After exploring fleet with `fleetctl preview` I want to inst

Question

After exploring fleet with `fleetctl preview` I want to install `fleet` on a public node with `docker compose` using `traefic` to provide the `HTTPs` cert via `letsencrypt` Is there any example guide available which I can use as a template

Benjamin Edwards · Answer

Wild I was just talking about this with < Kathy Satterlee>

Kathy Satterlee · Answer

Hi < Andreas Piening> That s actually what I m working on now Should be out soon just working on sorting out the HTTPS portion

Andreas Piening · Answer

That s great to hear What is the current issue with the `HTTPs` portion if I may ask

Andreas Piening · Answer

Providing `HTTPs` for the `HTTP` service port should be easy I guess but I found something related to the `SSL` certificate that is needed to be exported so that the clients can use it to check the authentication against the server Maybe I completely misunderstood this

Kathy Satterlee · Answer

< Andreas Piening> Nothing wrong with the process just the practitioner slightly smiling face Both Docker and SSL are things that I am relatively unfamiliar with setting up which made me the obvious choice to put this together because I m going to hit all of the pain points and learn a ton

Andreas Piening · Answer

Maybe you can take a look at <https github com cbirkenbeul docker homelab tree master compose files applications traefik>

Kathy Satterlee · Answer

That s exactly what my next step was thanks Cleaning up my repo a little and I ll send that over shortly if you d like to take a look

Andreas Piening · Answer

Using these example config I was able to spin up a `traefic` instance with working `SSL` via `letsenvcrypt` within under 15 minutes

Kathy Satterlee · Answer

Brilliant

Andreas Piening · Answer

Yes < Kathy Satterlee> I would love to take a look at your repo I could give it a try and provide feedback then

Andreas Piening · Answer

Regarding `traefik` I use a `docker compose` project dedicated to to `traefik` I then can have multiple `docker compose` projects and expose them with just a few labels You can use this as an example for a HTTP based service based on a simple `docker` container <https github com cbirkenbeul docker homelab blob master compose files applications yourls docker compose yaml>

Andreas Piening · Answer

The relevant part for `traefik` is the `labels` section and the `networks` section because the container that needs to be exposed must be attached to the same network that `traefik` uses In this case it is called `traefik proxy`

Kathy Satterlee · Answer

Here s the repo You re more than welcome to contribute if that s something you d enjoy I d also be happy to answer any questions here or hop on a Zoom meeting

Kathy Satterlee · Answer

Your timing genuinely could not have been more perfect on this

Andreas Piening · Answer

Did you paste the url I can t see it

Kathy Satterlee · Answer

I did not

Kathy Satterlee · Answer

Kathy Satterlee · Answer

I d tweaked some things when I realized my previous approach wasn t working for SSL just pushed fixes to the paths I broke

Andreas Piening · Answer

Ok I ll give it a try

Andreas Piening · Answer

`docker com config` says ERROR Service fleet depends on service certs which is undefined

Andreas Piening · Answer

There is in fact an option `certs` under `depends on` for the `fleet` container But the service is not defined

Kathy Satterlee · Answer

Odd that it didn t err for me

Kathy Satterlee · Answer

Must not have cleaned things up as well as I thought before my last test

Andreas Piening · Answer

I ve just removed the dependency and now it is starting

Andreas Piening · Answer

I added traefik to the docker compose yml but at the moment I get an error when I access the web interface Client sent an HTTP request to an HTTPS server

Andreas Piening · Answer

I think `fleet` needs to be configured to serve `HTTP` while `traefic` is doing the `HTTPS` encryption

Andreas Piening · Answer

I ll take a look at the docs Maybe it is enough to remove the `FLEET SERVER CERT` from the env

Benjamin Edwards · Answer

yeah you would set `FLEET SERVER TLS=false`

Benjamin Edwards · Answer

< Andreas Piening> what is the lets encrypt default resolver personally I have only ever used DNS Challenge

Andreas Piening · Answer

It works

Andreas Piening · Answer

I m using tlsChallenge at the moment this works without any additional setup but does not support wild card DNS

Benjamin Edwards · Answer

Ok cool Where do you keep your acme credentials

Andreas Piening · Answer

I m using `dnsChallenge` on another system where I need wildcard DNS and it works fine with my DNS Provider hetzner but many DNS APIs are supported

Benjamin Edwards · Answer

Yeah I ve used DigitalOcean successfully too with dnsChallenge

Andreas Piening · Answer

I ve set the `storage` parameter in the `traefik toml` to a `acme json` file

Benjamin Edwards · Answer

Ok right on And that file is mounted into the Traefik container

Andreas Piening · Answer

This is basically the setup I m using <https github com cbirkenbeul docker homelab tree master compose files applications traefik>

Andreas Piening · Answer

Exactly

Andreas Piening · Answer

I ve mapped a config folder like this

Andreas Piening · Answer

``` config etc traefik```

Benjamin Edwards · Answer

Lol I wish I found this project when I was doing this a few years ago Figuring it out from scratch was brutal Traefik is amazing but it has so many configuration options it s almost overwhelming

Andreas Piening · Answer

YES It can be a nightmare to dive into traefik Agree

Andreas Piening · Answer

But once it works it is super easy wink

Benjamin Edwards · Answer

I remember when Traefik 2 came out and I had to rewrite all the tag stuff omg Got through it but damn

Andreas Piening · Answer

LOL same here Borked my production system and had to go back to Traefik 1 and plan the migration

Benjamin Edwards · Answer

Traefik 1 gt 2 migration was tough Loving Traefik 2 though Now that it s clicked for me

Benjamin Edwards · Answer

I m so glad I m not the only one It made me feel stupid haha

Andreas Piening · Answer

Doing a clean Traefik config starting from scratch turned out to be easier for me instead of converting everything to the new format and missing importing things

Andreas Piening · Answer

Wow I ve just created a ` deb` package with the command provided by the `fleet` web ui and installed it on another system and it worked right away

Andreas Piening · Answer

I m surprised how easy the deployment is I have searched for a `docker compose` example for hours and now it is working perfectly fine Thank you very much < Kathy Satterlee>

Kathy Satterlee · Answer

That s exactly what I was going for I m so glad you reached out

Kathy Satterlee · Answer

If you d like to DM me your shipping info I d love to send a thanks for being my guinea pig your way

Andreas Piening · Answer

I had to change a few minor things for example I had to remove the quotes from the `default env` files ```FLEET MYSQL ADDRESS= mysql 3306 = gt FLEET MYSQL ADDRESS=mysql 3306```

Kathy Satterlee · Answer

I feel like docker compose treats env files with some kind of random selection of rules it ll choose to apply to any given build

Andreas Piening · Answer

On my first `docker compose up` I get an error because the variable FLEET OSQUERY LABEL UPDATE INTERVAL= FLEET SOMETHING was not a valid value After removing the quotes all was fine

Andreas Piening · Answer

Can I assist you to get your setup up and running with traefik

Kathy Satterlee · Answer

That would be amazing I ll send over a scheduling link so you can have my full attention