Add TLS on services (#129)

* Add TLS on services * Use https instead of http transport * enable redirection to https
matro7sh · Aug 4, 2021 · f9b7676 · f9b7676
1 parent c5e25d6
commit f9b7676
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/.env b/.env
@@ -8,4 +8,4 @@ CODI_DB_USER=codimd
 DOMAIN=smersh.lan
 JWT_KEY=secret-key
 SUBDOMAINS=(api|bitwarden|codimd)
-TRANSPORT=http://
+TRANSPORT=https://
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -67,6 +67,9 @@ services:
       - ./api/public:/srv/api/public:ro
     labels:
       - traefik.http.routers.api.rule=Host(`api.${DOMAIN}`)
+      - traefik.http.routers.api.tls=true
+      - traefik.http.routers.api.tls.domains[0].main=${DOMAIN}
+      - traefik.http.routers.api.tls.domains[0].sans=*.${DOMAIN}
     <<: *network
 
   db:
@@ -109,6 +112,9 @@ services:
     labels:
       - traefik.http.routers.codimd.rule=Host(`codimd.${DOMAIN}`)
       - traefik.http.services.codimd.loadbalancer.server.port=3000
+      - traefik.http.routers.codimd.tls=true
+      - traefik.http.routers.codimd.tls.domains[0].main=${DOMAIN}
+      - traefik.http.routers.codimd.tls.domains[0].sans=*.${DOMAIN}
     volumes:
       - upload-data:/home/hackmd/app/public/uploads
 #    restart: always
@@ -127,12 +133,18 @@ services:
       - 80
     labels:
       - traefik.http.routers.client.rule=Host(`${DOMAIN}`)
+      - traefik.http.routers.client.tls=true
+      - traefik.http.routers.client.tls.domains[0].main=${DOMAIN}
+      - traefik.http.routers.client.tls.domains[0].sans=*.${DOMAIN}
     <<: *network
 
   bitwarden:
     image: bitwardenrs/server:latest
     labels:
       - traefik.http.routers.bitwarden.rule=Host(`bitwarden.${DOMAIN}`)
+      - traefik.http.routers.bitwarden.tls=true
+      - traefik.http.routers.bitwarden.tls.domains[0].main=${DOMAIN}
+      - traefik.http.routers.bitwarden.tls.domains[0].sans=*.${DOMAIN}
     volumes:
       - ./data/bitwarden:/data
 #    restart: on-failure

diff --git a/traefik.toml b/traefik.toml
@@ -6,7 +6,13 @@
   dashboard = true
   debug = true
 
-[entryPoints.web]
-  address = ":80"
-[entryPoints.web-secure]
-  address = ":443"
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+    [entryPoints.web.http]
+      [entryPoints.web.http.redirections]
+        [entryPoints.web.http.redirections.entryPoint]
+          to = "web-secure"
+          scheme = "https"
+  [entryPoints.web-secure]
+    address = ":443"