Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Traefik Reverse Proxy with Let's Encrypt and Centralized Environment Configuration into docker-compose.yaml #414

Closed
wants to merge 30 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
34d4d01
refactor(docker-compose): extract environment variables to .env file
electrosenpai Sep 27, 2024
7d1a2b6
refactor(docker-compose): apply DRY principle using YAML anchors for …
electrosenpai Sep 30, 2024
1021b1d
refactor(docker-compose): add healthchecks and improve dependency han…
electrosenpai Oct 2, 2024
c4b2323
refactor: improve environment variables management by using common an…
electrosenpai Oct 3, 2024
30aabdd
feat(docker-compose): integrate Traefik for SSL management and improv…
electrosenpai Oct 4, 2024
7be44df
chore(docker-compose): update Traefik config for Let's Encrypt and do…
electrosenpai Oct 7, 2024
a72c8d2
feat(docker-compose): configure Traefik to route API and frontend und…
electrosenpai Oct 7, 2024
5530c9b
Merge branch 'main' into docker-compose-refound
electrosenpai Oct 7, 2024
7cbfdd8
refactor(docker-compose): re-adding old api worker
electrosenpai Oct 7, 2024
d1ceb69
Merge branch 'main' into docker-compose-refound
electrosenpai Oct 15, 2024
d661cd8
refactor(docker-compose): update docker images
electrosenpai Oct 15, 2024
0ba6648
Merge branch 'docker-compose-refound' of github.com:getlago/lago into…
electrosenpai Oct 15, 2024
f279fb5
refactor(docker-compose): update docker images
electrosenpai Oct 15, 2024
af95c18
feat(docker-compose): adding lago version inside a variable inside .env
electrosenpai Oct 17, 2024
8089195
feat(docker-compose): Moving the new docker compose to docker-compose…
electrosenpai Oct 22, 2024
9bb07d5
chore(docker-compose) adding jeremy review and adding a warning insid…
electrosenpai Oct 22, 2024
f6b251d
chore(docker-compose) moving domain to lagodomain
electrosenpai Oct 22, 2024
1e5a117
chore(docker-compose) renaming commentary
electrosenpai Oct 22, 2024
6e7cb8e
chore(docker-compose) updating version on old version
electrosenpai Oct 22, 2024
492edf7
chore(docker-compose) updating warning of older docker-compose
electrosenpai Oct 22, 2024
b6c4757
feat(compose): Adding QA Review, adding default values, updating docu…
electrosenpai Nov 3, 2024
783de42
feat(compose): update documentation with correct .env values
electrosenpai Nov 4, 2024
b8438ba
feat(traefik): add optional TLS cert resolver for API and frontend
electrosenpai Nov 4, 2024
5f51ee9
chore(docs): update Docker Compose commands with missing flag
electrosenpai Nov 4, 2024
7b04442
chore(compose): Adding Redis default password inside migrate
electrosenpai Nov 4, 2024
d877971
chore(compose): add warning for insecure Traefik dashboard access and…
electrosenpai Nov 4, 2024
1ab159e
docs: add documentation for Traefik dashboard with secure login
electrosenpai Nov 4, 2024
d65e220
docs: add documentation for Traefik SSL
electrosenpai Nov 4, 2024
c3dbb25
refactor(docker-compose): update Traefik labels and LAGO_FRONT_URL co…
electrosenpai Nov 4, 2024
8d985ab
fix(compose): fixing /api path to not match api-keysxxxxx.js
electrosenpai Nov 7, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 74 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# See more information here: https://doc.getlago.com/guide/self-hosted/docker

# LAGO_VERSION=v1.13.1

# PostgreSQL Configuration
# POSTGRES_DB=lago
# POSTGRES_USER=lago
# POSTGRES_PASSWORD=changeme
# POSTGRES_HOST=db
# POSTGRES_PORT=5432
# POSTGRES_SCHEMA=public
# PGDATA=/data/postgres

# Redis Configuration
# REDIS_HOST=redis
# REDIS_PORT=6379
# REDIS_PASSWORD=

# Application Ports
# API_PORT=3000
# FRONT_PORT=80

# Lago Global Configuration
# LAGO_DOMAIN=yourdomain.tld
# LAGO_API_URL=https://yourdomain.tld/api
# LAGO_FRONT_URL=https://yourdomain.tld
# SECRET_KEY_BASE=your-secret-key-base-hex-64
# RAILS_ENV=production
# LAGO_RAILS_STDOUT=true
# LAGO_PDF_URL=http://pdf:3000
# LAGO_DISABLE_SIGNUP=false
# APP_ENV=production

# Encryption Keys
# LAGO_RSA_PRIVATE_KEY=
# LAGO_ENCRYPTION_PRIMARY_KEY=your-encryption-primary-key
# LAGO_ENCRYPTION_DETERMINISTIC_KEY=your-encryption-deterministic-key
# LAGO_ENCRYPTION_KEY_DERIVATION_SALT=your-encryption-derivation-salt

