Differences

This shows you the differences between two versions of the page.

--- docker_notes:docker-reverse-proxy [2024-04-28 Sun wk17 11:11] – [Cloudsec] baumkp
+++ docker_notes:docker-reverse-proxy [2024-08-11 Sun wk32 11:25] (current) – [ssl certificates] baumkp
@@ Line 1: / Line 1: @@
-{{tag>linux docker traefik "reverse proxy" proxy ssl certificate portainer cloudsec}}
+{{tag>linux docker traefik "reverse proxy" proxy openssl ssl certificate portainer cloudsec}}
 ======Reverse Proxy Server======
-I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]] ([[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl|github reference_files for traefik-portainer-ssl]])
+I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]] ([[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl|github reference_files for traefik-portainer-ssl]]).  Also see [[https://www.youtube.com/watch?v=IBlZgrwc1T8&t=990s|Jim's Garage Your Traefik Isn't Secure]] ([[https://github.com/JamesTurland/JimsGarage/tree/main/Traefik-Secure|JimsGarage/Traefik-Secure/]]
 Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence.
@@ Line 31: / Line 31: @@
  \\
 ====Generate and Install Godaddy DNS Challenge Data====
+Godaddy changed their policies circa April 2024 that basically does not give small users access to their developers API system.  Sadly and unprofessionally they did this without informing users of the policy.  I only found out when my proxy server issued messages of certificate update failure, as the API DNS challenge stopped working.  I checked the internet and it was indicated that Godaddy had changed their policies, however I found it difficult to believe that Godaddy would change their policy without contacting me, after all I am a paying customer!  After raising a ticket on the matter, I was sent an email explaining the policy change.  I immediately moved my domain DNS server to Hurricane Electronics.  I needed to change the DNS verification process to suit that used by Hurricane Electronics.
+My domain is still registered via Godaddy, I expect that I will look at moving to another registry when the registration comes due.  I do not wish to support Godaddy going forward with my business. <color #ff7f27>**Godaddy SUCKS!**</color>
+++++Old, tl;dr;|
 Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal [[https://developer.godaddy.com/|Godaddy Developer Portal]], from here the API keys can be made.  These keys then need to be copied into ''/home/docker_store/traefik/data/provider.env'':
 <code [enable_line_numbers="true">GODADDY_API_KEY=[Your API_KEY key from Godaddy API]
 GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]</code>
- \\
+++++
 ====Generate and install Basic Authentication Password====
 <code bash [enable_line_numbers="true"]>sudo apt update
@@ Line 119: / Line 124: @@
     * Nginxproxymanager.com [[https://nginxproxymanager.com/advanced-config/#best-practice-use-a-docker-network|Best Practice: Use a Docker network]]
-====ssl certificates====
+====ssl certificates / openssl====
   *''openssl x509 -in (path to certificate and certificate filename) -text -noout''
   *''openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -dates''