Hi, @nevil,
Did you finally find a solution?
I’m also looking cloud agnostic solution for HTTPS.
Depending on where it’s critical for you to have SSL enabled, you could use cloudflare SSL in flexible mode. Trafic from client to cloudflare would be encrypted. From cloudflare to your server, that would still be simple http though.
We will be adding also support for installing traefik directly on your docker server within Wappler and there you can also be able to manage and setup your SSL with lets encrypt.
For now you can do it manually by following the traefik guide above
Thanks, @George!
By the way. If I modify docker-compose.yml in “.wappler/targets” and will add some other components, will it still be able to launch it from Wappler GUI? Deploy, start/stop etc?
Well it should be ok to modify. Wappler modifies it with own stuff only and leaves the rest alone. Do test first of course
Someone from Upwork helped me with implementing Traefik to the .wappler\targets\target-name\docker-compose.yml file.
Old compose file:
version: '3'
services:
db:
environment:
MYSQL_ROOT_PASSWORD: ---
MYSQL_DATABASE: intranet
MYSQL_USER: db_user
MYSQL_PASSWORD: ---
volumes:
- 'db-volume:/var/lib/mysql'
ports:
- '9906:3306'
restart: always
command:
- '--character-set-server=utf8mb4'
- '--collation-server=utf8mb4_unicode_ci'
- '--default-authentication-plugin=mysql_native_password'
build:
context: .
dockerfile: db/Dockerfile
web:
depends_on:
- db
ports:
- '80:80'
restart: always
stdin_open: true
tty: true
build:
context: ../../../
dockerfile: .wappler/targets/Docker Remote/web/Dockerfile
volumes:
db-volume: ~
New file:
version: '3.5'
services:
portainer:
image: portainer/portainer
container_name: portainer
command: '-H unix:///var/run/docker.sock'
restart: always
ports:
- '9000:9000'
- '8000:8000'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
- 'portainer_data:/data'
db:
environment:
MYSQL_ROOT_PASSWORD: ---
MYSQL_DATABASE: intranet
MYSQL_USER: db_user
MYSQL_PASSWORD: ---
volumes:
- 'db-volume:/var/lib/mysql'
ports:
- '9906:3306'
restart: always
container_name: db
command:
- '--character-set-server=utf8mb4'
- '--collation-server=utf8mb4_unicode_ci'
- '--default-authentication-plugin=mysql_native_password'
build:
context: .
dockerfile: db/Dockerfile
web:
depends_on:
- db
labels:
- traefik.enable=true
- traefik.http.routers.myweb.tls.certresolver=myresolver
- traefik.http.routers.myweb.rule=Host(`your.domain.com`)
restart: always
container_name: web
stdin_open: true
tty: true
build:
context: ../../../
dockerfile: .wappler/targets/Docker Remote/web/Dockerfile
traefik2:
image: traefik:v2.2
container_name: traefik2
restart: always
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=your@email.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- letsencrypt:/letsencrypt
volumes:
db-volume: ~
portainer_data: ~
letsencrypt:
driver: local
You just need to replace the email and domain name. By then deploying the remote docker connection from within Wappler, it automatically installs SSL and portainer.
Hope someone has use for this, until Wappler implements their own SSL support.
Good work - yes this is how we also plan to implement it in Wappler
Thanks for sharing Nevil! I will look into this for sure.
Apparently Nevil and I were solving this problem at the same time this week. I am installing on EC2/Ubuntu 18.04
Here is my version of the docker-compose.yml file:
A couple notes on my docker file:
- I have a drive mounted so I can upload files to the local server (not sure if this is best practice but it’s working.)
- I also installed Portainer (covered in JonL’s video)
And here were some resources that I found helpful to set up docker/traefik:
Installing Docker: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
Connecting Wappler to Docker for Deployment:
https://success.docker.com/article/how-do-i-enable-the-remote-api-for-dockerd
(Note: this opens up security on your wappler instance, so you need to secure by port. In EC2 I have the port secured to my IP)
Installing Traefik:
Hope this helps someone. It was a huge PITA to figure this out.
Hi George / @Teodor, it seems that Wappler keeps changing the docker-compose.yml we have made to something a bit different.
Left is our own version, right is the version Wappler makes of it. Any idea how to prevent Wappler from changing it in this way?
Hi, @nevil! Did you solve it finally?
After some pause with Wappler still see that it’s a great tool for developing an app, but very non-transparent to make it production.
If you achieved to make an https production app (especially with node) it would be great if you share your deployment way.
Just wanted to say thankyou. Just added ssl to my app. I appreciate you sharing.
Just a small heads up:
We have full Traefik integration coming up in Wappler as preview this week!
So you can have all those SSL certificates fully automatically generated with Let’s Encrypt and assign easy domains to all your remote Docker targets! Like Docker Machine servers created on Amazon AWS or Digital Ocean.
So there will be no need to tweak manually the docker-compose file any longer and the generated code will be different as well.
@George Apologies for bumping this up but what’s the progress with setup SSL Certificates in Wappler?
See
Thanks for pointing this topic, but 1) This is a Preview and 2) This a years old manual. When we can expect to have this in GA?
The tutorial explains exactly what you are asking for. Just follow it.
Is this still the recommended way to hand SSL on DO? $10 a month for SSL seems a bit pricey for a $5 hosting service.