Is their any (easy) way of enabling SSL (HTTPS) on the docker web container ?
This is possible by using Proxy/load balancers to route traffic to multiple docker sites and also maintain SSL certificates.
The two main solutions are Traefik or Nginx Proxy:
We will be making more user friendly integration of both in Wappler.
Thank you very much !. Looking forward to see this integrated in wappler
Traefik is far to complex for me, so I wanted to use Nginx. But switching to Nginx in Wappler gave this notice:
So I think I must select apache webserver, and then enable SSL for Nginx? I don’t understand fully how this works.
Are you using DigitalOcean?
With DigitalOcean you should choose to use their Load Balancer - that will take care of all your SSL for the droplets automatically, see:
Thanks for the suggestion. A issues with this though:
- It costs $10 per month for the load balancer (while lets encrypt is free)
- In order to automatically let Digital Ocean manage let’s encrypt for us, I need to have my domains DNS managed by them. Which I personally don’t prefer, but I will have to look into it.
- If I don’t host my domain DNS with them, I’m then not entirely sure what I need to do to generate a SSL certificate myself, and how to maintain this.
I might be able to deal with the $10 a month, but it seems a bit high. Would be great if there was a built-in SSL switch in Wappler which installs lets encrypt, are you thinking about implementing something like that?
you can use docker scale option
Did you finally find a solution?
I’m also looking cloud agnostic solution for HTTPS.
Depending on where it’s critical for you to have SSL enabled, you could use cloudflare SSL in flexible mode. Trafic from client to cloudflare would be encrypted. From cloudflare to your server, that would still be simple http though.
We will be adding also support for installing traefik directly on your docker server within Wappler and there you can also be able to manage and setup your SSL with lets encrypt.
For now you can do it manually by following the traefik guide above
By the way. If I modify docker-compose.yml in “.wappler/targets” and will add some other components, will it still be able to launch it from Wappler GUI? Deploy, start/stop etc?
Well it should be ok to modify. Wappler modifies it with own stuff only and leaves the rest alone. Do test first of course
Someone from Upwork helped me with implementing Traefik to the .wappler\targets\target-name\docker-compose.yml file.
Old compose file:
version: '3' services: db: environment: MYSQL_ROOT_PASSWORD: --- MYSQL_DATABASE: intranet MYSQL_USER: db_user MYSQL_PASSWORD: --- volumes: - 'db-volume:/var/lib/mysql' ports: - '9906:3306' restart: always command: - '--character-set-server=utf8mb4' - '--collation-server=utf8mb4_unicode_ci' - '--default-authentication-plugin=mysql_native_password' build: context: . dockerfile: db/Dockerfile web: depends_on: - db ports: - '80:80' restart: always stdin_open: true tty: true build: context: ../../../ dockerfile: .wappler/targets/Docker Remote/web/Dockerfile volumes: db-volume: ~
version: '3.5' services: portainer: image: portainer/portainer container_name: portainer command: '-H unix:///var/run/docker.sock' restart: always ports: - '9000:9000' - '8000:8000' volumes: - '/var/run/docker.sock:/var/run/docker.sock' - 'portainer_data:/data' db: environment: MYSQL_ROOT_PASSWORD: --- MYSQL_DATABASE: intranet MYSQL_USER: db_user MYSQL_PASSWORD: --- volumes: - 'db-volume:/var/lib/mysql' ports: - '9906:3306' restart: always container_name: db command: - '--character-set-server=utf8mb4' - '--collation-server=utf8mb4_unicode_ci' - '--default-authentication-plugin=mysql_native_password' build: context: . dockerfile: db/Dockerfile web: depends_on: - db labels: - traefik.enable=true - traefik.http.routers.myweb.tls.certresolver=myresolver - traefik.http.routers.myweb.rule=Host(`your.domain.com`) restart: always container_name: web stdin_open: true tty: true build: context: ../../../ dockerfile: .wappler/targets/Docker Remote/web/Dockerfile traefik2: image: traefik:v2.2 container_name: traefik2 restart: always command: - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - "--email@example.com" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" ports: - 80:80 - 443:443 volumes: - /var/run/docker.sock:/var/run/docker.sock - letsencrypt:/letsencrypt volumes: db-volume: ~ portainer_data: ~ letsencrypt: driver: local
You just need to replace the email and domain name. By then deploying the remote docker connection from within Wappler, it automatically installs SSL and portainer.
Hope someone has use for this, until Wappler implements their own SSL support.
Good work - yes this is how we also plan to implement it in Wappler
Thanks for sharing Nevil! I will look into this for sure.
Apparently Nevil and I were solving this problem at the same time this week. I am installing on EC2/Ubuntu 18.04
Here is my version of the docker-compose.yml file:
A couple notes on my docker file:
- I have a drive mounted so I can upload files to the local server (not sure if this is best practice but it’s working.)
- I also installed Portainer (covered in JonL’s video)
And here were some resources that I found helpful to set up docker/traefik:
Connecting Wappler to Docker for Deployment:
(Note: this opens up security on your wappler instance, so you need to secure by port. In EC2 I have the port secured to my IP)
Hope this helps someone. It was a huge PITA to figure this out.