Hello,
I try to deploy a Lowdefy app running on a container and use traefik to enable SSL with certificates.
It seems like the remoteEntry.js is blocked by Traefik, but I couldn't figure out how to setup traefik to not block it.
Here are the different files:
Docker compose
version: "3.8"
services:
lowdefy:
build: .
ports:
- "3000:3000"
labels:
traefik.enable: "true"
traefik.http.routers.lowdefy-http.entrypoints: "web"
traefik.http.routers.lowdefy-http.rule: "Host(`xxx`)"
traefik.http.routers.lowdefy-http.middlewares: "SslHeader@file"
traefik.http.routers.lowdefy-https.middlewares: "SslHeader@file"
traefik.http.routers.lowdefy-https.entrypoints: "websecure"
traefik.http.routers.lowdefy-https.rule: "Host(`xxx`)"
traefik.http.routers.lowdefy-https.tls: "true"
traefik.http.routers.lowdefy-https.tls.certresolver: "letsencrypt"
traefik.http.services.lowdefy.loadbalancer.server.port: "3000"
traefik:
image: traefik:2.6
restart: always
ports:
- 443:443
- 80:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/traefik.yaml:ro
- ./conf/:/etc/traefik/conf
- ./shared/:/shared
Docker file
FROM node:14-buster AS build
# Set working directory and node user
WORKDIR /home/node/lowdefy
RUN chown node:node /home/node/lowdefy
USER node
# Copy app config, and change ownership of files to "node" user
COPY --chown=node:node . .
# Build the Lowdefy config using the Lowdefy CLI
RUN npx lowdefy@latest build
# Use the correct Lowdefy base image
FROM lowdefy/lowdefy:3.21.2
# Copy build output from build stage
COPY --from=build --chown=node:node /home/node/lowdefy/.lowdefy/build ./build
# Copy contents of public #directory into image
COPY --chown=node:node ./public ./public
# Run the server on start
CMD ["node", "./dist/server.js"]
Traefik.yaml
global:
sendAnonymousUsage: false
log:
level: INFO
format: common
providers:
docker:
endpoint: 'unix:///var/run/docker.sock'
watch: true
exposedByDefault: true
swarmMode: false
file:
directory: /etc/traefik/conf/
watch: true
api:
dashboard: false
debug: false
insecure: false
entryPoints:
web:
address: ':80'
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ':443'
certificatesResolvers:
letsencrypt:
acme:
email: xxxx
storage: /shared/acme.json
caServer: 'https://acme-v02.api.letsencrypt.org/directory'
keyType: EC256
httpChallenge:
entryPoint: web
tlsChallenge: {}
Headers.yaml
http:
middlewares:
SslHeader:
headers:
FrameDeny: true
AccessControlAllowMethods: 'GET,OPTIONS,PUT,DELETE,PATCH,OPTIONS'
AccessControlAllowOriginList:
- origin-list-or-null
AccessControlMaxAge: 100
AddVaryHeader: true
BrowserXssFilter: true
ContentTypeNosniff: true
ForceSTSHeader: true
STSIncludeSubdomains: true
STSPreload: true
ContentSecurityPolicy: default-src 'self' 'unsafe-inline'
CustomFrameOptionsValue: SAMEORIGIN
ReferrerPolicy: same-origin
PermissionsPolicy: vibrate 'self'
STSSeconds: 315360000
tls.yaml
tls:
options:
default:
minVersion: VersionTLS12
sniStrict: true
curvePreferences:
- CurveP521
- CurveP384
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Thank you for your help on this topic 