Add Let'sEncrypt config to docker-compose.yaml

nimh-dsst · Oct 31, 2024 · 295c9eb · 295c9eb
1 parent 7effc71
commit 295c9eb
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/.github/workflows/docker-up.yml b/.github/workflows/docker-up.yml
@@ -61,13 +61,15 @@ jobs:
           AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
           AWS_REGION: ${{ secrets.AWS_REGION }}
           MONGODB_URI: ${{ secrets.MONGODB_URI }}
+          LETSENCRYPT_ADMIN_EMAIL: ${{ secrets.LETSENCRYPT_ADMIN_EMAIL }}
         run: |
           ssh ${{ inputs.development-environment }} \
           MONGODB_URI="${MONGODB_URI}" \
           HOST_URI="${HOST_URI}" \
           RELEASE_TAG="${RELEASE_TAG}" \
           AWS_ACCOUNT_ID="${AWS_ACCOUNT_ID}" \
           AWS_REGION="${AWS_REGION}" \
+          LETSENCRYPT_ADMIN_EMAIL=${LETSENCRYPT_ADMIN_EMAIL} \
           docker compose -f - up -d < ./web/deploy/docker-compose.yaml
 
       - name: Prune Docker artifacts

diff --git a/web/deploy/docker-compose.yaml b/web/deploy/docker-compose.yaml
@@ -12,8 +12,10 @@ services:
             - traefik.enable=true
             - traefik.docker.network=osm_traefik-public
             - traefik.http.routers.osm_web_api.rule=Host("`${HOST_URI}`") && PathPrefix(`/api`)
-            - "traefik.http.routers.osm_web_api.entrypoints=web"
+            - "traefik.http.routers.osm_web_api.entrypoints=web,websecure"
             - traefik.http.services.osm_web_api.loadbalancer.server.port=80
+            - traefik.http.routers.osm_web_api.tls=true
+            - traefik.http.routers.osm_web_api.tls.certresolver=le
         networks:
             - traefik-public
         restart: always
@@ -28,8 +30,10 @@ services:
             - traefik.enable=true
             - traefik.docker.network=osm_traefik-public
             - traefik.http.routers.dashboard.rule=Host("`${HOST_URI}`")
-            - traefik.http.routers.dashboard.entrypoints=web
+            - traefik.http.routers.dashboard.entrypoints=web,websecure
             - traefik.http.services.dashboard.loadbalancer.server.port=8501
+            - traefik.http.routers.dashboard.tls=true
+            - traefik.http.routers.dashboard.tls.certresolver=le
         expose:
             - "8501"
 
@@ -45,6 +49,10 @@ services:
             - --providers.docker.exposedbydefault=false
             - --entrypoints.web.address=:80
             - --entrypoints.websecure.address=:443
+            - --entryPoints.web.http.redirections.entryPoint.to=websecure
+            - "--certificatesresolvers.le.acme.email=${LETSENCRYPT_ADMIN_EMAIL}"
+            - --certificatesresolvers.le.acme.storage=/certificates/acme.json
+            - --certificatesresolvers.le.acme.tlschallenge=true
             - --log
             - --accesslog
             - --log.level=DEBUG