search

Nikeev / sesdashboard

Analytics and activity tracking dashboard for AWS Simple Email Service
https://sesdashboard.com/
MIT License
85 stars 26 forks source link

Lets Encrypt SSL #52

Open djcroman opened 1 year ago

djcroman commented 1 year ago

Hello, is there a Guide to install SSL Let´s Encrypt Certicate? I install Sesdashboard over AWS.

Thank you Dany

Nikeev commented 1 year ago

Hello!

Unfortunately, there is no Let´s Encrypt SSL install guide for SesDashboard. But you could use third party guides for common nginx with docker installation. I found this one: https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 I didn't try it myself, but it looks fine to me.

In the future I'm planning to improve installation and add ssl support, but there is no estimation time for that.

Thanks.

jgimenez commented 1 year ago

Here's an example on how I edited the docker-compose.yml file to set it up with traefik:

services:

    mysql:
      restart: always
      env_file:
        - ./.env.local
      image: mysql:8
      container_name: sesdashboard-mysql
      working_dir: /application
      volumes:
        - .:/application
        - sesdashboard-mysql-datavolume:/var/lib/mysql
#      ports:
#        - "8085:3306"
      logging:
        driver: "json-file"
        options:
          max-size: "50m"

    webserver:
      restart: always
      image: nginx:alpine
      container_name: sesdashboard-webserver
      working_dir: /application
      volumes:
          - .:/application
          - ./phpdocker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
      ports:
        - "80"
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.admin.rule=Host(`sesdashboard.xxxxx.com`)"
        - "traefik.http.routers.admin.entrypoints=websecure"
        - "traefik.http.routers.admin.tls.certresolver=myresolver"
      logging:
        driver: "json-file"
        options:
          max-size: "50m"

    php-fpm:
      restart: always
      build: phpdocker/php-fpm
      container_name: sesdashboard-php-fpm
      working_dir: /application
      volumes:
        - .:/application
        - ./phpdocker/php-fpm/php-ini-overrides.ini:/etc/php/7.4/fpm/conf.d/99-overrides.ini
      logging:
        driver: "json-file"
        options:
          max-size: "50m"

    traefik:
      image: traefik:2.9
      restart: unless-stopped
      ports:
        - "443:443"
      command:
        - "--providers.docker=true"
        - "--providers.docker.exposedbydefault=false"
        - "--entrypoints.websecure.address=:443"
        - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
        - "--certificatesresolvers.myresolver.acme.email=devops@xxxxx.com"
        - "--certificatesresolvers.myresolver.acme.storage=/ssl/acme.json"
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./traefik/ssl:/ssl
      logging:
        driver: "json-file"
        options:
          max-size: "50m"

volumes:
  sesdashboard-mysql-datavolume:
    driver: local
MaximilianKohler commented 5 months ago

It would be easier with Caddy (vs Let´s Encrypt). Here's an example: https://github.com/samyogdhital/listmonk-caddy-reverse-proxy - you just add some lines to the docker-compose.yml and then edit the simple caddy file.

The easiest might be to just copy jgimenez's traefik config.

MaximilianKohler commented 5 months ago

@jgimenez Based on that config, you have no external/global version of nginx running right? I'm installing this on an nginx vhost so I get Error starting userland proxy: listen tcp4 0.0.0.0:443: bind: address already in use when I use your config. So I changed the ports like this:

    webserver:
      restart: unless-stopped
      image: nginx:alpine
      container_name: sesdashboard-webserver
      working_dir: /application
      volumes:
          - .:/application
          - ./phpdocker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
      ports:
       - "82:80"
    traefik:
      image: traefik:2.9
      restart: unless-stopped
      ports:
        - "8443:443"
      command:
        - "--providers.docker=true"
        - "--providers.docker.exposedbydefault=false"
        - "--entrypoints.websecure.address=:443"

Along with a basic proxy pass to port 82 in the vhost nginx config:

server {
        listen              443 ssl;
        server_name         sesdashboard.example.com; 

  location / {
        proxy_pass  http://127.0.0.1:82;
     proxy_set_header   Host            $http_host;
     proxy_set_header   X-Real-IP       $remote_addr;
     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;  
    }

}

server {
    listen              80;
    server_name         sesdashboard.example.com; 
      location / {
return 301 https://$host$request_uri;
      }
}

Does that seem correct?

It's resulting in a "file not found" error https://github.com/Nikeev/sesdashboard/issues/68#issuecomment-2024271944.

If I change "82:80" to just "80" or "82", like you have it, I get a 502 error instead. I've tried disabling my firewall to no avail.

Changing --entrypoints.websecure.address=:443 to 8443 makes no difference.

MaximilianKohler commented 5 months ago

Looking at this caddy setup for comparison https://github.com/samyogdhital/listmonk-caddy-reverse-proxy/blob/main/docker-compose.yml, they map it to app:9000 https://github.com/samyogdhital/listmonk-caddy-reverse-proxy/blob/main/caddy/Caddyfile. Would the equivalent of that be webserver:82?

docker ps
CONTAINER ID   IMAGE                              COMMAND                  CREATED        STATUS       PORTS                                             NAMES
498da6b21b59   traefik:2.9                        "/entrypoint.sh --pr…"   3 hours ago    Up 3 hours   80/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp   sesdashboard-traefik-1
8adc9120c3dd   nginx:alpine                       "/docker-entrypoint.…"   3 hours ago    Up 3 hours   0.0.0.0:82->80/tcp, :::82->80/tcp                 sesdashboard-webserver
f22e95623bc8   sesdashboard-php-fpm               "/usr/sbin/php-fpm8.…"   29 hours ago   Up 3 hours   9000/tcp                                          sesdashboard-php-fpm
1afbe03b4a3b   mysql:8.0                          "docker-entrypoint.s…"   29 hours ago   Up 3 hours   3306/tcp, 33060/tcp                               sesdashboard-mysql

I'm doubtful that matters though.

They remove the main 9000 port from the docker-compose file, but sesdashboard doesn't have a config.toml, and that's where the 9000 port is https://github.com/samyogdhital/listmonk-caddy-reverse-proxy/blob/main/config.toml. Does it have something equivalent that has a port?