Docker-compose with automatic lets encrypt ssl-CodePudding

Ok Guys, here's my very frustrating problem:

I need to deploy an mautic Instance With ssl on that. Please note who the SSL needs to be generated automatically, I want a full docker process.

I tried everything, but aparenty do not exists any slution who generate SSL directly on docker, everything I found uses the server level.

The most aproximated solution who I found is using ftraefik, but it will givinf conflict with mautic.

Here's my docker-compose file:

version: "3"

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
      
  mauticdb:
    restart: always
    image: percona/percona-server:5.7
    container_name: mauticdb
    volumes:
      - mysql_data:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MAUTIC_DB_PASSWORD}
    command:
      --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci

  mautic:
    restart: always
    image: mautic/mautic:latest
    container_name: mautic
    links:
      - mauticdb:mysql
    depends_on:
      - mauticdb
    ports:
      - 127.0.0.1:80:80
    volumes:
      - mautic_data:/var/www/html
    environment:
      - MAUTIC_DB_HOST=mauticdb
      - MYSQL_PORT_3306_TCP=3306
      - MAUTIC_DB_USER=root
      - MAUTIC_DB_PASSWORD=${MAUTIC_DB_PASSWORD}
      - MAUTIC_DB_NAME=mautic
      - MAUTIC_RUN_CRON_JOBS=true
      - PHP_INI_DATE_TIMEZONE=${GENERIC_TIMEZONE}
    labels:
      - traefik.enable=true 
      # Routes
      - traefik.http.routers.mautic.rule=Host(`${MAUTIC_SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.mautic-secure.tls=true
      - traefik.http.routers.mautic.entrypoints=websecure
      - traefik.http.routers.mautic.tls.certresolver=mytlschallenge
      # Middlewares
      - traefik.http.middlewares.mautic.headers.SSLRedirect=true
      - traefik.http.middlewares.mautic.headers.contentTypeNosniff=true
      - traefik.http.middlewares.mautic.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.mautic.headers.forceSTSHeader=true
       
volumes:
  mautic_data:
  sslcerts:
  mysql_data:

Traefik was conflicting with Mautic on port 80. So this'nt workig at all.

Q: How I can install Traefik and use it to proxy the Mautic requests over HTTPS?

And:

If Traefik was not a correct way, what configuration I need to automatically generate lets encrypt based in a domain feeled in a .env file?

In open to anything who works.

Thank you;

CodePudding user response：

Run MAUTIC on a different port than 80 (as this is used by Traefik)

    ports:
      - "8081:80"

You can also configure Traefik to listen on port 443 only: in this case it will only accept HTTPS requests and MAUTIC can run on port 80 without conflicting.