angristan / feedbin-docker

Self-host your own Feedbin RSS reader in Docker
MIT License
250 stars 34 forks source link

caddy/letsencrypt #Help #9

Open ldexterldesign opened 4 years ago

ldexterldesign commented 4 years ago

Hi,

Hope you're well

Thanks again for software

After inconsistent success running feedbin from a local host (i.e. 127.0.0.1), today I decided to attempt the HTTPS route again and still keep hitting letsencrypt rate [l]imits, and I don't really know why?:

Caddyfile:

feedbin.ldexterldesign.uk {
  gzip
  proxy / http://feedbin-web:3000 {
    transparent
  }
}

camo.feedbin.ldexterldesign.uk {
  gzip
  proxy / http://camo:8081 {
    transparent
  }
}

minio.feedbin.ldexterldesign.uk {
  gzip
  proxy / http://minio:9000 {
    transparent
  }
}

My domain (i.e. https://ldexterldesign.uk) runs letsencrypt so I don't understand why this won't just work:

Screenshot 2020-04-12 at 14 43 15

I suspect I'm hitting rate limits every time I attempt a new install because it's not obvious I have to setup volumes:

docker-compose.yaml:

Before:

[...]
  feedbin-caddy:
    image: abiosoft/caddy:1.0.3
    volumes:
      - feedbin_caddy:/etc/ssl/caddy
      - ./caddy/Caddyfile:/etc/Caddyfile:ro
[...]

After:

[...]
  feedbin-caddy:
    image: abiosoft/caddy:1.0.3
    volumes:
      - ~/Downloads/-data:/etc/ssl/caddy
      - ~/Downloads/-data:/etc/Caddyfile:ro
[...]

Currently waiting (an hour?) to see if this makes a difference...

[a]biosoft states in its docker hub page:

[...] Saving Certificates

Save certificates on host machine to prevent regeneration every time container starts. Let's Encrypt has rate limit. [...]

I'm a letsencrypt newb but if this sounds valid then this should be clearer in the README

Also, what does "update the domains" mean in the [R]EADME:

[...] Copy caddy/example.Caddyfile to caddy/Caddyfile and update the domains. [...]

Are there any added steps to get an SSL certificate setup (e.g. install and/or run certbot, create a certificate signing request (CSR) and transfer to feedbin)?:

If you have any issues (e.g. questions/queries) then happy to help

Hope to hear back

Sincerely 😫

a: https://hub.docker.com/r/abiosoft/caddy l: https://letsencrypt.org/docs/rate-limits/ r: https://github.com/angristan/feedbin-docker#setup t:

/Users/ldexterldesign/Downloads/-data/-config/feedbin/caddy
β”œβ”€β”€ acme
β”‚Β Β  └── acme-v02.api.letsencrypt.org
β”‚Β Β      β”œβ”€β”€ challenge_tokens
β”‚Β Β      └── users
β”‚Β Β          └── default
β”‚Β Β              β”œβ”€β”€ default.json
β”‚Β Β              └── default.key
β”œβ”€β”€ locks
└── uuid

6 directories, 3 files
ldexterldesign commented 4 years ago

Assuming I have to update .env hosts too (i.e. feedbin.domain.tld > ldexterldesign.uk)?

.env:

Before:

# Minio
MINIO_ACCESS_KEY=password
MINIO_SECRET_KEY=password

# Caddy
CADDYPATH=/etc/ssl/caddy

# Camo
CAMO_HOST=https://camo.feedbin.domain.tld
CAMO_KEY=password

# Rails
RACK_ENV=production
RAILS_ENV=production
PORT=3000
SECRET_KEY_BASE=password
DEFAULT_URL_OPTIONS_HOST=feedbin.domain.tld
PUSH_URL=https://feedbin.domain.tld
FEEDBIN_URL=https://feedbin.domain.tld
FEEDBIN_HOST=feedbin.domain.tld
FORCE_SSL=

# Databases
ELASTICSEARCH_URL=http://elasticsearch:9200
MEMCACHED_HOSTS=memcached:11211
REDIS_URL=redis://feedbin-redis:6379

POSTGRES=postgres
POSTGRES_USERNAME=feedbin
POSTGRES_USER=feedbin
POSTGRES_PASSWORD=password
DATABASE_URL=postgres://feedbin:password@postgres/feedbin_production

# S3
AWS_ACCESS_KEY_ID=password
AWS_SECRET_ACCESS_KEY=password
AWS_S3_BUCKET=feedbin
AWS_S3_BUCKET_FAVICONS=feedbin
AWS_S3_ENDPOINT=https://minio.feedbin.domain.tld
AWS_S3_PATH_STYLE="true"
ENTRY_IMAGE_HOST=minio.feedbin.domain.tld

After:

# Minio
MINIO_ACCESS_KEY=password
MINIO_SECRET_KEY=password

# Caddy
CADDYPATH=/etc/ssl/caddy

# Camo
CAMO_HOST=https://camo.feedbin.ldexterldesign.uk
CAMO_KEY=password

# Rails
RACK_ENV=production
RAILS_ENV=production
PORT=3000
SECRET_KEY_BASE=password
DEFAULT_URL_OPTIONS_HOST=feedbin.ldexterldesign.uk
PUSH_URL=https://feedbin.ldexterldesign.uk
FEEDBIN_URL=https://feedbin.ldexterldesign.uk
FEEDBIN_HOST=feedbin.ldexterldesign.uk
FORCE_SSL=

# Databases
ELASTICSEARCH_URL=http://elasticsearch:9200
MEMCACHED_HOSTS=memcached:11211
REDIS_URL=redis://feedbin-redis:6379

POSTGRES=postgres
POSTGRES_USERNAME=feedbin
POSTGRES_USER=feedbin
POSTGRES_PASSWORD=password
DATABASE_URL=postgres://feedbin:password@postgres/feedbin_production

# S3
AWS_ACCESS_KEY_ID=password
AWS_SECRET_ACCESS_KEY=password
AWS_S3_BUCKET=feedbin
AWS_S3_BUCKET_FAVICONS=feedbin
AWS_S3_ENDPOINT=https://minio.feedbin.ldexterldesign.uk
AWS_S3_PATH_STYLE="true"
ENTRY_IMAGE_HOST=minio.feedbin.ldexterldesign.uk

Sincerely

ldexterldesign commented 4 years ago

FYI

🍻

Caddy doesn't just default to HTTPS/TLS available, it really doesn't want anything to do with you without TLSβ€”and that means a real, publicly resolvable domain.