I’ve tried to setup the Bookstack container with Let’s Encrypt.
First I tried it with Traefik which I’m using on all my other services but that didn’t work.
Then I tried to use the LSIO Let’s Encrypt container but that didn’t work either because I wasn’t able to get the certificate.
Yes port 80 and 443 are open and accessible.
I tried a ton of things but wasn’t able to get it work either way, the LSIO Heimdall container is working fine.
As far as I can tell the two are very similar configured when it comes to Nginx.
I then installed Nginx and Certbot on the Docker host and got the certificate that way and use the host Nginx server as a reverse proxy for the Bookstack container.
All of these servers are behind a HAProxy TCP reverse proxy because I only have one IP.
If someone needs more information like the docker-compose.yml or something else, please let me know.
I’m mainly leaving this here in case someone else has similar problems with the Bookstack container.
Hi!
Even if it is an old post, I reply in case someone is stucked at the same point. I have it working with the next configuration:
# docker-compose.yml
version: '3'
volumes:
production_traefik: {}
services:
traefik:
build:
context: .
dockerfile: ./compose/production/traefik/Dockerfile
image: production_traefik
depends_on:
- bookstack
volumes:
- production_traefik:/etc/traefik/acme:z
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
bookstack:
image: lscr.io/linuxserver/bookstack
container_name: bookstack
env_file:
- ./.envs/.production/.bookstack
volumes:
- ./libros/app_config:/config
restart: unless-stopped
depends_on:
- bookstack_db
bookstack_db:
image: lscr.io/linuxserver/mariadb
container_name: bookstack_db
env_file:
- ./.envs/.production/.bookstack_db
volumes:
- ./libros/app_data:/config
restart: unless-stopped
Then, the ./compose/production/traefik/Dockerfile
is the following:
FROM traefik:v2.2.11
RUN mkdir -p /etc/traefik/acme \
&& touch /etc/traefik/acme/acme.json \
&& chmod 600 /etc/traefik/acme/acme.json
COPY ./compose/production/traefik/traefik.yml /etc/traefik
And the traefik.yml
referenced from the Dockerfile
is like this:
log:
level: INFO
entryPoints:
web:
# http
address: ":80"
http:
# https://docs.traefik.io/routing/entrypoints/#entrypoint
redirections:
entryPoint:
to: web-secure
web-secure:
# https
address: ":443"
certificatesResolvers:
letsencrypt:
# https://docs.traefik.io/master/https/acme/#lets-encrypt
acme:
email: "your-email@example.com"
storage: /etc/traefik/acme/acme.json
# https://docs.traefik.io/master/https/acme/#httpchallenge
httpChallenge:
entryPoint: web
http:
routers:
bookstack-secure-router:
rule: "Host(`libros.catedu.es`)"
entryPoints:
- web-secure
middlewares:
- csrf
service: bookstack
tls:
# https://docs.traefik.io/master/routing/routers/#certresolver
certResolver: letsencrypt
middlewares:
csrf:
# https://docs.traefik.io/master/middlewares/headers/#hostsproxyheaders
# https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
headers:
hostsProxyHeaders: ["X-CSRFToken"]
services:
bookstack:
loadBalancer:
servers:
- url: http://bookstack
providers:
# https://docs.traefik.io/master/providers/file/
file:
filename: /etc/traefik/traefik.yml
watch: true