starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 13:05:53 +03:00

[GH-ISSUE #1010] Create wiki page 'Reverse Proxy with traefik' #538

New issue

Open

opened 2026-02-25 21:35:18 +03:00 by kerem · 7 comments

kerem commented

2026-02-25 21:35:18 +03:00

Owner

Originally created by @GuillaumeLazar on GitHub (May 7, 2024).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1010

🗣 Suggestion

I saw the the issue #142 and the wiki page https://github.com/cypht-org/cypht/wiki/Reverse-Proxy-with-NGINX but I found nothing about the traefik reverse proxy.

After playing with the cypht docker image + traefik reverse proxy, I would like to share some instructions for the newcomers. It's really fast to deploy cypht with https on a sub-domain with the docker image + traefik.

This docker-compose.yml is :

based on the official instructions from here: https://hub.docker.com/r/sailfrog/cypht-docker without exposing the http port 80 on the host
it requires a FQDN (e.g: mydomain.com)
cypht will be accessible using a sub-domain (e.g: mail.mydomain.com)

Configure a DNS entry to redirect mydomain.com and *.mydomain.com to your server ip address
Create the file docker-compose.yml and update mydomain and password fields:

# docker-compose.yml
services:
  traefik:
    image: "traefik:latest"
    restart: "always"
    command:
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--providers.docker"
      - "--providers.docker.exposedbydefault=false"
      - "--log.level=INFO" # DEBUG INFO ERROR
      - "--accesslog=true"
      - "--accesslog.filePath=/logs/access.log"
      - "--certificatesresolvers.leresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.leresolver.acme.email=acme@mydomain.com"
      - "--certificatesresolvers.leresolver.acme.storage=/acme/acme.json"
      - "--certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "traefik_acme:/acme"
      - "traefik_logs:/logs"
    labels:
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.middlewares.traefik-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex,"

  cypht-db:
    image: mariadb:10
    volumes:
      - cypht_db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=root_password
      - MYSQL_DATABASE=cypht
      - MYSQL_USER=cypht
      - MYSQL_PASSWORD=cypht_password
      
  cypht:
    image: sailfrog/cypht-docker:latest
    volumes:
      - cypht_users:/var/lib/hm3/users
    environment:
      - CYPHT_AUTH_USERNAME=admin
      - CYPHT_AUTH_PASSWORD=admin_password
      - CYPHT_DB_CONNECTION_TYPE=host
      - CYPHT_DB_HOST=cypht-db
      - CYPHT_DB_NAME=cypht
      - CYPHT_DB_USER=cypht
      - CYPHT_DB_PASS=cypht_password
      - CYPHT_SESSION_TYPE=DB
    labels:
      # cypht behind traefik
      - "traefik.enable=true"
      - "traefik.http.routers.cypht.rule=Host(`mail.mydomain.com`)"
      - "traefik.http.routers.cypht.entrypoints=websecure"
      - "traefik.http.services.cypht.loadbalancer.server.port=80"
      - "traefik.http.routers.cypht.service=cypht"
      - "traefik.http.routers.cypht.tls.certresolver=leresolver"
      - "traefik.http.routers.cypht.middlewares=security-headers"
      - "traefik.http.middlewares.security-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex"

volumes:
  traefik_acme:
  traefik_logs:
  cypht_users:
  cypht_db:

build and start the containers: docker compose up --build --detach
Access to cypht: https://mail.mydomain.com

It could be added to a wiki page if you think it could help someone.

Originally created by @GuillaumeLazar on GitHub (May 7, 2024). Original GitHub issue: https://github.com/cypht-org/cypht/issues/1010 ## 🗣 Suggestion I saw the the issue #142 and the wiki page https://github.com/cypht-org/cypht/wiki/Reverse-Proxy-with-NGINX but I found nothing about the traefik reverse proxy. After playing with the cypht docker image + traefik reverse proxy, I would like to share some instructions for the newcomers. It's really fast to deploy cypht with `https` on a sub-domain with the docker image + traefik. This `docker-compose.yml` is : - based on the official instructions from here: https://hub.docker.com/r/sailfrog/cypht-docker without exposing the `http` port 80 on the host - it requires a FQDN (e.g: mydomain.com) - cypht will be accessible using a sub-domain (e.g: mail.mydomain.com) 1. Configure a DNS entry to redirect `mydomain.com` and `*.mydomain.com` to your server ip address 2. Create the file `docker-compose.yml` and update `mydomain` and `password` fields: ```yml # docker-compose.yml services: traefik: image: "traefik:latest" restart: "always" command: - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.web.http.redirections.entrypoint.to=websecure" - "--entrypoints.web.http.redirections.entrypoint.scheme=https" - "--providers.docker" - "--providers.docker.exposedbydefault=false" - "--log.level=INFO" # DEBUG INFO ERROR - "--accesslog=true" - "--accesslog.filePath=/logs/access.log" - "--certificatesresolvers.leresolver.acme.httpchallenge=true" - "--certificatesresolvers.leresolver.acme.email=acme@mydomain.com" - "--certificatesresolvers.leresolver.acme.storage=/acme/acme.json" - "--certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web" ports: - "80:80" - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "traefik_acme:/acme" - "traefik_logs:/logs" labels: - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" - "traefik.http.routers.http-catchall.entrypoints=web" - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - "traefik.http.middlewares.traefik-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," cypht-db: image: mariadb:10 volumes: - cypht_db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=root_password - MYSQL_DATABASE=cypht - MYSQL_USER=cypht - MYSQL_PASSWORD=cypht_password cypht: image: sailfrog/cypht-docker:latest volumes: - cypht_users:/var/lib/hm3/users environment: - CYPHT_AUTH_USERNAME=admin - CYPHT_AUTH_PASSWORD=admin_password - CYPHT_DB_CONNECTION_TYPE=host - CYPHT_DB_HOST=cypht-db - CYPHT_DB_NAME=cypht - CYPHT_DB_USER=cypht - CYPHT_DB_PASS=cypht_password - CYPHT_SESSION_TYPE=DB labels: # cypht behind traefik - "traefik.enable=true" - "traefik.http.routers.cypht.rule=Host(`mail.mydomain.com`)" - "traefik.http.routers.cypht.entrypoints=websecure" - "traefik.http.services.cypht.loadbalancer.server.port=80" - "traefik.http.routers.cypht.service=cypht" - "traefik.http.routers.cypht.tls.certresolver=leresolver" - "traefik.http.routers.cypht.middlewares=security-headers" - "traefik.http.middlewares.security-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex" volumes: traefik_acme: traefik_logs: cypht_users: cypht_db: ``` 3. build and start the containers: `docker compose up --build --detach` 4. Access to cypht: `https://mail.mydomain.com` It could be added to a wiki page if you think it could help someone.

