DEV Community: Serzhan Akhmetov The latest articles on DEV Community by Serzhan Akhmetov (@siaarzh). https://dev.to/siaarzh https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F55491%2Fc25dcb2d-bfb0-41f5-88fc-aaa7d34626f4.png DEV Community: Serzhan Akhmetov https://dev.to/siaarzh en InfluxDB 2.0 - Quickly Enabling TLS Encryption with Traefik Serzhan Akhmetov Wed, 24 Mar 2021 11:25:34 +0000 https://dev.to/siaarzh/influxdb-2-0-quickly-enabling-tls-encryption-with-traefik-17ni https://dev.to/siaarzh/influxdb-2-0-quickly-enabling-tls-encryption-with-traefik-17ni <p>Jumpstart your influxdb stack with automated TLS certificate management.</p> <h2> Use case </h2> <p>So you're running a bunch of IoT/Finance or Cryptocurrency services with Docker or Kubernetes and decided to use that shiny InfluxDB 2.0 dashboard in <em>production</em>. Heck, maybe even play around with the <a href="https://docs.influxdata.com/influxdb/cloud/reference/flux/stdlib/" rel="noopener noreferrer">flux</a> API too - for those <a href="https://www.influxdata.com/blog/top-5-hurdles-for-flux-beginners-and-resources-for-learning-to-use-flux/" rel="noopener noreferrer">extra fancy</a> queries.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.influxdata.com%2Fwp-content%2Fuploads%2Fnext-gen-data-exploration-analytics-influxdb-2.0.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.influxdata.com%2Fwp-content%2Fuploads%2Fnext-gen-data-exploration-analytics-influxdb-2.0.png" alt="infludb 2.0 dashboard"></a><br> <em>(Who needs Grafana?)</em></p> <p>Obviously, at this point you'll need to secure the traffic between your web application and your server (plus the microservices). This is exactly what <a href="https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/" rel="noopener noreferrer">TLS</a> encryption does - you know, adds that <code>https://</code> you see everywhere.</p> <h2> What you will need </h2> <ul> <li>You are running running your backend in Docker containers. This is either Docker, Docker Swarm or Kubernetes, or any other vendor that runs docker containers defined thru a YAML compose file or similar.</li> <li>You are either running or planning to run <a href="https://doc.traefik.io/traefik/" rel="noopener noreferrer">Traefik</a> as your proxy.</li> <li>You own a domain name and can manage its DNS records.</li> </ul> <p>Optional:</p> <ul> <li>Your DNS Service allows <a href="https://letsencrypt.org/docs/challenge-types/" rel="noopener noreferrer">DNS-01 ACME Challenge</a> to generate wildcard TLS certificates.</li> <li>You have the <a href="https://doc.traefik.io/traefik/https/acme/#providers" rel="noopener noreferrer">necessary credentials</a> to access your DNS Service API.</li> </ul> <h2> Instructions </h2> <ol> <li> <p>If you opt for the simpler <a href="https://letsencrypt.org/docs/challenge-types/#http-01-challenge" rel="noopener noreferrer">HTTP-01 ACME Challenge</a>, make sure you <strong>create all the necessary DNS records beforehand</strong> (i.e. create <em>A</em> or <em>CNAME</em> records), including any wildcard subdomain names. Having said that, if your <em>really need</em> wildcard certificates for subdomains, you should use the DNS-01 ACME Challenge.</p> <blockquote> <p>CAUTION: There are <a href="https://letsencrypt.org/docs/challenge-types/" rel="noopener noreferrer">pros and cons</a> for using each type of challenge. Use industry best practices and your own judgement when deciding which method to use for your project.</p> </blockquote> <p>Below is an example of typical DNS record table for a <em>HTTP-01 Challenge</em>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Type</th> <th>Hostname</th> <th>Value</th> <th>TTL (seconds)</th> </tr> </thead> <tbody> <tr> <td>A</td> <td>example.com</td> <td> <em>directs to</em> 203.0.113.123</td> <td>3600</td> </tr> <tr> <td>A</td> <td>traefik.example.com</td> <td> <em>directs to</em> 203.0.113.123</td> <td>3600</td> </tr> <tr> <td>CNAME</td> <td>influxdb.example.com</td> <td> <em>is an alias of</em> example.com</td> <td>43200</td> </tr> </tbody> </table></div> <p>Our main domain name is <em>example.com</em> and we are running two services that will be exposed via subdomain names <em>traefik.*</em> and <em>influxdb.*</em>. If you have more services you want accessible via subdomain, now's the time to add them here. TTL settings are irrelevant for this tutorial, so feel free to <a href="https://en.wikipedia.org/wiki/Time_to_live" rel="noopener noreferrer">dive deeper</a> into DNS on your own time.</p> <p>And here is the same table when attempting the <em>DNS-01 Challenge</em>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Type</th> <th>Hostname</th> <th>Value</th> <th>TTL (seconds</th> </tr> </thead> <tbody> <tr> <td>A</td> <td>*.example.com</td> <td> <em>directs to</em> 203.0.113.123</td> <td>3600</td> </tr> <tr> <td>A</td> <td>example.com</td> <td> <em>directs to</em> 203.0.113.123</td> <td>3600</td> </tr> </tbody> </table></div> </li> <li> <p>We will store our certificates in a bind mounted <code>acme.json</code>. Therefore, appropriate permissions need to be set beforehand for Traefik to access (accept it as secure) this file:<br> </p> <pre class="highlight shell"><code><span class="nb">touch </span>acme.json<span class="p">;</span> <span class="nb">chmod </span>600 acme.json </code></pre> </li> <li> <p>(Re)define your InfluxDB container by applying the following <code>labels</code>:</p> <p>For Docker (using Compose):<br> </p> <pre class="highlight yaml"><code> <span class="s">...</span> <span class="s">my-influxdb</span><span class="err">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">influxdb:2.0</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># traefik router settings</span> <span class="na">traefik.http.routers.my-influxdb.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Host(`influxdb.example.com`)"</span> <span class="na">traefik.http.routers.my-influxdb.tls</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">traefik.http.routers.my-influxdb.tls.certresolver</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myresolver"</span> <span class="na">traefik.http.routers.my-influxdb.