Questions

[ghost]

Hi 👋🏻 Thanks for the awesome playbook. I have some questions.

• If I supply my servers internal IP address (192.168.1.x) and not a FQDN it should generate self-signed certs correct?
• I see Traefik is used to expose nextcloud as a service which is awesome! What networks (internal and external) would I need to supply in a docker-compose.yml to this traefik configuration in order to expose another service which has an internal dB and an external app.

Many thanks!

[ReinerNippes]

Hi,

• trafik will create a selfsigned certificate for 192.168.1.x. (traefik always creates selfsigned certs if no letsencrypt certs can be issued.)
• There is only a frontend network(for trafik) and a backend network for (nextcloud, nginx, redis, db)

https://github.com/ReinerNippes/nextcloud_on_docker/blob/f7a88d8099ade0e6f4699f6a2eb9e41d875ba309/roles/docker_container/tasks/traefik.yml#L31

So you create an additional "appnetwork" and connect trafik plus your db and app container to it. No need for another frontend network.

You may look at the https://github.com/ReinerNippes/selfhosted_on_docker playbook which creates one internal network for each app and connects trafik to this app network.

https://github.com/ReinerNippes/selfhosted_on_docker/blob/477537a555e4faf03ca37f4b96b321e3e6c17c61/tasks/network.yml#L2

[ghost]

Also, for self-signed certs to be used. Do I just leave ssl_cert_email ?

EDIT: I ask these questions about the networking as I want to deploy Taiga most likely using a modified version of this docker-compose.yml

[ReinerNippes]

I believe even for letsencrypt the email address is not necessary. It's only to send you a reminder before the certificate would expire. In case the automatic renewal would work.

If you put the taiga and postgres container on the backend network everything would be fine. To access taiga you would have to add tags to the container so traefik will route traffic to the container.

If you use portainer you'll have a web gui to your docker environment.

[ghost]

I believe even for letsencrypt the email address is not necessary. It's only to send you a reminder before the certificate would expire. In case the automatic renewal would work.

If you put the taiga and postgres container on the backend network everything would be fine. To access taiga you would have to add tags to the container so traefik will route traffic to the container.

If you use portainer you'll have a web gui to your docker environment.

I would also need to put taiga on the frontend network as well correct?

Sorry this is kind of going out of scope of my original question. Really appriciate the help.

[ReinerNippes]

No. Only traefik is connected to the frontend network. Since it is also connected to the backend it acts as a reverse proxy for the taiga container.

[ghost]

Many thanks for your help @ReinerNippes!