Giters

techno-tim / techno-tim.github.io

Open Source, Community Driven, Documentation for Techno Tim YouTube Videos/ Complete with examples for all your copy pasta needs!

Home Page:https://technotim.live

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SSL Everything - Incomplete

john-clark opened this issue · comments

commented

How this is working? I was able to follow your instructions and everything works but why it is not clear what is going on to me.

This seems to be only for local webservers inside the firewall. You say that things come in through the reverse proxy, but only set up a docker network called proxy that is accessible by the local lan. How does letsencrypt connect to verify an internal webserver without a connection to the internet? Is the local lan dns available publicly? Does the service.local.domain.com resolving publicly as a private ip? When I look it up I see a uuid.cfargotunnel.com with a ipv6 address, although I can not reach the service (maybe ufw). Is traefik creating a cloudflared tunnel somehow? Doesn't acme need to verify the website is publicly available? This is what is confusing to me.

When you say "how do we rout an external service" can you clarify external to docker, but it is still internal to lan as external is typically referred to as public internet. The reason for this ticket is that you did not show how this works with external public dns/ip that is internet available website, so I feel like this video is incomplete. The proxy docker external network appears it would mean that it can reach local lan but can it reach ouside? Is there additional steps needed such as setting up cloudflared or punching holes through a firewall to traefik for external connections to finish this project?

I can't find many good articles on Traefik config and their documentation is not great. Traefik doesn't seem to have any GUI settings and is only a dashboard for what is set in the docker compose files, so it's usefulness seems to me to be very limited. Maybe there is a more useful product that doesn't need so many docker configurations. Maybe Caddy, HAProxy, or Nginx Proxy Manager could be explored in a future video.

I also suggest creating variables in your docker files as that would make things much simpler and less confusing. I appreciate your video as it approaches a very complicated topic succinctly. REF: https://www.youtube.com/watch?v=liV3c9m_OX8