kerem commented

2026-02-25 21:35:18 +03:00

Author

Owner

@marclaporte commented on GitHub (May 9, 2024):

@jonocodes thoughts?

@marclaporte commented on GitHub (May 9, 2024): @jonocodes thoughts?

kerem commented

2026-02-25 21:35:18 +03:00

Author

Owner

@jonocodes commented on GitHub (May 9, 2024):

@jonocodes thoughts?

Yes I have been thinking about how to present the docker setup once sailfrog/cypht-docker is no longer used. Generally docker compose is not used much in production but it does make a good starting point for describing how a contain is used.

There are a bunch of scenarios that we can give compose files for since there are different configs.

kubernetes
reverse proxying with the above, or nginx, or apache, etc
using postgres instead of mysql
using sqlite
using memcached and other caches
connecting to gmail
etc

But I will say for the most part these should just be 'tips' since they should be out of scope for this project.

The part I have been hung up on is would these compose examples be better in a (wiki) doc, or in actual example docker-compose.yml files. The advantage being that as files we may actually consider them code and keep them tested and up to date.

That being said traefik is nice. I personally am using caddy which is another a lightweight reverse proxy that auto-configs TLS, but only because I have not figured out why nginx is not happy in my local dev environment.

@jonocodes commented on GitHub (May 9, 2024): > @jonocodes thoughts? Yes I have been thinking about how to present the docker setup once sailfrog/cypht-docker is no longer used. Generally docker compose is not used much in production but it does make a good starting point for describing how a contain is used. There are a bunch of scenarios that we can give compose files for since there are different configs. * kubernetes * reverse proxying with the above, or nginx, or apache, etc * using postgres instead of mysql * using sqlite * using memcached and other caches * connecting to gmail * etc But I will say for the most part these should just be 'tips' since they should be out of scope for this project. The part I have been hung up on is would these compose examples be better in a (wiki) doc, or in actual example docker-compose.yml files. The advantage being that as files we may actually consider them code and keep them tested and up to date. That being said traefik is nice. I personally am using caddy which is another a lightweight reverse proxy that auto-configs TLS, but only because I have not figured out why nginx is not happy in my local dev environment.

kerem commented

2026-02-25 21:35:18 +03:00

Author

Owner

@marclaporte commented on GitHub (May 12, 2024):

@rodriguezny @Yannick243 @Shadow243 @josaphatim @kroky any wisdom?

@marclaporte commented on GitHub (May 12, 2024): @rodriguezny @Yannick243 @Shadow243 @josaphatim @kroky any wisdom?

kerem commented

2026-02-25 21:35:18 +03:00

Author

Owner

@kroky commented on GitHub (May 13, 2024):

Sure, why not add the example traefik setup to a wiki page and later organize the docker documentation better - once we have an official docker image, docker-compose files, etc. can be shared as examples or distributed in specific folder here in the repo.

@kroky commented on GitHub (May 13, 2024): Sure, why not add the example traefik setup to a wiki page and later organize the docker documentation better - once we have an official docker image, docker-compose files, etc. can be shared as examples or distributed in specific folder here in the repo.

kerem commented

2026-02-25 21:35:18 +03:00

Author

Owner

@jonocodes commented on GitHub (May 30, 2024):

Also worth looking at: https://frankenphp.dev/

@jonocodes commented on GitHub (May 30, 2024): Also worth looking at: https://frankenphp.dev/

kerem commented

2026-02-25 21:35:18 +03:00

Author

Owner

@marclaporte commented on GitHub (Sep 28, 2024):

@GuillaumeLazar

Can you please review now that we have an official and revamped Docker? https://hub.docker.com/r/cypht/cypht

Thanks!

@marclaporte commented on GitHub (Sep 28, 2024): @GuillaumeLazar Can you please review now that we have an official and revamped Docker? https://hub.docker.com/r/cypht/cypht Thanks!

kerem commented

2026-02-25 21:35:18 +03:00

Author

Owner

@marclaporte commented on GitHub (Sep 1, 2025):

@GuillaumeLazar we need you :-)

@marclaporte commented on GitHub (Sep 1, 2025): @GuillaumeLazar we need you :-)