Skip to content

Replace caddy with traefik. #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
peb-adr merged 11 commits into from
Dec 9, 2025
Merged

Replace caddy with traefik. #24

peb-adr merged 11 commits into from
Dec 9, 2025

Conversation

@boehlke
Copy link
Contributor

@boehlke boehlke commented Sep 24, 2025

No description provided.

@rrenkert rrenkert assigned peb-adr and unassigned m-schieder and LinKaKling Nov 26, 2025
@peb-adr
Copy link
Member

peb-adr commented Nov 27, 2025

I have reviewed, tested and adjusted this PR.
My current work is on
https://github.com/peb-adr/openslides-proxy/tree/traefik

ATM it looks like I cannot update this PR because I have no permission to push to kryptance:main.

@rrenkert

The following notes I took explaining the changes I made.

  • only need ./templates/traefik.yml

    • -> delete./traefik.yml it will be generated by entrypoint.sh

  • Biggest change is to support plain/cleartext HTTP

    • Needed in order to make possible to operate behind another proxy taking care of cert handling
    • -> common practice, especially when administering many services and taking care of many domains/certs uniformly

  • main entryPoint renamed to main from websecure since it can take different configurations regarding TLS

    • -> If there is a big desire to follow name convention for web/websecure this naming would need to be done conditionally like the actual settings
    • -> For now it seemed easier to me to just have it one name

  • Add env vars

    • ENABLE_DASHBOARD
      • we don't want (and certainly not with debug: true hardcoded) dashboard active by default in prod
      • maybe if in the future we want it in prod, debug must be made configurable as well
    • ENABLE_AUTO_HTTPS
      • see readme
    • EXTERNAL_ADDRESS
      • see readme
    • ACME_ENDPOINT
      • see readme
    • ACME_EMAIL
      • see readme

  • *_HOST and *_PORT variables default values were set in multiple places

    • -> reduced to just one

  • entrypoint.sh

    • set -a makes all export statements obsolete and the script more readable
    • make entryPoints definition(s) dynamic to support different tls modes
    • Rework for-loop for assembling routing configuration towards openslides-services
      • No hardcoded service list , instead find services/*.service files
        • -> will make addition/removal of services more straightforward in the future
  • TODO:
    • entrypoint -> entrypoint.sh
    • make auto-https work as described in main:README.md
    • understand and be clear about when we want to fallback to traefik's default certStore and when not
      • -> consider when TLS SNI is available for this

@peb-adr
Copy link
Member

peb-adr commented Dec 8, 2025

From the last TODOs only one is remaining:

  • understand and be clear about when we want to fallback to traefik's default certStore and when not
    • -> consider when TLS SNI is available for this

I'll create a separate issue for this, as it's not super pressing ATM.

This PR is ready for merge now.

@peb-adr peb-adr merged commit 0eebb4a into OpenSlides:main Dec 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@peb-adr peb-adr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@boehlke @peb-adr @m-schieder @LinKaKling