Describe Example deployment

[ModischFabrications]

Create a sample deployment using the frontend, traefik and more.

https://www.smarthomebeginner.com/traefik-docker-security-best-practices/

[ModischFabrications]

https://github.com/htpcBeginner/docker-traefik/blob/master/docker-compose-t2-web.yml

[ModischFabrications]

https://doc.traefik.io/traefik/getting-started/configuration-overview/

https://doc.traefik.io/traefik/user-guides/docker-compose/acme-http/

[ModischFabrications]

Use Traefik to renew Let's Encrypt Certificate. Once per domain, so 1x for whole vps.modisch.me, paths can be ignored.

DNS Challenge technically works with namecheap, but will probably be screwed over with the multiple subhosts behind modisch.me and needs API access to namecheap, because it doesn't handle DNS-Challenges natively like Cloudflare or any other major domain provider.

https://doc.traefik.io/traefik/https/acme/#httpchallenge seems a lot easier, try that one.

Traefik hints:

• entrypoints are names for specific ports
• each service-connection needs to listen to 1..* entrypoints
• rules define the url and routing
  • Host(example.com) is needed to assign to specific domains
  • Path(/traefik) can be used to match paths exactly (/cutsolver , but not /cutsolver/api)
  • PathPrefix is useful to allow multiple subpaths (/cutsolver/api/*)
  • priority is somehow defined by length, let's test how the default solution works
• use letsencrypt staging server to not get blocked during testing (https://doc.traefik.io/traefik/https/acme/#caserver)

[ModischFabrications]

Okay, seems like traefik isn't that simple:

• The reverse proxy will have /cutsolver/ on all requests, which the frontend won't recognise
• stripping the path is technically possible, but will still lead to weird problems with relative links, try it anyways:

https://doc.traefik.io/traefik/middlewares/http/stripprefix/:

- "traefik.http.middlewares.app-stripprefix.stripprefix.forceslash=false"
- "traefik.http.middlewares.app-stripprefix.stripprefix.prefixes=/app"
- "traefik.http.routers.app.middlewares=app-stripprefix"

HTTPS redirect might also be useful, but that one should probably be defined on the entrypoints:

labels:
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"

[ModischFabrications]

Would also be nice to have a dashboard on a secure channel, might need to add auth for that. Extract a whole lot of vars into an env file to make that easier, could also extract email and domain

[ModischFabrications]

Be aware that forces HTTPS redirect will mess with HTTP-Challenges, might need to do that selectively, if needed:

https://danielbkr.net/traefik-v2-how-to-configure-https-redirection-and-lets-encrypt/

[ModischFabrications]

All hrefs need to have ./* instead of / to properly redirect behind proxies. Traefik should set some headers to enable rerouting for more complex apps, but initial experiments haven't been that successful with the frontend resources. Fixes from fd2e50e9324dd6ad4cbabfbe733c049d58525a4b might help.

Forcing trailing slashes is also necessary to resolve those links, but seems to be on by default.

[ModischFabrications]

Seems to work, https://vps.modisch.me/cutsolver/ is online and linked, just need to fix git lfs for the frontend. Postfixing /cutsolver with another slash would also be nice, but I can't get that to work.

[ModischFabrications]

Got it! I replaced only the checkout of the first step, not the second.

[ModischFabrications]

https://github.com/ModischFabrications/CutSolverFrontend/blob/master/docker-compose-deploy.yml is what you are looking for.

[ModischFabrications]

Done!