Using own SSL certificate with Caddy

[Greeniezz]

Firstly thank you guys for your work and everyone on the issue forum
Sorry for being so lame :(

I don't find where to tell caddy to use my own domain certificate.
Here my docker-compose.yml :

version: "3.9"

services:
backend:
container_name: backend
image: ghcr.io/intuitem/ciso-assistant-community/backend:latest
restart: always
environment:
- ALLOWED_HOSTS=backend,cisovm
- CISO_ASSISTANT_URL=https://cisovm:8443
- DJANGO_DEBUG=True
- AUTH_TOKEN_TTL=7200
volumes:
- ./db:/code/db

frontend:
container_name: frontend
environment:
- PUBLIC_BACKEND_API_URL=http://backend:8000/api
- PUBLIC_BACKEND_API_EXPOSED_URL=https://cisovm:8443/api
- PROTOCOL_HEADER=x-forwarded-proto
- HOST_HEADER=x-forwarded-host

image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest
depends_on:
  - backend

caddy:
container_name: caddy
image: caddy:2.7.6
environment:
- CISO_ASSISTANT_URL=https://cisovm:443
depends_on:
- frontend
restart: unless-stopped
ports:
- 8443:8443
volumes:
- ./caddy_data:/data
command: |
sh -c 'echo $$CISO_ASSISTANT_URL "{
reverse_proxy /api/iam/sso/redirect/ backend:8000
reverse_proxy /api/accounts/saml/0/acs/ backend:8000
reverse_proxy /api/accounts/saml/0/acs/finish/ backend:8000
reverse_proxy /* frontend:3000
tls internal
}" > Caddyfile && caddy run'

Thank you very much for your help !

[eric-intuitem]

I think you should put your certificate and key in the ./caddy_data directory, that will be visible as /data for caddy, and where the Caddyfile is created dynamically. And then, in the Caddyfile creation script, instead of "tls internal", you should use "tls <cert_file> <key_file>".

[rzivny]

If this setting is in caddy_data, how will tls be set in docker-compose.yml?

[rzivny]

Copy certifikate and key (format)*.pem to caddy_data and in Caddyfile change tls intrenal on tls "/data/certifikate.pem" "/data/key.pem" and change tls internal as tls "/data/certifikate.pem" "/data/key.pem" in docker-compose.yml. resrtart docker compose (Stop and next up -d).

[FabFromTheSnow]

Yep, we would need a full procedure, I can't figure out today. Not sure what to edit.

[FabFromTheSnow]

thanks @eric-intuitem @rzivny
I managed to make it works based on your comments :)

[yboujraf]

Dear @FabFromTheSnow
Would you like to share the steps ?
BR

[rzivny]

1 STEP Copy certifikate and key (format)*.pem to caddy_data
2 STEP and in Caddyfile change tls internal on tls "/data/certifikate.pem" "/data/key.pem"
3 STEP and change tls internal as tls "/data/certifikate.pem" "/data/key.pem" in docker-compose.yml.
4 STEP restart docker compose (Stop and next up -d).

[ab-smith]

Covered by the config builder introduced in #1470