenge \
--label traefik.http.middlewares.exoframe-server-redirect.redirectscheme.scheme=https \
--label traefik.http.routers.exoframe-server-web.entrypoints=web \
--label traefik.http.routers.exoframe-server-web.middlewares=exoframe-server-redirect@docker \
--label traefik.http.routers.exoframe-server.entrypoints=websecure \
--label entryPoints.web.address=:80 \
--label entryPoints.websecure.address=:443 \
--restart always \
--name exoframe-server \
exoframe/server