HTTPS support?

Question

HTTPS support?

xfred81 opened this issue 4 years ago · 9 comments

Hi, this is not really an issue but I was wondering if HTTPS support was possible with this Docker image?
I can't find any information out there (plus default URL refers to http://...).

Thanks!

tuxgasy commented 3 years ago

PR merged

Answer 1 · 2020-11-10T19:12:15.000Z

I do not plan this feature. But feel free to do a PR. Just keep this image simple.

See also CONTRIBUTING.md.

Answer 2 · 2020-11-14T14:36:52.000Z

Hi there,

To handle this you can easily use a proxy to dolibarr container (using traefik for example).

here is an example based on my own setup :

version: "3.8"

networks:
  proxy-network:
    name: proxy-network
    internal: false
  local-internal-network:
    internal: true

services:
  proxy:
    image: library/traefik:2.3
    env_file:
      - ${ROOT_PATH}/proxy/.env
    volumes:
      - ${ROOT_PATH}/.persist/proxy/acme.json:/letsencrypt/acme.json
      - ${ROOT_PATH}/proxy/traefik.yml:/etc/traefik/traefik.yml:ro
      - ${ROOT_PATH}/proxy/conf.d:/etc/traefik/conf.d:ro
      - ${ROOT_PATH}/proxy/userList:/etc/traefik/userList:ro
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.proxy.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
      - "traefik.http.routers.proxy.entrypoints=traefik"
      - "traefik.http.routers.proxy.service=api@internal"
      - "traefik.http.routers.proxy.tls=true"
      - "traefik.http.routers.proxy.tls.certresolver=myresolver"
      - "traefik.http.routers.proxy.middlewares=proxy-auth"
      - "traefik.http.middlewares.proxy-auth.basicauth.usersFile=/etc/traefik/userList"
    networks:
      - proxy-network

  asl:
    image: tuxgasy/dolibarr:latest
    env_file:
      - ${ROOT_PATH}/asl/web.env
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.asl.rule=Host(`yourfull.domain.tld`)"
      - "traefik.http.services.asl.loadbalancer.server.port=80"
      - "traefik.http.services.asl.loadbalancer.server.scheme=http"
      - "traefik.http.routers.asl.tls=true"
      - "traefik.http.routers.asl.tls.certresolver=myresolver"
    volumes:
      - ${ROOT_PATH}/.persist/asl/documents:/var/www/documents
    networks:
      - proxy-network
      - local-internal-network
    depends_on:
      - asl-db

  asl-db:
    image: mariadb:10.3
    env_file:
      - ${ROOT_PATH}/asl/db.env
    volumes:
      - ${ROOT_PATH}/.persist/asl/db:/var/lib/mysql
      - ${ROOT_PATH}/asl/mysql-root:/run/secrets/mysql-root:ro
      - ${ROOT_PATH}/asl/mysql-user:/run/secrets/mysql-user:ro
    networks:
      - local-internal-network

Answer 3 · 2020-11-16T15:58:44.000Z

Thanks @mathieupotier . I indeed discovered such proxies and I'm now using nginx + letsencrypt.
I'll test your solution next week. Thanks a lot for clear and detailed answer!

Answer 4 · 2020-12-01T21:53:21.000Z

Sorry @mathieupotier for my lake of feedback; I had quite hard days lately...

Answer 5 · 2021-01-06T19:15:43.000Z

No problem, but I'll just update this feed with my incents :

I don't think dealing with certificates and SSL in this image is a good idea, because there is so much possible implementation that are out of scope for Dolibarr service ... it is simpler to use a reverse proxy solution to deal with SSL (keeping things SOLID)
But we can add some implementation example in the repository docs, to help people.

Answer 6 · 2021-01-06T20:36:37.000Z

@mathieupotier I'd agree! Yet, couple of examples in docs would really be of great help!

Answer 7 · 2021-04-21T09:03:28.000Z

@xfred81 does this doc / example suits your need ?
https://github.com/tuxgasy/docker-dolibarr/tree/master/examples/with-rp-traefik

Answer 8 · 2021-11-25T14:33:08.000Z

I made a PR for NGINX Certbot example , this is how i did for my own dolibarr usage

#73