Is there a way of sharing Traefik-generated SSL with containers? #13
Labels
No Label
automation
bug
community organising
democracy
design
documentation
duplicate
enhancement
finance
funding
help wanted
invalid
publishing
question
security
wontfix
No Milestone
No project
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/organising#13
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
CoTURN (for
matrix-synapse
) and SimpleSAML (formediawiki
) both want access to SSL certificates and keys - I could set up a separate LetsEncrypt container in both and do some elaborate routing dance to generate them, but I'm wondering if there's a way to make the Traefik-generated ones available to the containers? Tried some web searchin' but no dice so far.Turns out SimpleSAML just needs self-signed certs generated using
openssl
(and now included, possibly incorrectly, in thesimplesaml
custom entrypoint script).For CoTURN, I managed to get some initial certificates for testing by installing
certbot
on the host, stopping Docker, runningcertbot certonly -d turn...
, then restarting Docker. It looks like setting up a separate container to runacme-sh
shouldn't be too annoying though: https://github.com/b-venter/Matrix-Docker-install#9-adding-a-standalone-acme-for-non-http-certificateshttps://github.com/ldez/traefik-certs-dumper
.. and then I guess we can mount the
certs
volume into other services and give them access. Sweet!Example from Mailcow: https://mailcow.github.io/mailcow-dockerized-docs/firststeps-rp/
https://git.autonomic.zone/coop-cloud/mailu/src/branch/main/compose.yml#L155-L177