# AWS S3 Configuration
# LAGO_USE_AWS_S3=false
# LAGO_AWS_S3_ACCESS_KEY_ID=azerty123456
# LAGO_AWS_S3_SECRET_ACCESS_KEY=azerty123456
# LAGO_AWS_S3_REGION=us-east-1
# LAGO_AWS_S3_BUCKET=bucket
# LAGO_AWS_S3_ENDPOINT=

# Google Cloud Storage Configuration
# LAGO_USE_GCS=false
# LAGO_GCS_PROJECT=
# LAGO_GCS_BUCKET=

# Redis Cache Configuration
# LAGO_REDIS_CACHE_HOST=redis
# LAGO_REDIS_CACHE_PORT=6379
# LAGO_REDIS_CACHE_PASSWORD=

# Sentry Configuration
# SENTRY_DSN=
# SENTRY_DSN_FRONT=

# Lago Feature Flags
# LAGO_DISABLE_SEGMENT=
# LAGO_DISABLE_WALLET_REFRESH=
# LAGO_SIDEKIQ_WEB=
# SIDEKIQ_EVENTS=
# SIDEKIQ_PDFS=

# OAuth and Authentication
# LAGO_OAUTH_PROXY_URL=https://proxy.getlago.com
# GOOGLE_AUTH_CLIENT_ID=
# GOOGLE_AUTH_CLIENT_SECRET=
# NANGO_SECRET_KEY=
# LAGO_LICENSE=
68 changes: 53 additions & 15 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -105,43 +105,81 @@ To start using Lago, run the following commands in a shell:


#### On a fresh install

##### 1 :Clone the Repository:

```bash
# Get the code
git clone --depth 1 https://github.com/getlago/lago.git

# Go to Lago folder
cd lago
```

# Set up environment configuration
echo "LAGO_RSA_PRIVATE_KEY=\"`openssl genrsa 2048 | base64`\"" >> .env
source .env
##### 2 : Set Up Environment Variables: Run the following script to copy the example .env file, generate necessary keys, and populate the .env file:

# Start the api
docker compose up -d api

# Create the database
docker compose exec api rails db:create
docker compose exec api rails db:migrate
```bash
# Copy the example .env file and populate keys
cp .env.example .env
echo "SECRET_KEY_BASE=\"$(openssl rand -hex 64)\"" >> .env
echo "LAGO_RSA_PRIVATE_KEY=\"$(openssl genrsa 2048 | base64)\"" >> .env
echo "LAGO_ENCRYPTION_PRIMARY_KEY=\"$(openssl rand -base64 32)\"" >> .env
echo "LAGO_ENCRYPTION_DETERMINISTIC_KEY=\"$(openssl rand -base64 32)\"" >> .env
echo "LAGO_ENCRYPTION_KEY_DERIVATION_SALT=\"$(openssl rand -base64 32)\"" >> .env
```

##### 3 : Launch the API Service:

# Start all other components
docker compose up
```bash
docker compose -f docker-compose.new.yml up -d api
```

##### 4 : Create and Migrate the Database:

```bash
docker compose -f docker-compose.new.yml exec api rails db:create
docker compose -f docker-compose.new.yml exec api rails db:migrate
```

##### 5 : Launch All Services:


```bash
docker compose -f docker-compose.new.yml up -d
```


#### After an update

```bash
docker compose up
docker compose -f docker-compose.new.yml up -d
```

You can now open your browser and go to http://localhost to connect to the application. Lago's API is exposed at http://localhost/api.

Note that if our docker server is not at http://localhost, the following env variables must be set: `LAGO_DOMAIN`. This may be on the command line or in your .env file. For example:

```
LAGO_DOMAIN=yourdomain.tld"
```

You can now open your browser and go to http://localhost to connect to the application. Lago's API is exposed at http://localhost:3000.
##### Accessing Traefik Dashboard

Note that if our docker server is not at http://localhost, the following env variables must be set: `LAGO_API_URL`. This may be on the command line or in your .env file. For example:
The Traefik dashboard is available at http://traefik.localhost (or replace `localhost` with your custom `LAGO_DOMAIN`). For security reasons, we have configured basic authentication for accessing the Traefik dashboard. The default username is `user` and the default password is `password`. We recommand you to change it :

```shell
echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
```
LAGO_API_URL="http://192.168.122.71:3000"
LAGO_FRONT_URL="http://192.168.122.71"

And modify line with your new value:

```yaml
- "traefik.http.middlewares.test-auth.basicauth.users=user:$$2y$$05$$m2rFNkFDITSrY7oawkzjU.dV.69/w8FmvEaSeBFCtmYpvMar9UMGa"
```

If you want to learn more about traefik auth [here](https://doc.traefik.io/traefik/operations/dashboard/#secure-mode)

### Find your API key
Your API Key can be found directly in the UI:

Expand Down
Loading