dev #2
@@ -2,7 +2,7 @@
|
||||
APP_ENV=production
|
||||
APP_DEBUG=false
|
||||
APP_KEY=base64:YOUR_APP_KEY_HERE
|
||||
APP_URL=https://merchbay-admin.yourdomain.com
|
||||
APP_URL=https://merchbay.com
|
||||
|
||||
# Database Configuration - External MySQL
|
||||
DB_CONNECTION=mysql
|
||||
@@ -13,7 +13,7 @@ DB_USERNAME=your-mysql-user
|
||||
DB_PASSWORD=your-mysql-password
|
||||
|
||||
# Traefik Domain Configuration
|
||||
DOMAIN=merchbay-admin.yourdomain.com
|
||||
DOMAIN=merchbay.com
|
||||
|
||||
# Cache & Session
|
||||
CACHE_DRIVER=file
|
||||
|
||||
@@ -74,13 +74,13 @@ jobs:
|
||||
cat > .env << EOF
|
||||
APP_ENV=production
|
||||
APP_DEBUG=false
|
||||
APP_URL=https://merchbay.app
|
||||
APP_URL=https://merchbay.com
|
||||
DB_HOST=${{ secrets.PROD_DB_HOST }}
|
||||
DB_PORT=${{ secrets.PROD_DB_PORT || 3306 }}
|
||||
DB_DATABASE=${{ secrets.PROD_DB_DATABASE }}
|
||||
DB_USERNAME=${{ secrets.PROD_DB_USERNAME }}
|
||||
DB_PASSWORD=${{ secrets.PROD_DB_PASSWORD }}
|
||||
DOMAIN=merchbay.app
|
||||
DOMAIN=merchbay.com
|
||||
EOF
|
||||
|
||||
# Stop existing container (disconnect from Traefik network gracefully)
|
||||
@@ -93,8 +93,8 @@ jobs:
|
||||
docker network inspect traefik-public >/dev/null 2>&1 || docker network create traefik-public
|
||||
|
||||
# Update docker-compose for production
|
||||
export DOMAIN=merchbay.app
|
||||
export APP_URL=https://merchbay.app
|
||||
export DOMAIN=merchbay.com
|
||||
export APP_URL=https://merchbay.com
|
||||
|
||||
# Start the application (will auto-connect to Traefik with paid SSL)
|
||||
docker compose up -d
|
||||
@@ -114,9 +114,9 @@ jobs:
|
||||
rm -rf /tmp/merchbay_admin_deploy
|
||||
|
||||
echo "Production deployment completed successfully!"
|
||||
echo "Application available at: https://merchbay.app"
|
||||
echo "Application available at: https://merchbay.com"
|
||||
|
||||
- name: Health Check
|
||||
run: |
|
||||
sleep 10
|
||||
curl -f https://merchbay.app || exit 1
|
||||
curl -f https://merchbay.com || exit 1
|
||||
|
||||
@@ -51,19 +51,17 @@ You should have these files from your SSL provider:
|
||||
Create a combined certificate file:
|
||||
|
||||
```bash
|
||||
# Create SSL directory in Traefik
|
||||
mkdir -p /opt/traefik/certs
|
||||
|
||||
# Copy your certificate and key
|
||||
sudo cp merchbay.app.crt /opt/traefik/certs/
|
||||
sudo cp merchbay.app.key /opt/traefik/certs/
|
||||
# Your SSL certificates are in /srv/certs
|
||||
# Verify files exist
|
||||
ls -la /srv/certs/
|
||||
|
||||
# If you have a CA bundle, create a full chain
|
||||
cat merchbay.app.crt ca-bundle.crt > /opt/traefik/certs/merchbay.app-fullchain.crt
|
||||
cd /srv/certs
|
||||
cat merchbay.app.crt ca-bundle.crt > merchbay.app-fullchain.crt
|
||||
|
||||
# Set proper permissions
|
||||
sudo chmod 600 /opt/traefik/certs/*.key
|
||||
sudo chmod 644 /opt/traefik/certs/*.crt
|
||||
sudo chmod 600 /srv/certs/*.key
|
||||
sudo chmod 644 /srv/certs/*.crt
|
||||
```
|
||||
|
||||
### Step 2: Configure Traefik File Provider
|
||||
@@ -77,18 +75,18 @@ sudo nano /opt/traefik/dynamic/certs.yml
|
||||
Add:
|
||||
|
||||
```yaml
|
||||
# /opt/traefik/dynamic/certs.yml
|
||||
# /opt/traefik/dynamic/certs.yml or your Traefik dynamic config location
|
||||
tls:
|
||||
certificates:
|
||||
- certFile: /certs/merchbay.app-fullchain.crt
|
||||
keyFile: /certs/merchbay.app.key
|
||||
- certFile: /srv/certs/merchbay.app-fullchain.crt
|
||||
keyFile: /srv/certs/merchbay.app.key
|
||||
stores:
|
||||
- default
|
||||
stores:
|
||||
default:
|
||||
defaultCertificate:
|
||||
certFile: /certs/merchbay.app-fullchain.crt
|
||||
keyFile: /certs/merchbay.app.key
|
||||
certFile: /srv/certs/merchbay.app-fullchain.crt
|
||||
keyFile: /srv/certs/merchbay.app.key
|
||||
```
|
||||
|
||||
