Using SSL

[NickSurmanidze]

Hi,

Thank you for wrapping Postal into the docker container. Great job!

I have installed it on a server which will also have an email verification app running in a separate container, so I have used an Nginx server on top of this.
I am using my nginx server (outside of this container) for pointing to port 82 of this container.
On docker-postal, I have changed Nginx port from 80 to 82.
This works great and allows me adding new docker containers for using other applications but I have encountered one issue. When I install an ssl certificate on my host OS's Nginx server, I can access Postal admin via https, however when trying to send a message, I am getting an error:
422Unprocessable Entity

Maybe you could advise something? Should the SSL certificate be installed on the nginx container serving postal as well?

Many thanks,
Nick

[denji]

To use K8s, Mesos, Azure, Amazon and Docker containers, the best use case would be Traefik. You don't even need to get acme certificates, they will be obtained automatically via labels docker.

traefik.sample.toml

defaultEntryPoints = ["https","http"]

[api]
entryPoint = "traefik"
dashboard = true

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
    minVersion = "VersionTLS12"
    cipherSuites = [
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
    ]
  [entryPoints.traefik]
  address = ":8080"
  [entryPoints.traefik.auth.basic]
  # htpasswd generator http://aspirine.org/htpasswd_en.html
  users = ["admin:{SHA}+PIaguDtkVBQxIqPMrnJpVeovVA="]

[acme]
email = "{{ admin-notify-email }}"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
onHostRule = true
  [acme.tlsChallenge]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "{{ your-domain }}"
watch = true
exposedbydefault = false

docker-compose.yml

version: "3"

services:
  traefik:
    image: traefik:1.7-alpine
    container_name: traefik
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro # monitoring docker labels "traefik.*"
      - ./traefik/traefik.toml:/traefik.toml:ro # traefik.toml
      - ./traefik/acme:/etc/traefik/acme # Storage for ACME / Let's Encrypt certificates

  postal:
    image: catdeployed/postal:alpine
    container_name: postal
    command: run
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:postaldomain # domain
      - traefik.port=80 # Port inside the container to return traffic to http://traefik:80 & tls://traefik:443
    ports:
      - 127.0.0.1:25:25
    depends_on:
      - "mysql"
      - "rabbitmq"
    volumes:
      - static_assets:/opt/postal/public
      - ./data/postal/assets:/opt/postal/public/assets
      - ./src/templates/:/templates
    environment:
      - MYSQL_ROOT_PASSWORD=changeme
      - MYSQL_DATABASE=postal
      - RABBITMQ_DEFAULT_USER=postal
      - RABBITMQ_DEFAULT_PASS=changeme
      - RABBITMQ_DEFAULT_VHOST=postal

  mysql:
    image: mariadb:10
    container_name: postal_mysql
    volumes:
      - ./data/mysql:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=changeme
      - MYSQL_DATABASE=postal

  rabbitmq:
    image: rabbitmq:3-alpine
    container_name: postal_rabbitmq
    environment:
      - RABBITMQ_DEFAULT_USER=postal
      - RABBITMQ_DEFAULT_PASS=changeme
      - RABBITMQ_DEFAULT_VHOST=/postal

volumes:
  static_assets: