Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to apply a certificate if port 80 is used by chainpoint gateway ? #52

Open
jo2h2 opened this issue Feb 12, 2021 · 3 comments
Open

How to apply a certificate if port 80 is used by chainpoint gateway ? #52

jo2h2 opened this issue Feb 12, 2021 · 3 comments

Comments

@jo2h2
Copy link

jo2h2 commented Feb 12, 2021

@jacohend - you stated when "the gateway initialized properly. If it did, it will be accessible on port 80 instead of 8080."

Originally posted by @jacohend in #51 (comment)

As both Chrome but CURL as well are complaining that the certificate is invalid I thought to install nginx and let's enrypt and put the valid certificates into the right placces.

Is this the recommended approach ? But if port 80 is used by chainpoint gateway - would it be the right approach to shut down chainpoint gateway, start up nginx, do the certificate update, stop nginx and restart chainpoint gateway ... ? Or what would be the proper way ?

Thanks a lot !

Best wishes,
Jo ...
@jacohend
Copy link
Contributor

You could use a forward proxy such as Traefik. It'll also handle Let's Encrypt.

@jo2h2
Copy link
Author

jo2h2 commented Feb 26, 2021

Hi Jacob,

thanks for your hint - and I started with traefik following this https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04 tutorial.

In Step 2 https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04#step-2-%E2%80%93-running-the-traefik-container, using parameter -p 80:80 fails (of course) as the chainpoint gateway is using this port - so I started the traefik docker without this parameter. But https://monitor.your_domain/dashboard/ is showing up and Let's Encrypt is working as well ...

Do I need change something in the existing chainpoint docker configuration related to the port 80 ?

But I am lost with https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04#step-3-%E2%80%94-registering-containers-with-traefik

Do I need to create a new separate traefik docker-compose.yml file as explained in above step 3 link ? Or should I tweak one of the existing ~/chainpoint-gateway$ docker-compose.yaml or swarm-compose.yaml ? and add e.g.
labels:
- traefik.http.routers.blog.rule=Host(chainpoint.your_domain)
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=lets-encrypt
- traefik.port=80

And what about the "network = web" ? do I need to use this network web ...
[providers.docker]
watch = true
network = "web"

or should I tweak one of the below ??

NETWORK ID NAME DRIVER SCOPE
****** bridge bridge local
****** chainpoint-gateway_chainpoint-gateway overlay swarm
****** docker_gwbridge cbridge local
****** host host local
****** ingress overlay swarm
****** none null local
****** web bridge local

Sorry for all the questions :-) - and thanks for any hint you can give !

Best wishes,
Jo ...

@jo2h2
Copy link
Author

jo2h2 commented Mar 2, 2021

Any hint for me ? :-)

Thanks a lot !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jacohend @jo2h2