Skip to content

docs: LetsEncrypt/ZeroSSL TLS on Docker, VMs, and Kubernetes #3518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bpmct opened this issue Aug 15, 2022 · 10 comments
Closed

docs: LetsEncrypt/ZeroSSL TLS on Docker, VMs, and Kubernetes #3518

bpmct opened this issue Aug 15, 2022 · 10 comments
Assignees
@bpmct
Labels
docs Area: coder.com/docs
Milestone
EE

Comments

@bpmct
Copy link
Member

bpmct commented Aug 15, 2022
edited
Loading

Problem statement

We do not document how to install Coder with a reverse-proxy/TLS to securely use Coder (e.g. with LetsEncrypt)

Definition of done

We have published docs for LetsEncrypt/ZeroSSL certificates on:

  • Reverse-proxy TLS for Coder on docker-compose
  • Reverse-proxy TLS for Coder on Kubernetes (Helm)
  • Reverse-proxy TLS for Coder on VM (nginx or Caddy)

Notes from call with @sharkymark 🦈

  • add sentences why subdomains are important for port forwarding
  • add full Caddyfile example with LetsEncrypt wildcard (explain why you need to rebuild Caddy)
  • add full cert-manager example with LetsEncrypt wildcard (explain what Issuer, Certificate, Secrets do)
    • let's just use the Helm-based cert-manager
@ammario ammario added this to the EE milestone Aug 22, 2022
@kylecarbs kylecarbs added the docs Area: coder.com/docs label Aug 24, 2022
@ammario ammario mentioned this issue Sep 6, 2022
Merged
@bpmct bpmct self-assigned this Oct 4, 2022
@forrest-bajbek
Copy link

forrest-bajbek commented Oct 7, 2022
edited
Loading

I used Caddy to make a reverse proxy, and it works fine for Coder itself. But I can't connect to workspaces after I create them. I tried isolating Coder to its own external bridge network (coder_frontend) and adding networks_advanced { name = "coder_frontend" } to the docker_container resource in my Template. But no dice.

If someone is willing to help me make it work, I'd be more than happy to write docs for it :)

This was referenced Oct 10, 2022
Closed
Merged
@bpmct bpmct changed the title Docs for LetsEncrypt/ZeroSSL TLS on Docker, VMs, and Kubernetes docs: LetsEncrypt/ZeroSSL TLS on Docker, VMs, and Kubernetes Oct 26, 2022
@bpmct
Copy link
Member Author

bpmct commented Oct 26, 2022

@forrest-bajbek are you setting a CODER_ACCESS_URL?

https://coder.com/docs/coder-oss/latest/admin/configure#access-url

@bpmct
Copy link
Member Author

bpmct commented Oct 26, 2022

We have docs for Caddy now: https://github.com/coder/coder/tree/main/examples/web-server/caddy

@forrest-bajbek
Copy link

I figured it out. You're correct, I wasn't using the correct value for CODER_ACCESS_URL. Thanks for making the Caddy examples. I'll take a look and see if there's anything I can add.

@bpmct bpmct closed this as completed Oct 31, 2022
@bpmct
Copy link
Member Author

bpmct commented Oct 31, 2022

Oops, re-opening until we have cert-manager docs

@bpmct bpmct reopened this Oct 31, 2022
@github-actions
Copy link

This issue is becoming stale. In order to keep the tracker readable and actionable, I'm going close to this issue in 7 days if there isn't more activity.

@github-actions github-actions bot added the stale This issue is like stale bread. label Dec 31, 2022
@matifali
Copy link
Member

Bump

@github-actions github-actions bot removed the stale This issue is like stale bread. label Jan 1, 2023
@bpmct
Copy link
Member Author

bpmct commented Feb 17, 2023

Closing. Gonna make a cert-manager specific issue for the rest.

@bpmct bpmct closed this as completed Feb 17, 2023
@matifali
Copy link
Member

Is cerbot a cert-manager?

@bpmct
Copy link
Member Author

bpmct commented Feb 17, 2023
edited
Loading

cert-manager is like certbot for Kubernetes

@matifali matifali mentioned this issue Nov 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bpmct bpmct

Labels
docs Area: coder.com/docs
Projects
None yet
Milestone
EE
Development

No branches or pull requests
5 participants
@kylecarbs @ammario @matifali @bpmct @forrest-bajbek