[FIXED] Docker reverse proxy + SSL setup


#1

Just wanted to say hi to the cloudflare community and offer my WORKING setup using traefik reverse proxy and cloudflare SSL certificate (thank you cloudflare guys :sunny: ).

I won’t go in details about installing docker and running a container.
If you ended up here, chances are you messed up with your reverse proxy (nginx?) and docker containers.

Traefik has a huge benefit: it can manage cloudflare certifications from its config file.

So you issue your free SSL “Origin certificate” from the crypto page on your cloudflare dashboard.
You copy both certificate and private key on your home computer
On your VPS / server, in the folder where is your docker-compose.yml:

mkdir certs/
nano certs/cloudflare.cert

Paste your certificate here (starting with -----BEGIN CERTIFICATE-----).
Remember that SHIFT+INSERT = CTRL+V for some bash (puTTY).

nano certs/cloudflare.key

Paste your key here (starting with -----BEGIN PRIVATE KEY-----)
in your docker-compose.yml, add the traefik router near your server:

  traefik:
    image: traefik:1.7.0
    container_name: traefik
    restart: unless-stopped
    ports:
      - 80:3000
      - 443:443
    volumes:
      - ./traefik.toml:/traefik.toml
      - ./certs/:/certs/
      - /var/run/docker.sock:/var/run/docker.sock

Don’t forget to open ports on your server’s firewall (yeah, we forget sometimes).

Note that you must know the local IP of your main server to point to it:
docker-compose up -d
docker inspect rocketchat | grep IPAddress
and note the IP.
It’s not fixed though, if you know how to fix it, feel free to comment below.

You might have noticed the call to the traefik.toml file. Here it is:

debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["http","https"]

[web]
address = ":8081"

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[file]

[backends]
  [backends.backend1]
    [backends.backend1.servers]
      [backends.backend1.servers.server0]
        url = "http://192.168.64.4:3000"

[frontends]
  [frontends.frontend1]
  entryPoints = ["https"]
  backend = "backend1"

[[tls]]
  entryPoints = ["https"]
  [tls.certificate]
    certFile = "/certs/cloudflare.cert"
    keyfile = "/certs/cloudflare.key"

Now, to make sure everything works fine, I had to click on “Pause Cloudflare on Site” link from the Overview tab in Cloudflare.

docker stop traefik && docker-compose up -d
just to restart traefik with new configuration (if it’s first time it doesn’t matter to kill non-existing container).

visit https://yourdomain.com and you see a valid certificate.
From there, reactivate cloudflare.

I’m not affiliated with traefik, rocket.chat or docker or whatever, I can’t reply to your specific problem, but likes are welcome :smile:


#2

This topic was automatically closed after 30 days. New replies are no longer allowed.