Here is an example docker-compose.yaml that forces TLS:
(touch acme.json and then docker-compose up -d)
version: "3.3"
services:
bbs:
image: erkin/schemebbs
container_name: sbbs
labels:
- "traefik.enable=true"
- "traefik.http.services.bbs.loadbalancer.server.port=80"
- "traefik.http.routers.bbs.rule=Host(`example-bbs.org`)"
- "traefik.http.routers.bbs.entrypoints=websecure"
- "traefik.http.routers.bbs.tls=true"
- "traefik.http.routers.bbs.tls.certresolver=leresolver"
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=web"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
volumes:
- /opt/bbs:/opt/schemebbs/data
proxy:
image: traefik:2.2
container_name: traefik
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.leresolver.acme.email=webmaster@example-bbs.org"
- "--certificatesresolvers.leresolver.acme.storage=/acme.json"
- "--certificatesresolvers.leresolver.acme.tlschallenge=true"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./acme.json:/acme.jsonI'm going to brush up on my nginx knowledge to replace Traefik with nginx. I picked the former purely because it's trivial to use with Docker and it makes it really easy to automatically generate TLS certificates. But it doesn't yet support caching, which seems rather crucial here.
>>180
Discordian tradition. :-)