### Step 3: Update Traefik docker-compose.yml
|
||||
@@ -112,7 +110,7 @@ services:
|
||||
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /opt/traefik/certs:/certs:ro
|
||||
- /srv/certs:/srv/certs:ro
|
||||
- /opt/traefik/dynamic:/etc/traefik/dynamic:ro
|
||||
- traefik-letsencrypt:/letsencrypt
|
||||
networks:
|
||||
@@ -221,7 +219,7 @@ echo | openssl s_client -servername merchbay.app -connect merchbay.app:443 2>/de
|
||||
1. Visit https://dev.merchbay.app
|
||||
- Certificate should be issued by "Let's Encrypt Authority X3"
|
||||
|
||||
2. Visit https://merchbay.app
|
||||
2. Visit https://merchbay.com
|
||||
- Certificate should be issued by your paid SSL provider
|
||||
|
||||
## Troubleshooting
|
||||
@@ -245,24 +243,24 @@ dig dev.merchbay.app +short
|
||||
|
||||
```bash
|
||||
# Verify Traefik can read certificates
|
||||
docker exec traefik ls -l /certs/
|
||||
docker exec traefik ls -l /srv/certs/
|
||||
|
||||
# Check dynamic configuration is loaded
|
||||
docker exec traefik cat /etc/traefik/dynamic/certs.yml
|
||||
|
||||
# Verify certificate format
|
||||
openssl x509 -in /opt/traefik/certs/merchbay.app-fullchain.crt -text -noout
|
||||
openssl x509 -in /srv/certs/merchbay.app-fullchain.crt -text -noout
|
||||
|
||||
# Check private key
|
||||
openssl rsa -in /opt/traefik/certs/merchbay.app.key -check
|
||||
openssl rsa -in /srv/certs/merchbay.app.key -check
|
||||
```
|
||||
|
||||
### Certificate Mismatch
|
||||
|
||||
```bash
|
||||
# Verify certificate and key match
|
||||
openssl x509 -noout -modulus -in /opt/traefik/certs/merchbay.app.crt | openssl md5
|
||||
openssl rsa -noout -modulus -in /opt/traefik/certs/merchbay.app.key | openssl md5
|
||||
openssl x509 -noout -modulus -in /srv/certs/merchbay.app.crt | openssl md5
|
||||
openssl rsa -noout -modulus -in /srv/certs/merchbay.app.key | openssl md5
|
||||
# Both should output the same hash
|
||||
```
|
||||
|
||||
@@ -277,7 +275,7 @@ Automatic renewal every 60 days. No action needed.
|
||||
Before certificate expiration:
|
||||
|
||||
1. Download new certificate from your SSL provider
|
||||
2. Update files in `/opt/traefik/certs/`
|
||||
2. Update files in `/srv/certs/`
|
||||
3. Restart Traefik: `docker compose restart traefik`
|
||||
4. Verify: `curl -vI https://merchbay.app`
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ services:
|
||||
environment:
|
||||
- APP_ENV=production
|
||||
- APP_DEBUG=false
|
||||
- APP_URL=https://merchbay.app
|
||||
- APP_URL=https://merchbay.com
|
||||
- DB_CONNECTION=mysql
|
||||
- DB_HOST=your-mysql-host
|
||||
- DB_PORT=3306
|
||||
@@ -22,18 +22,16 @@ services:
|
||||
volumes:
|
||||
- app_storage:/var/www/html/storage
|
||||
- app_uploads:/var/www/html/public/uploads
|
||||
# Mount paid SSL certificates
|
||||
- /path/to/ssl/certs:/etc/ssl/certs:ro
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.merchbay-admin.rule=Host(`merchbay.app`)"
|
||||
- "traefik.http.routers.merchbay-admin.rule=Host(`merchbay.com`)"
|
||||
- "traefik.http.routers.merchbay-admin.entrypoints=websecure"
|
||||
- "traefik.http.routers.merchbay-admin.tls=true"
|
||||
# Use custom TLS configuration (file provider for paid cert)
|
||||
# Ensure Traefik has file provider configured with your paid SSL cert
|
||||
- "traefik.http.services.merchbay-admin.loadbalancer.server.port=80"
|
||||
# HTTP to HTTPS redirect
|
||||
- "traefik.http.routers.merchbay-admin-http.rule=Host(`merchbay.app`)"
|
||||
- "traefik.http.routers.merchbay-admin-http.rule=Host(`merchbay.com`)"
|
||||
- "traefik.http.routers.merchbay-admin-http.entrypoints=web"
|
||||
- "traefik.http.routers.merchbay-admin-http.middlewares=https-redirect"
|
||||
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
|
||||
|
||||
Reference in New Issue
Block a user