Create wiki page 'Reverse Proxy with traefik'

[GuillaumeLazar]

🗣 Suggestion

I saw the the issue #142 and the wiki page https://github.com/cypht-org/cypht/wiki/Reverse-Proxy-with-NGINX but I found nothing about the traefik reverse proxy.

After playing with the cypht docker image + traefik reverse proxy, I would like to share some instructions for the newcomers. It's really fast to deploy cypht with https on a sub-domain with the docker image + traefik.

This docker-compose.yml is :

• based on the official instructions from here: https://hub.docker.com/r/sailfrog/cypht-docker without exposing the http port 80 on the host
• it requires a FQDN (e.g: mydomain.com)
• cypht will be accessible using a sub-domain (e.g: mail.mydomain.com)

1. Configure a DNS entry to redirect mydomain.com and *.mydomain.com to your server ip address

2. Create the file docker-compose.yml and update mydomain and password fields:

   
   # docker-compose.yml
   services:
   traefik:
   image: "traefik:latest"
   restart: "always"
   command:
     - "--entrypoints.web.address=:80"
     - "--entrypoints.websecure.address=:443"
     - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
     - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
     - "--providers.docker"
     - "--providers.docker.exposedbydefault=false"
     - "--log.level=INFO" # DEBUG INFO ERROR
     - "--accesslog=true"
     - "--accesslog.filePath=/logs/access.log"
     - "--certificatesresolvers.leresolver.acme.httpchallenge=true"
     - "--certificatesresolvers.leresolver.acme.email=acme@mydomain.com"
     - "--certificatesresolvers.leresolver.acme.storage=/acme/acme.json"
     - "--certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web"
   ports:
     - "80:80"
     - "443:443"
   volumes:
     - "/var/run/docker.sock:/var/run/docker.sock:ro"
     - "traefik_acme:/acme"
     - "traefik_logs:/logs"
   labels:
     - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
     - "traefik.http.routers.http-catchall.entrypoints=web"
     - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
     - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
     - "traefik.http.middlewares.traefik-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex,"
   
   cypht-db:
   image: mariadb:10
   volumes:
     - cypht_db:/var/lib/mysql
   environment:
     - MYSQL_ROOT_PASSWORD=root_password
     - MYSQL_DATABASE=cypht
     - MYSQL_USER=cypht
     - MYSQL_PASSWORD=cypht_password
   
   cypht:
   image: sailfrog/cypht-docker:latest
   volumes:
     - cypht_users:/var/lib/hm3/users
   environment:
     - CYPHT_AUTH_USERNAME=admin
     - CYPHT_AUTH_PASSWORD=admin_password
     - CYPHT_DB_CONNECTION_TYPE=host
     - CYPHT_DB_HOST=cypht-db
     - CYPHT_DB_NAME=cypht
     - CYPHT_DB_USER=cypht
     - CYPHT_DB_PASS=cypht_password
     - CYPHT_SESSION_TYPE=DB
   labels:
     # cypht behind traefik
     - "traefik.enable=true"
     - "traefik.http.routers.cypht.rule=Host(`mail.mydomain.com`)"
     - "traefik.http.routers.cypht.entrypoints=websecure"
     - "traefik.http.services.cypht.loadbalancer.server.port=80"
     - "traefik.http.routers.cypht.service=cypht"
     - "traefik.http.routers.cypht.tls.certresolver=leresolver"
     - "traefik.http.routers.cypht.middlewares=security-headers"
     - "traefik.http.middlewares.security-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex"

volumes: traefik_acme: traefik_logs: cypht_users: cypht_db:

3. build and start the containers:  `docker compose up --build --detach`

4. Access to cypht: `https://mail.mydomain.com`

It could be added to a wiki page if you think it could help someone.

[marclaporte]

@jonocodes thoughts?

[jonocodes]

@jonocodes thoughts?

Yes I have been thinking about how to present the docker setup once sailfrog/cypht-docker is no longer used. Generally docker compose is not used much in production but it does make a good starting point for describing how a contain is used.

There are a bunch of scenarios that we can give compose files for since there are different configs.

• kubernetes
• reverse proxying with the above, or nginx, or apache, etc
• using postgres instead of mysql
• using sqlite
• using memcached and other caches
• connecting to gmail
• etc

But I will say for the most part these should just be 'tips' since they should be out of scope for this project.

The part I have been hung up on is would these compose examples be better in a (wiki) doc, or in actual example docker-compose.yml files. The advantage being that as files we may actually consider them code and keep them tested and up to date.

That being said traefik is nice. I personally am using caddy which is another a lightweight reverse proxy that auto-configs TLS, but only because I have not figured out why nginx is not happy in my local dev environment.

[marclaporte]

@rodriguezny @Yannick243 @Shadow243 @josaphatim @kroky any wisdom?

[kroky]

Sure, why not add the example traefik setup to a wiki page and later organize the docker documentation better - once we have an official docker image, docker-compose files, etc. can be shared as examples or distributed in specific folder here in the repo.

[jonocodes]

Also worth looking at: https://frankenphp.dev/

[marclaporte]

@GuillaumeLazar

Can you please review now that we have an official and revamped Docker? https://hub.docker.com/r/cypht/cypht

Thanks!