HTTPS support?
xfred81 opened this issue · 9 comments
Hi, this is not really an issue but I was wondering if HTTPS support was possible with this Docker image?
I can't find any information out there (plus default URL refers to http://...).
Thanks!
I do not plan this feature. But feel free to do a PR. Just keep this image simple.
See also CONTRIBUTING.md.
Hi there,
To handle this you can easily use a proxy to dolibarr container (using traefik for example).
here is an example based on my own setup :
version: "3.8"
networks:
proxy-network:
name: proxy-network
internal: false
local-internal-network:
internal: true
services:
proxy:
image: library/traefik:2.3
env_file:
- ${ROOT_PATH}/proxy/.env
volumes:
- ${ROOT_PATH}/.persist/proxy/acme.json:/letsencrypt/acme.json
- ${ROOT_PATH}/proxy/traefik.yml:/etc/traefik/traefik.yml:ro
- ${ROOT_PATH}/proxy/conf.d:/etc/traefik/conf.d:ro
- ${ROOT_PATH}/proxy/userList:/etc/traefik/userList:ro
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
- 443:443
- 8080:8080
labels:
- "traefik.enable=true"
- "traefik.http.routers.proxy.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.proxy.entrypoints=traefik"
- "traefik.http.routers.proxy.service=api@internal"
- "traefik.http.routers.proxy.tls=true"
- "traefik.http.routers.proxy.tls.certresolver=myresolver"
- "traefik.http.routers.proxy.middlewares=proxy-auth"
- "traefik.http.middlewares.proxy-auth.basicauth.usersFile=/etc/traefik/userList"
networks:
- proxy-network
asl:
image: tuxgasy/dolibarr:latest
env_file:
- ${ROOT_PATH}/asl/web.env
labels:
- "traefik.enable=true"
- "traefik.http.routers.asl.rule=Host(`yourfull.domain.tld`)"
- "traefik.http.services.asl.loadbalancer.server.port=80"
- "traefik.http.services.asl.loadbalancer.server.scheme=http"
- "traefik.http.routers.asl.tls=true"
- "traefik.http.routers.asl.tls.certresolver=myresolver"
volumes:
- ${ROOT_PATH}/.persist/asl/documents:/var/www/documents
networks:
- proxy-network
- local-internal-network
depends_on:
- asl-db
asl-db:
image: mariadb:10.3
env_file:
- ${ROOT_PATH}/asl/db.env
volumes:
- ${ROOT_PATH}/.persist/asl/db:/var/lib/mysql
- ${ROOT_PATH}/asl/mysql-root:/run/secrets/mysql-root:ro
- ${ROOT_PATH}/asl/mysql-user:/run/secrets/mysql-user:ro
networks:
- local-internal-network
Thanks @mathieupotier . I indeed discovered such proxies and I'm now using nginx + letsencrypt.
I'll test your solution next week. Thanks a lot for clear and detailed answer!
Sorry @mathieupotier for my lake of feedback; I had quite hard days lately...
No problem, but I'll just update this feed with my incents :
I don't think dealing with certificates and SSL in this image is a good idea, because there is so much possible implementation that are out of scope for Dolibarr service ... it is simpler to use a reverse proxy solution to deal with SSL (keeping things SOLID)
But we can add some implementation example in the repository docs, to help people.
@mathieupotier I'd agree! Yet, couple of examples in docs would really be of great help!
@xfred81 does this doc / example suits your need ?
https://github.com/tuxgasy/docker-dolibarr/tree/master/examples/with-rp-traefik
I made a PR for NGINX Certbot example , this is how i did for my own dolibarr usage
PR merged