diff --git a/docker-compose.yml b/docker-compose.yml index 99994a7d..87d72377 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,6 +13,15 @@ services: - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myresolver.acme.email=${LETSENCRYPT_EMAIL}" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + labels: + # enable traefik + - "traefik.enable=true" + # global redirect to https for production only + - "${HTTPS_REDIRECT_RULE_LABEL}" + - "${HTTPS_REDIRECT_ENTRYPOINT_LABEL}" + - "${HTTPS_REDIRECT_MIDDLEWARE_LABEL}" + # middleware redirect for production only + - "${HTTPS_USE_REDIRECT_MIDDLEWARE_LABEL}" ports: - "80:80" - "443:443" diff --git a/docs/single-bench.md b/docs/single-bench.md index f0ab155d..ad511dc9 100644 --- a/docs/single-bench.md +++ b/docs/single-bench.md @@ -57,27 +57,6 @@ Notes: - `AUTO_MIGRATE` variable is set to `1` by default. It checks if there is semver bump or git hash change in case of develop branch and automatically migrates the sites on container start up. - It is good practice to use image tag for specific version instead of latest. e.g `frappe-socketio:v12.5.1`, `erpnext-nginx:v12.7.1`. -### HTTP to HTTPS redirection - -> This step can be skipped, Recommended only for **production** - -If HTTPS redirection is required, add the following labels block to the **traefik** service/container. This will route any HTTP traffic to HTTPS. (e.g any request going to `http://ernext.example.com` will be redirected to `https://erpnext.example.com`) - -```yaml - # ... - labels: - # enable traefik - - "traefik.enable=true" - # global redirect to https - - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" - - "traefik.http.routers.http-catchall.entrypoints=web" - - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - - # middleware redirect - - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - # ... -``` - ## Start containers Execute the following command: @@ -90,7 +69,7 @@ Make sure to replace `` with the desired name you wish to set for Notes: -- If it's the first time running, and site is being initialized, *it can take multiple minutes for the site to be up* +- If it is the first time running and site is being initialized, *it can take multiple minutes for the site to be up*. Monitor `site-creator` container logs to check progress. Use command `docker logs _site-creator_1 -f` - After the site is ready the username is `Administrator` and the password is `$ADMIN_PASSWORD` - The local deployment is for testing and REST API development purpose only - A complete development environment is available [here](../development) diff --git a/env-local b/env-local index 70af1397..2b331a22 100644 --- a/env-local +++ b/env-local @@ -9,3 +9,8 @@ DB_ROOT_USER=root ADMIN_PASSWORD=admin INSTALL_APPS=erpnext ENTRYPOINT_LABEL=traefik.http.routers.erpnext-nginx.entrypoints=web +CERT_RESOLVER_LABEL=erpnext.local.no-cert-resolver +HTTPS_REDIRECT_RULE_LABEL=erpnext.local.no-redirect-rule +HTTPS_REDIRECT_ENTRYPOINT_LABEL=erpnext.local.no-entrypoint +HTTPS_REDIRECT_MIDDLEWARE_LABEL=erpnext.local.no-middleware +HTTPS_USE_REDIRECT_MIDDLEWARE_LABEL=erpnext.local-no-redirect-middleware diff --git a/env-production b/env-production index 43b511fe..2ac0e75c 100644 --- a/env-production +++ b/env-production @@ -10,3 +10,7 @@ ADMIN_PASSWORD=admin INSTALL_APPS=erpnext ENTRYPOINT_LABEL=traefik.http.routers.erpnext-nginx.entrypoints=websecure CERT_RESOLVER_LABEL=traefik.http.routers.erpnext-nginx.tls.certresolver=myresolver +HTTPS_REDIRECT_RULE_LABEL=traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) +HTTPS_REDIRECT_ENTRYPOINT_LABEL=traefik.http.routers.http-catchall.entrypoints=web +HTTPS_REDIRECT_MIDDLEWARE_LABEL=traefik.http.routers.http-catchall.middlewares=redirect-to-https +HTTPS_USE_REDIRECT_MIDDLEWARE_LABEL=traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https