Certbot LetsEncrypt support for generating certificates

[mayurdhurpate]

I have added a Makefile command gen-https-cert which does the following:

• Runs the certbot container separately
• Generate new certificate for $host domain
• Changes the Nginx config to https_certbot.conf.disabled which points to new certificate location

The certbot container automatically checks for certificate renewal every 12 hours via it's entrypoint command.

So, now on a server instance, following commands will result in running Outline with LetsEncrypt verified certificates:

git clone https://github.com/chsasank/outline-wiki-docker-compose.git
cd outline-wiki-docker-compose
make install
make https
make gen-https-cert
make stop
make start

[ashish9433]

@mayurdhurpate Thanks a lot for fixing the HTTPS issue. I used your repo and was able to get outline hosted in no time on a AWS instance. It seems to be working fine except the avatar images are not loading. I tried debugging but no luck. Any idea/pointers you can help?

[yash-me]

@mayurdhurpate Thanks a lot for fixing the HTTPS issue. I used your repo and was able to get outline hosted in no time on a AWS instance. It seems to be working fine except the avatar images are not loading. I tried debugging but no luck. Any idea/pointers you can help?

hey ashish can you help me deploy it because when i am trying i am getting error for ssl

[mayurdhurpate]

@ashish9433 I'm facing this issue as well. Wanted to check if it's happening because of HTTPS certificate, or was happening earlier with Docker Compose as well.

@yash-me Can you share the error you're getting.

[eeshaan]

@ashish9433 @mayurdhurpate When using https (via Certbot or otherwise), you can simply switch Minio's proxy pass from https to http in default.conf.

Also be sure to follow #25, adding @sdprovost's patch to docker-compose.yml and changing AWS_S3_ACL to public-read in env.outline.

Hope that helps!

[ashish9433]

@ashish9433 @mayurdhurpate When using https (via Certbot or otherwise), you can simply switch Minio's proxy pass from https to http in default.conf.

Also be sure to follow #25, adding @sdprovost's patch to docker-compose.yml and changing AWS_S3_ACL to public-read in env.outline.

Hope that helps!

@eeshaan i did change the AWS_S3_ACL whereas the patch posted by @sdprovost gave me an error. Is it possible for you to share the updated docker-compose.yml file with the patch?

[windswept321]

Thanks for putting the fix up, but I get the following issue after running make gen-https-cert:

Enter https port number [443]:
=>run 'make start' and your server should be ready shortly.
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.nginx.ports is invalid: Invalid port "make gen-https-cert:443", should be [[remote_ip:]remote_port[-remote_port]:]port[/protocol]
make: *** [Makefile:47: gen-https-cert] Error 1

[mayurdhurpate]

Hm, difficult to decipher from the above message. But looks like somehow the $host or similar environment variable is accidentally set to make gen-https-cert instead of ip/domain. Maybe you can retry the whole process again once.

[eeshaan]

@ashish9433 and everyone else in this thread:

Outline now has official installation documentation with a known Docker config that works with HTTPS via steveltn/https-portal. I could share my own config if needed, but it's probably best you stick with the official one as it seems more sound and less problematic.

https://app.getoutline.com/share/770a97da-13e5-401e-9f8a-37949c19f97e/doc/docker-7pfeLP5a8t

[ashish9433]

@ashish9433 and everyone else in this thread:

Outline now has official installation documentation with a known Docker config that works with HTTPS via steveltn/https-portal. I could share my own config if needed, but it's probably best you stick with the official one as it seems more sound and less problematic.

https://app.getoutline.com/share/770a97da-13e5-401e-9f8a-37949c19f97e/doc/docker-7pfeLP5a8t

Thanks for the update dude!

[syssecfsu]

Thank you for the script.

I had the following issue: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Connection refused.

I am sure port 80 is accessible because I can obtain the letsencrypt cert using the standalone mode. Maybe it is the webroot configuration?