Using Custom Domains and SSL with Let's Encrypt and Traefik

Docs Hosting and Cloud Platforms
#1

Intro

When you deploy your site you want it to be accessible under your own domain name and also secured with certificate, so that you see the lock icon in your browser and the site is accessible with HTTPS

In this Wappler update, we are introducing a new way to handle custom domains and automatically
generate free SSL certificates to secure them. All that thanks to two new services: Traefik for easy managing your site and services redirection, working together with Let’s Encrypt for issuing free secure certificates.

Register a Domain Name

You can register your own domain name at any provider as you wish. So you have full control of it.
Where the domain name and it sub domains point to is determined by the assigned DNS records to your domain.

You can edit the DNS records usually at the provider where you register your domain with, or have it under control of the provider that you are running your server on like Digital Ocean:

Once your register it, you can assign an IP address to it pointing to your server.

If you want free domain registration with .tk and other simple extensions, you can try the Freenom service.

Edit your DNS settings

Once you create your server, you will know its IP address that you need to assign to your domain name. You can see it in the properties panel in the Resource Manager:

Screenshot_34
Screenshot_341440×900 55.3 KB

If you have Digital Ocean then you can simply add the domain there for management. Make sure you assigned the right DNS servers as outlined in the guide above at your domain registrar to point to the ones at Digital Ocean. After that it is easy to assign the new domain:

image
image1340×445 37.5 KB

Once you have assign the domain for management, you need to add hostnames to manage (sub domain names).

As I want to use multiple hostnames for various services under the same domain, for easy management I will use a wildcard hostname noted with *
This means that any subdomain under my domain will point to the same server.

image
image1341×596 56.3 KB

So as you can see my domain is setup now with any hostname( sub domains) we can think of later on:

image
image1353×903 79.2 KB

Install Traefik

So now that we have pointed our domain to our brand new server, we need to let the server know about it and let it automatically generate SSL certificates for the domain names.

To do this we need to install Traefik.
Expand your server in the Resource Manager and right click Services:

Screenshot_38
Screenshot_381440×900 53.2 KB

Select Add Service > System > Traefik:

Screenshot_39
Screenshot_391440×900 61.1 KB

It is important to enter your e-mail address so it will be registered with Let’s Encrypt and be used to issue your free SSL certificates. Those are valid for just 3 months but will be automatically renewed for you by Traefik:

Screenshot_40
Screenshot_401440×900 56.5 KB

Then you can choose whether to install the Traefik Dashboard:

Screenshot_41
Screenshot_411440×900 61.9 KB

Enable Secure Dashboard in order to have the access to the dashboard with username and password:

Screenshot_42
Screenshot_421440×900 58.4 KB

Enter a username and password for the Traefik Dashboard, also enter a custom domain for it:

Screenshot_43
Screenshot_431440×900 60 KB

Assign your new Domain Names

So now that we completed the installation of Traefik, we can now also assign custom domain names to our web server as well.

You can do that in the target settings.
Open the Project Settings:

Screenshot_44
Screenshot_441440×900 61.5 KB

Go to Targets:

Screenshot_45
Screenshot_451440×900 62 KB

And open your remote target, which is using your server:

Screenshot_47
Screenshot_471440×900 63.7 KB

Replace the IP address in the Web Server URL:

Screenshot_56
Screenshot_561440×900 63.1 KB

With your domain:

Screenshot_48
Screenshot_481440×900 63.6 KB

Make sure the Port field is empty:

Screenshot_50
Screenshot_501440×900 65.1 KB

And click Save:

Screenshot_49
Screenshot_491440×900 63.7 KB

Deploy Services

Now as we have our target set up, we need to deploy the services added to our server - in our case this is the Traefik service.

In the Resource Manager select Services and click the Deploy button, located in the properties panel:

Screenshot_51
Screenshot_511440×900 54.4 KB

You can see the progress:

Screenshot_53
Screenshot_531440×900 65.3 KB

And a successful notification appears when the service has been deployed and launched:

Screenshot_54
Screenshot_541440×900 73.4 KB

The last step is to switch to your remote target and Deploy:

Screenshot_55
Screenshot_551440×900 56 KB

So now after the deploy of your new domain the installed Traefik will pick it up and starts its automatic process to issue a new SSL certificate for it from Let’s Encrypt, if it doesn’t have it yet. So that your web site is securely accessible under https with a nice free certificate.

It might take a minute to generate as the the external service of Let’s Encrypt need to be called and your domain verified. But after that you can go directly in the browser and access you new site.

You see how easy it is to use custom domains and issue fully automatically certificates to them thanks to the Traefik integration in the Resource Manager.

