Is their any (easy) way of enabling SSL (HTTPS) on the docker web container ?
This is possible by using Proxy/load balancers to route traffic to multiple docker sites and also maintain SSL certificates.
The two main solutions are Traefik or Nginx Proxy:
We will be making more user friendly integration of both in Wappler.
Thank you very much !. Looking forward to see this integrated in wappler
Traefik is far to complex for me, so I wanted to use Nginx. But switching to Nginx in Wappler gave this notice:
So I think I must select apache webserver, and then enable SSL for Nginx? I don’t understand fully how this works.
Are you using DigitalOcean?
Yes
With DigitalOcean you should choose to use their Load Balancer - that will take care of all your SSL for the droplets automatically, see:
Thanks for the suggestion. A issues with this though:
- It costs $10 per month for the load balancer (while lets encrypt is free)
- In order to automatically let Digital Ocean manage let’s encrypt for us, I need to have my domains DNS managed by them. Which I personally don’t prefer, but I will have to look into it.
- If I don’t host my domain DNS with them, I’m then not entirely sure what I need to do to generate a SSL certificate myself, and how to maintain this.
I might be able to deal with the $10 a month, but it seems a bit high. Would be great if there was a built-in SSL switch in Wappler which installs lets encrypt, are you thinking about implementing something like that?
you can use docker scale option
Depending on where it’s critical for you to have SSL enabled, you could use cloudflare SSL in flexible mode. Trafic from client to cloudflare would be encrypted. From cloudflare to your server, that would still be simple http though.
We will be adding also support for installing traefik directly on your docker server within Wappler and there you can also be able to manage and setup your SSL with lets encrypt.
For now you can do it manually by following the traefik guide above
Thanks, @George!
By the way. If I modify docker-compose.yml in “.wappler/targets” and will add some other components, will it still be able to launch it from Wappler GUI? Deploy, start/stop etc?
Well it should be ok to modify. Wappler modifies it with own stuff only and leaves the rest alone. Do test first of course
Someone from Upwork helped me with implementing Traefik to the .wappler\targets\target-name\docker-compose.yml file.
Old compose file:
version: '3'
services:
db:
environment:
MYSQL_ROOT_PASSWORD: ---
MYSQL_DATABASE: intranet
MYSQL_USER: db_user
MYSQL_PASSWORD: ---
volumes:
- 'db-volume:/var/lib/mysql'
ports:
- '9906:3306'
restart: always
command:
- '--character-set-server=utf8mb4'
- '--collation-server=utf8mb4_unicode_ci'
- '--default-authentication-plugin=mysql_native_password'
build:
context: .
dockerfile: db/Dockerfile
web:
depends_on:
- db
ports:
- '80:80'
restart: always
stdin_open: true
tty: true
build:
context: ../../../
dockerfile: .wappler/targets/Docker Remote/web/Dockerfile
volumes:
db-volume: ~
New file:
version: '3.5'
services:
portainer:
image: portainer/portainer
container_name: portainer
command: '-H unix:///var/run/docker.sock'
restart: always
ports:
- '9000:9000'
- '8000:8000'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
- 'portainer_data:/data'
db:
environment:
MYSQL_ROOT_PASSWORD: ---
MYSQL_DATABASE: intranet
MYSQL_USER: db_user
MYSQL_PASSWORD: ---
volumes:
- 'db-volume:/var/lib/mysql'
ports:
- '9906:3306'
restart: always
container_name: db
command:
- '--character-set-server=utf8mb4'
- '--collation-server=utf8mb4_unicode_ci'
- '--default-authentication-plugin=mysql_native_password'
build:
context: .
dockerfile: db/Dockerfile
web:
depends_on:
- db
labels:
- traefik.enable=true
- traefik.http.routers.myweb.tls.certresolver=myresolver
- traefik.http.routers.myweb.rule=Host(`your.domain.com`)
restart: always
container_name: web
stdin_open: true
tty: true
build:
context: ../../../
dockerfile: .wappler/targets/Docker Remote/web/Dockerfile
traefik2:
image: traefik:v2.2
container_name: traefik2
restart: always
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=your@email.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- letsencrypt:/letsencrypt
volumes:
db-volume: ~
portainer_data: ~
letsencrypt:
driver: local
You just need to replace the email and domain name. By then deploying the remote docker connection from within Wappler, it automatically installs SSL and portainer.
Hope someone has use for this, until Wappler implements their own SSL support.
Good work - yes this is how we also plan to implement it in Wappler
Thanks for sharing Nevil! I will look into this for sure.
Apparently Nevil and I were solving this problem at the same time this week. I am installing on EC2/Ubuntu 18.04
Here is my version of the docker-compose.yml file:
A couple notes on my docker file:
- I have a drive mounted so I can upload files to the local server (not sure if this is best practice but it’s working.)
- I also installed Portainer (covered in JonL’s video)
And here were some resources that I found helpful to set up docker/traefik:
Installing Docker: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
Connecting Wappler to Docker for Deployment:
https://success.docker.com/article/how-do-i-enable-the-remote-api-for-dockerd
(Note: this opens up security on your wappler instance, so you need to secure by port. In EC2 I have the port secured to my IP)
Installing Traefik:
Hope this helps someone. It was a huge PITA to figure this out.
Hi George / @Teodor, it seems that Wappler keeps changing the docker-compose.yml we have made to something a bit different.
Left is our own version, right is the version Wappler makes of it. Any idea how to prevent Wappler from changing it in this way?
Hi, @nevil! Did you solve it finally?
After some pause with Wappler still see that it’s a great tool for developing an app, but very non-transparent to make it production.
If you achieved to make an https production app (especially with node) it would be great if you share your deployment way.