Closed t3easy closed 6 years ago
You can also do something like this (like I did) in a docker-compose.prod.yml and use the existing nginx image:
version: '3.3'
services:
zammad-nginx:
ports:
- "443:443"
volumes:
- "/srv/docker/zammad/container.conf/nginx-zammad.conf:/etc/nginx/conf.d/zammad.conf:ro"
- "/etc/ssl/certs/zammad.pem:/etc/ssl/certs/zammad.pem:ro"
- "/etc/ssl/private/zammad.key:/etc/ssl/private/zammad.key:ro"
You just need to provide your own nginx-zammad.conf and the crypto files. You can also use some letsencrypt container to create/renew your crypto files.
@waja Yes, but not if you have a fat docker host with multiple web services on it.
Main problem is, that you can't remove an option with an override file: https://github.com/docker/compose/issues/3729
Main problem is, that you can't remove an option with an override file: docker/compose#3729
Yes ... In this case you need to adjust the docker-compose.yml itself, which might be a pita.
@t3easy Which proxy are you using in front of zammad and how do you route to the zammad-websocket and zammad-railsserver container? Running a container outside the zammad stack you can't use the container names (like in the zammad-nginx nginx config) or are I'm wrong?
I had same issue a while back https://github.com/zammad/zammad-docker-compose/issues/18
@t3easy thanks!
ATM I use the alpine tag of https://hub.docker.com/r/jwilder/nginx-proxy/ therefore the VIRTUAL_HOST var in my example. https://github.com/zammad/zammad-docker-compose/pull/57/files. I don’t route anything to websocket or railsserver because that’s the job of the shipped nginx.
I'm using the same alpine (nginx-proxy) image, I updated zammad from 1.4 and your example helped.
If you have proposals for my example, please comment to my PR or send a PR to the branch of my fork. :)
I'm actually looking into caddy as it hat included LE and http/2 support. Routing against the nginx in this case might not an issue in the first place cause nobody need to know the real client IP, but chaining up http proxies might get complicated at some point.
If you're looking for a proxy https://traefik.io is maybe also worth a look ;-)
Should i remove the zammad-nginx container then ?
Or does traefik takes over the the port 80 ?
I think this would work if you configure the proxy to also handle the websocket stuff but it should be easier to keep the nginx part and just proxy port 80...
will this not conflict with the zammad-nginx port 80 ?
oke, so lets say i change that to 8080:8080 i let treaffik do the reverse to 443 to 8080 with ssl ?
Yes, but you have to use 8080:80, as the nginx config uses 80 internally.
@doludizgin If you use a proxy, you don't have to map port 80 of zammad-nginx service to any port of your host. The proxy will connect to the zammad-nginx over an internal docker network. Just load an own override.yml instead of the docker-compose.override.yml
can you help me with the override ? so i remove the ports in the override and just install nginx reverse proxy that will automatically connect to the port 80 of zammad ?
i changed the virtualhost settings and copied the file run the command on the page but i get this error.
sudo docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d ERROR: Version mismatch: file ./docker-compose.yml specifies version 2.0 but extension file ./docker-compose.prod.yml uses version 3.3
Can i just change the version then ?
Yes. @monotek changed the docker-compose file version, but not from the examples. I'll send a PR... Yes you can change the version
@doludizgin Did you get it run? I've seen that compose v2 may have a problem with the external network... https://docs.docker.com/compose/compose-file/compose-file-v2/#external-1
Not supported for version 2 docker-compose files. Use network_mode instead.
@doludizgin update first, to get the most recent version of all files and images.
i am unable to create a connection now:
docker-compose.prod.yml zammad-nginx: environment:
networks: proxy_2_zammad: external: name: proxy_2_apps
docker-compose.override.yml version: '3' services: zammad-nginx: ports:
@doludizgin Did you ever get this working?
@Hashwagon
I run this stack behind Traefik now.
I had to change the version of the docker-compose.yml
to 3.5 and my override file is:
version: '3.5'
services:
zammad-nginx:
networks:
- default
- frontend
labels:
traefik.enable: "true"
traefik.docker.network: ${FRONTEND_NETWORK}
traefik.frontend.rule: Host:${VHOST}
networks:
frontend:
external: true
name: ${FRONTEND_NETWORK}
and my .env
# don't forget to add the minus before the version
# example: VERSION=-2.1.0-13
IMAGE_REPO=zammad/zammad-docker-compose
VERSION=-2.6.0-XX
RESTART=always
FRONTEND_NETWORK=frontend
VHOST=helpdesk.mydomain.tld
I use the following project as frontend: https://github.com/t3easy/docker-frontend
Hi there, does anybody have a step-by-step instruction for traefik?
@raffisweb please don't recycle closed issues. As Traefik is no official supported application from our end, there's no official step by step instructions.
It's out of scope of the application Zammad. However, this community post might help you:
https://community.zammad.org/t/docker-treafik-csrf-token-validation-failed/4144
Infos:
Expected behavior:
Actual behavior:
Steps to reproduce the behavior:
Possible solution
If you're ok with this I could prepare a PR.