14 Likes
Offer wappler app as SaaS
Understanding Traefik
Browser warning appears even with the certificate
Hosting through Digital Ocean Docker and Node.js https
Problem with SSL in Digital Ocean when not using DNS by DO
Ssl authentication with ec2
Unable to make Custom Domains and SSL with Let’s Encrypt and Traefik work for me
Cloud Hetzner and Docker with NodeJS
Docker issue, deploy to remote DO droplet
Error on phpmyadmin with Docker
Error trying to deploy to AWS
Database structure not deploying after setting up portainer and traefik
Database structure not deploying after setting up portainer and traefik
Adding new features to Wappler
Wappler 3.2.1 Released
Docker Web SSL / HTTPS
Error: network wappler-compose_proxy declared as external, but could not be found
DDos attack, first time that's happened
Digital Ocean - Server loads - Memory use? When would one upgrade the server..?
Docker container conflict
Wappler 5.0.2 Released
User security works under localhost, but not when published to DO
Importing Existing Server in Resource Manager
Error installing Traefik
Mobile API - Status 302 - No Data
Help With SSL
Problems adding Traefik
Can't Remove Port on Target
Can't Remove Port on Target
Traefik SSL Certificate working on Safari but not Chrome
Docker Web SSL / HTTPS
Using Oracle Cloud server with Resource Manager
Cloud Hetzner and Docker with NodeJS
#2

Thankyou @George.

I found that couldn’t initially get the dashboards working. I added both @ and * to the DNS records in Digital Ocean and finally worked. Not sure if anyone else experienced this.

Here is screenshot of Digital Ocean DNS settings.

dns_wappler
dns_wappler1259×743 115 KB

2 Likes
#3

Yes you can add @ as hostname as well indeed - which basically means, respond also without hostname, like for example.com

While using a * as hostname - means respond for any hostname, so like site1.example.com, site2.example.com etc

or you can just specify only the hostnames you want.

1 Like
#4

Hi @George, thanks for the tutorial. Definitely, makes go live so much faster and easier.

My problem is somehow, I don’t see the traefik service setting, only Portainer. I’m on the latest Wappler version 3.2.1

traefik
traefik1007×672 37.4 KB

#5

I finally was able to make this work :slight_smile: I had some figuring out to get it right so if this helps anyone.

  1. It’s an experimental feature, so had to enable experimental feature from settings.

  2. You have to enter all the settings: Portainer, Dashboard, username, password etc. I tried it with just the traefik setting on and dashboard as ‘off’, nothing happens. But the UI doesn’t give any indication that dashboard is mandatory or anything.

  3. Then I ran into this error:

ERROR: for traefik Cannot start service traefik: driver failed programming external connectivity on endpoint traefik (703c6972ebf3bf79ebac9823a23c5aa9dc4b0ad73323ba3e0813ee8cbc6946b5): Bind for 0.0.0.0:80 failed: port is already allocated
ERROR: Encountered errors while bringing up the project.
Error Deploying Services on Docker Machine OrderManagementDemo!

This was because my node server was also running on the same port.

I made port as blank in Node, deployed to remote and then apply traefik & portainer settings again, it showed the green lights

and then I changed the host of the Server to my ‘https’ domain.

It worked out in the end.

5 Likes
#6

I was in the process of writing a similar post. I had the same issues, PHP server running on port 80. Probably just needs a note in the instructions to either shutdown the docker web service whilst installing Traefick or change the port number before installing Traefik. Works well once up and running though.

1 Like
#7

Thanks - yes will adjust the docs for the final release.

2 Likes
#8

Got this working, to reiterate the above feedback - you must install both portainer and traefik - this is the part I was missing.

However, neither dashboard appears to be working, neither the portainer.mydomain or traefik.mydomain - can’t access either and when return to the project settings, the user and password are blanked out - even if I continue to save it.

Screen Shot 2020-09-07 at 2.32.57 pm

#9

I am having the same issue. Assigned both subdomains to the server IP and it’s showing the following text: 404 page not found

#10

A post was split to a new topic: Missing Dockerfile when deploy

ERROR: Cannot locate specified Dockerfile
#12

image
image1920×1080 214 KB

traefik is running but when I open website in browser it gives me 404 error: {“status”:“404”,“message”:"/ not found."}

#13

Also I managed to install traefic and portainer and they are working well, however the main site is showing me 404 page not found message, with the not secure tag on top, and Your connection is not private. I don’t know where I went wrong?
I followed all the steps and got the green light after deploying but the ssl may have not installed correctly I think.

#14

This is usually because Traefik currently only sets up one host (either www.yourdomain.com or yourdomain.com - not both) there is a workaround for this, while @george and the team add a couple of options to the setup. You can find it here:
Www and non-www certificates in Docker

#15

Hey bpj, actually I don’t have any url forwarding for www.mydomain.com to mydomain.com so I am only using the basic mydomain.com but still after I tried installing ssl through traefic and the steps mentioned above, something went wrong and now the site is not accessible because I am getting this message:

image
image736×468 16.6 KB

#16

In project settings, is the domain set as https://your domain.com? (Ensure it is https://)

1 Like
#17

Got it working now. Initially it wasn’t working because I had the ip address in there with the https, and I didn’t change it because I thought it was the same thing as writing https://mydomain.com. Thanks

1 Like
#18

5 posts were split to a new topic: Digital ocean managed database connection with SSL

#19

mm found it… :)…

#20

mmm is this applicable to AWS as well (**SSL with Let’s Encrypt and Traefik) or is there a guide on how to setup SSL with AWS?

#21

If you’re using Docker managed by Wappler (you use Wappler to deploy) should be the same

1 Like