Let's go ..First article
And why not start by explaining the installation of this blog
I use Docker (not yet very familiar with k8s) and docker-compose .
My starting configuration:
For all install i use ansible playbooks and like reverse proxy Traefik
The goals :
By default i choose to install all docker-compose file in opt directory . Each docker-compose files are on sub-directory with the name of the application.
For use let's encrypt with Traefik, you must have prepare how to manage certificate .
In my case i use OVH like DNS provider .
First step create a DNS, in my case ashram.kairel.fr.
Go to OVH ui, on zone -> Web cloud -> domain name -> DNS Zone
Add your new zone , in my case "ashram"
Now you have created your zone, it's always better check that propagation is done
$ ping ashram.kairel.fr
64 bytes from vps-cb65982e.vps.ovh.net (51.255.51.203): icmp_seq=1 ttl=64 time=0.035 ms
64 bytes from vps-cb65982e.vps.ovh.net (51.255.51.203): icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from vps-cb65982e.vps.ovh.net (51.255.51.203): icmp_seq=3 ttl=64 time=0.039 ms
Its' ok , we continue
Now we have a DNS A record , we must authorize an application (like traefik) to manage certificate.
For that we must create a new application id
go this url : https://www.ovh.com/auth/api/createApp
Please copy all your credentials
You have now an applicationID , we must add right for let let'sencrypt manage certificates
We can use curl (on all other api caller)
In the response, you have a consumer_key , please keep this key with other credentials
{"consumerKey":"<consummer_key>","validationUrl":"https://www.ovh.com/auth/sso/api?credentialToken=<token>","state":"pendingValidation"}
Go to validation URL for authorize application with new rights, click on unlimited validity and authorize
Good you have now an applicationID authorize to renew your record
My docker-compose.yml Traefik file:
The important key in this docker-compose file:
Not forget to set correct environment variables with your credentials
Create a (persistant) directory for store certificate
At the end of the file , i use a named networks , because it's usefull for call him in another docker-compose file or just for set firewall rules
Now you have applicationID and traefik
In this step i just explain how install bludit with ssl and traefik, not to configure it .
my docker-compose file for bludit explain:
http.middlewares=bludit-https: Allow http to forward to a middleware: here https
redirectscheme.scheme=https: Redirection http to https
tls.certresolver=myresolver: resolver use in traefik docker-compose, it's thos resolver who are authorize to manage ashram certificate
And now just start yours container ..
Last thing, by default Bludit is configure to use Http and not Https, at the first view , you'll see your css are broken ..
Don't panic, it's normal , just go to admin(advanced options) and change the url site in https.