-
Notifications
You must be signed in to change notification settings - Fork 76
Configure SSL
Let's Encrypt has been included in this project for secure connections and management.
By default, certbot is enabled by bin/deploy, if you did a custom install, you must include the --letsencrypt parameter.
Once certbot has been enabled in your project, you can run certbot using docker-compose. For example, docker-compose run --rm --service-ports certbot certonly -d <domain>. Plugin Authentication is not needed and taken care of during project creation. You do not need to specify webroot/standalone when getting a certificate. Once your certificates have been generated, all you need to do now is configure the panel/daemon. Here are the steps for the following services:
Find conf.d/panel.env and edit the following variables:
Original
SSL_CERT="/etc/certs/cert.pem"
SSL_CERT_KEY="/etc/certs/cert.key"
APP_URL=http://<domain>/
new
SSL_CERT="/etc/letsencrypt/live/<domain>/fullchain.pem"
SSL_CERT_KEY="/etc/letsencrypt/live/<domain>/privkey.pem"
APP_URL=https://<domain>/
Go to the project root and rebuild your panel container using docker-compose up -d panel cron worker
You should now be able to login to the panel using https://.
When deploying the daemon for the first time, set Allow Secure Connections to true, and copy the daemon config from the panel. Make sure the node domain matches what was generated with certbot.