I have a website running in AWS using elastic beanstalk service. I'm using docker to deploy it, by importing a docker-compose file that pulls and runs an image from my dockerhub repository. I also have a 53 route redirecting to my website, so it's working great until now. Here is my very simple docker-compose file:
version: "3.8"
services:
backend:
image: "mypersonalrepo/image:tag"
ports:
- "80:8080"
restart: "always"
The problem is that only works with http since I don't have any SSL certifcate, so I want to generate one. I thought about using Traefik, because it seems like a good tool to use right now and use it with kubernetes in the future
I'm trying to use traefik to generate one certificate and redirect all traffic to my application, and this is what I'm trying to deploy:
version: "3.8"
services:
backend:
image: "mypersonalrepo/image:tag"
restart: "always"
labels:
- "traefik.enable=true"
- "traefik.http.routers.backend.rule=Host(`my.53.route.net`)"
- "traefik.http.routers.backend.entrypoints=websecure"
- "traefik.http.routers.backend.tls.certresolver=myresolver"
- "traefik.http.services.backend.loadbalancer.server.port=8080"
depends_on:
- traefik
traefik:
image: "traefik:v2.9"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
I'm getting errors when deploying it, but cannot understand what's going on. Maybe I need to add port 443 in my EC2 instance security group. And that is probably not enough, just feel a bit lost and don't know what the next steps are.
After I deploy it with the new docker-compose file, health will go to Severe condition
