Is there a way of sharing Traefik-generated SSL with containers? #13
Labels
No Label
abra
abra-gandi
awaiting-feedback
backups
bug
build
ci/cd
community organising
contributing
coopcloud.tech
democracy
design
documentation
duplicate
enhancement
finance
funding
good first issue
help wanted
installer
kadabra
performance
proposal
question
recipes.coopcloud.tech
security
test
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/organising#13
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
CoTURN (for
matrix-synapse
) and SimpleSAML (formediawiki
) both want access to SSL certificates and keys - I could set up a separate LetsEncrypt container in both and do some elaborate routing dance to generate them, but I'm wondering if there's a way to make the Traefik-generated ones available to the containers? Tried some web searchin' but no dice so far.Turns out SimpleSAML just needs self-signed certs generated using
openssl
(and now included, possibly incorrectly, in thesimplesaml
custom entrypoint script).For CoTURN, I managed to get some initial certificates for testing by installing
certbot
on the host, stopping Docker, runningcertbot certonly -d turn...
, then restarting Docker. It looks like setting up a separate container to runacme-sh
shouldn't be too annoying though: https://github.com/b-venter/Matrix-Docker-install#9-adding-a-standalone-acme-for-non-http-certificateshttps://github.com/ldez/traefik-certs-dumper
.. and then I guess we can mount the
certs
volume into other services and give them access. Sweet!Example from Mailcow: https://mailcow.github.io/mailcow-dockerized-docs/firststeps-rp/
https://git.autonomic.zone/coop-cloud/mailu/src/branch/main/compose.yml#L155-L177