Comments (2)
Hello Michael!
When it comes to containers I see them a bit like UNIX tools. They should do one thing and one thing only but be easy to combine and integrate with other containers. In this project, I violated this principle quite a bit by using a nginx+fpm stack rather than a apache+mod_php or even php-only (like appserver-io) approach. From a current point of view, I would not build this container like it was built a second time. Nevertheless, simply to void problems, I will stick to the current solution holding the complexity at a minimal level.
Back to your request: I think that handling "edge" SSL should not be part of any application container. Following this philosophy, I will not integrate LetsEncrypt support directly into this project. If you want to use SSL (which you totally should) I would suggest you use a reverse proxy like Traefik (got built-in LE compatibility), Nginx (certbot nginx plugin available) or HAProxy (special config). If you do not mind using a 3rd party service for your SSL offloading you could use Cloudflare's free SSL service. Keep in mind that this enables these companies to inspect all your user-traffic, so please think twice before using their services.
Another thing would be an "SSL everywhere" approach so you would have to use encryption even between the edge-proxy and your service. In this case, I totally understand the need to set an SSL certificate inside the container. This should be handled via mounts and a special switch to create the needed nginx config directives. It would not include a full ACME client integration (like certbot for LE) but only the bare minimum to use own certs to avoid unencrypted HTTP traffic. If you are facing this kind of use case I would be happy to help to integrate this.
I hope that this was the kind of answer are looking for. If not please elaborate your scenario a bit more. Maybe there is a reason to integrate LE after all.
Cheers Michael
from humhub-docker.
Hi Michael,
thanks for your in-depth and true answer. After thinking again (I'm still a starter concerning docker), I think the best would be to just create another nginx container that does the SSL-Stuff and proxies to the humhub container and use this container as "frontdoor".
I'll close the issue.
cheeers Michael
from humhub-docker.
Related Issues (20)
- profile_image HOT 5
- Unable to connect to 'db' HOT 5
- 502 Bad Gateway Error when connecting to PHP-FPM upstream in Nginx" HOT 7
- 1.13.1 released HOT 2
- themes and assets directories not writable HOT 2
- Protect HumHub against viruses and malware when uploading files HOT 2
- UPDATE procedure HOT 1
- Upgrading from 1.12 to latest HOT 5
- Linkedin module uninstall leads to modules section being lost HOT 3
- I can't open the picture HOT 8
- SSL Woes HOT 8
- PHP_POST_MAX_SIZE and/or PHP_UPLOAD_MAX_FILESIZE variable ignored HOT 8
- Latest 1.14 docker image fails to start (1.14.5+1) HOT 8
- err_too_many_redirects HOT 4
- latest version? HOT 3
- Error launching container - 97: Address family not supported by protocol HOT 4
- OSError: [Errno 29] Invalid seek error after first start HOT 3
- Access denied for user 'root'@'localhost' (using password: NO) HOT 2
- Several issues while increasing file upload size HOT 7
- Issue with email delivery when creating new accounts and others HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from humhub-docker.