Closed R8s6 closed 2 years ago
I think you should use letsencrypt instead if you don't have cert.pem file.
use the following code in env file.
CERT_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/fullchain.pem
KEY_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/privkey.pem
Hi,
The letsencrypt cert is obtained at the gateway (pfSense) as well.
The gateway does these:
So I need mattermost to run in http mode only, and the traffic looks like this:
client <--- via Internet with https ---> pfSense gateway <--- via LAN with http --> docker
For example, say i have 2 domains:
The gateway obtains/renews LE certs, sees some traffic for a.abc.com, terminates ssl, and uses HAProxy to direct traffic to 192.168.0.2:81 (mattermost in http mode).
Similarly, when it sees traffic for b.abc.com, it directs traffic to Container B at 192.168.0.2:82
As my last resort, if mattermost docker has to terminates https at its end, I think pfsense's haproxy still can direct traffic correctly, but my setup will be slightly more inconsistent (as I'll lose pfSense as the central place to manage all LE certs); so I'd greatly appreciate it if the ngnix docker could serve in http mode only (like it did with mattermost-docker
).
Thanks a lot!
I think Nginx is also another reverse proxy service for the current structure.
I guess you could try docker-compose.without-nginx.yml
and use pfSense gateway both serve http and https mode.
Oh sorry I didn't realize the ngnix docker only serves as a reverse proxy here; so using docker-compose.without-nginx.yml
works perfectly now. Thank you so much!
Case closed.
Just for documenting the process, i did these:
In the .env
file, commenting out HTTPS_PORT
and HTTP_PORT
, uncommenting and use my existing reverse proxy settings' port number for APP_PORT
;
Copying the following info to docker-compose.yml
and replacing existing entries there:
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable&connect_timeout=10
MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}
Restoring database following @cobenash' s guide here;
Use docker-compose.without-nginx.yml
and voila!
Hi,
I have the following errors running
sudo docker-compose -f docker-compose.yml -f docker-compose.nginx.yml up -d
:It appears that the ngnix docker is looking for
/cert.pem
, which I cannot provide, as in my network, the SSL is terminated at the gateway level by a reverse proxy (pfsense ACME with Let's Encrypt + HAProxy).However, that pfsense HAProxy is only a reverse proxy, I still need a ngnix server for serving mattermost in http mode, right?
If so, how to run the ngnix docker in http mode only, without it looking for
cert.pem
orkey-no-password.pem
(or ignoring the errors if these .pem files don't exist)?.env:
docker-compose.nginx.yml:
config.json