nginx-proxy / acme-companion

Automated ACME SSL certificate generation for nginx-proxy
MIT License
7.42k stars 825 forks source link

Swarm mode #258

Open jasonchi38 opened 7 years ago

jasonchi38 commented 7 years ago

How do we deploy this in Swarm mode? I'm to a point that everything works when run as docker-compose, however this only works if you run everything on the same host. Great for testing and single site. I can't seems to find a way to attach "docker-compose up" container to -overlay network, which is needed to run in swarm mode.

Running in Swarm mode (docker stack deploy ...) return this error: Sending container 'nginx-test' signal '1' Error sending signal to container: No such container: nginx

jasonchi38 commented 7 years ago

Has anyone successfully implemented in swarm mode where you deploy nginx-letsencrypt service on one node, and deploy web application on another node?

Please let me know if it's not possible at this time, google various answers are driving me nuts. Thanks.

kevindesousa commented 7 years ago

Hello,

I have the same problem, I want to use this with the Swarm. If anyone can help us.

Thanks

oronoa commented 7 years ago

There are other issues with the swarm. You would want to run this replicated, but it needs a design where one would be the leader and acquire the new certs and write them to a share (NFS?) path while the others only listen for changes.

cchris-org commented 6 years ago

my basic idea is to run nginx-proxy-letsencrypt in mode=global. so .. each node have its one proxy with its own external ip. Wordpress could be deploy in replicated mode, because each node shoud be noified via docker-gen if a service replicated on it. but .. on v3 there is no name to define. Docker-gen need a container-name for notify the nginx-container. how can i define a name in v3??

fbandrey commented 6 years ago

Hey guys, you can find the solution of "no containers name in Swarm mode" issue over here: https://hub.docker.com/r/helder/docker-gen/

This image using labels instead of container names or IDs. I've fixed this problem few minutes ago. Yay!

hugokoopmans commented 4 years ago

Hi, I am looking for a solution to setup the compagnion in (or infront of) a swarm. It seems docker-gen finds the service (and creates the certs for the service, only the routing from nginx into the swarm does not find the service provided by the swarm. Any suggestions how to get this working?

hugokoopmans commented 4 years ago

Hey guys, you can find the solution of "no containers name in Swarm mode" issue over here: https://hub.docker.com/r/helder/docker-gen/

This image using labels instead of container names or IDs. I've fixed this problem few minutes ago. Yay!

Hi @fbandrey can you elaborate how this helps our issue here? Thx

pupattan commented 4 years ago

I am facing the same issue. @fbandrey Could you please elaborate ?

fbandrey commented 4 years ago

Hey @hugokoopmans and @pupattan, sorry for delay.

I stopped using Swarm in favor of Kubernetes few years ago, so I even don't remember how I deal with this issue before. BUT! Want to tell you that it's super easy to setup certs issuer in K8s, so I recommend to take a look at this software.

netlander commented 4 years ago

@fbandrey any pointers in terms of tuts or docs regarding this "super easy" setup?

fbandrey commented 3 years ago

@netlander yeah, this one: https://cert-manager.io/docs/ Just a few commands and cert manager is up and running. Hope you have already dealt with this by yourself.

FYI: I'm hosting my domains at www.gandi.net and cert-manager has integration with Gandi to solve challenges via DNS. But HTTP solver exising as well of course.

So I can issue certs using simple CRDs. Example for wildcard cert:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wc-domain-cert
spec:
  dnsNames:
    - '*.domain.com'
  issuerRef:
    name: le-dns-prod
  secretName: wc-domain-tls

And prod issuer:

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: le-dns-prod
  namespace: default
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: user@email.com
    privateKeySecretRef:
      name: le-dns-prod
    solvers:
    - dns01:
        webhook:
          groupName: acme.bwolf.me
          solverName: gandi
          config:
            apiKeySecretRef:
              key: api-token
              name: gandi-credentials

Some more info about integration with Gandi: https://github.com/bwolf/cert-manager-webhook-gandi Rest of the list: https://cert-manager.io/docs/configuration/acme/dns01/#webhook

Have fun 😄