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">websecure"</span> </code></pre> <p>For Docker Swarm:<br> </p> <pre class="highlight yaml"><code> <span class="s">...</span> <span class="s">my-influxdb</span><span class="err">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">influxdb:2.0</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># traefik router settings</span> <span class="na">traefik.http.routers.my-influxdb.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Host(`influxdb.example.com`)"</span> <span class="na">traefik.http.routers.my-influxdb.tls</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">traefik.http.routers.my-influxdb.tls.certresolver</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myresolver"</span> <span class="na">traefik.http.routers.my-influxdb.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">websecure"</span> <span class="c1"># traefik service settings</span> <span class="na">traefik.http.services.my-influxdb.loadbalancer.server.port</span><span class="pi">:</span> <span class="s2">"</span><span class="s">8086"</span> </code></pre> <p>The names <code>my-influxdb</code>, <code>myresolver</code>, and <code>websecure</code> are unique identifiers in the Traefik configuration representing the <code>router</code> (service), the <code>certificate resolver</code>, and the <code>entrypoint</code> (port 443), respectively. Here, we defined the router <code>my-influxdb</code> for now, whereas the latter two will be defined in the following step. Notice that we <strong>do not expose service ports</strong> in our compose file anymore, since all traffic will now be handled by Traefik.</p> <blockquote> <p>Note: for Swarm, Traefik requires you explicitly define at least one port the service is running on, even it if has no listening ports. (see <a href="https://doc.traefik.io/traefik/providers/docker/#port-detection_1" rel="noopener noreferrer">Port Detection</a> - Traefik Docs)</p> </blockquote> <p>Don't forget to deploy this new configuration using <code>docker compose up</code> or <code>docker stack deploy -c docker-compose.yml &lt;stack_name&gt;</code>.</p> </li> <li> <p>Let's now add the Traefik container to your compose file.</p> <p>Below are 4 different ways to do this - depending on the combination of orchestrator and type of ACME Challenge.</p> <p>In all cases, we are using the <em>staging</em> Let's Encrypt server - this helps us to generate new certificates in case we mess up much faster since the <a href="https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605" rel="noopener noreferrer">rate limit is much higher</a>. Once everything works, simply delete the line defining <code>certificateresolvers.myresolver.acme.caserver</code> and redeploy your Traefik container.</p> <p>In addition, the DNS server I'm using for the DNS-01 Challenge is <code>digitalocean</code>, which requires I define a <code>DO_AUTH_TOKEN</code>. Depending on your DNS provider, you will need to <a href="https://doc.traefik.io/traefik/https/acme/#providers" rel="noopener noreferrer">define different credentials</a>.</p> <ol> <li> <p>For Docker (Compose) + HTTP-01 Challenge:<br> </p> <pre class="highlight yaml"><code><span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">traefik:v2.0.0"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">--entrypoints.web.address=:80</span> <span class="pi">-</span> <span class="s">--entrypoints.websecure.address=:443</span> <span class="pi">-</span> <span class="s">--providers.docker</span> <span class="pi">-</span> <span class="s">--api</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.email=sample@email.com</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.storage=acme.json</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./acme.json:/acme.json"</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># Traefik Dashboard</span> <span class="na">traefik.http.routers.traefik.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Host(`traefik.sample.com`)"</span> <span class="na">traefik.http.routers.traefik.service</span><span class="pi">:</span> <span class="s2">"</span><span class="s">api@internal"</span> <span class="na">traefik.http.routers.traefik.tls.certresolver</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myresolver"</span> <span class="na">traefik.http.routers.traefik.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">websecure"</span> <span class="c1"># Redirect to HTTPS</span> <span class="na">traefik.http.middlewares.redirect-to-https.redirectscheme.scheme</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https"</span> <span class="na">traefik.http.routers.http-catchall.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">hostregexp(`{host:.+}`)"</span> <span class="na">traefik.http.routers.http-catchall.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">web"</span> <span class="na">traefik.http.routers.http-catchall.middlewares</span><span class="pi">:</span> <span class="s2">"</span><span class="s">redirect-to-https"</span> </code></pre> </li> <li> <p>For Docker (Compose) + DNS-01 Challenge:<br> </p> <pre class="highlight yaml"><code><span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">traefik:v2.0.0"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DO_AUTH_TOKEN</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0f923jf..."</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">--entrypoints.web.address=:80</span> <span class="pi">-</span> <span class="s">--entrypoints.websecure.address=:443</span> <span class="pi">-</span> <span class="s">--providers.docker</span> <span class="pi">-</span> <span class="s">--api</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.email=sample@email.com</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.storage=acme.json</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./acme.json:/acme.json"</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># Traefik Dashboard</span> <span class="na">traefik.http.routers.traefik.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Host(`traefik.sample.com`)"</span> <span class="na">traefik.http.routers.traefik.service</span><span class="pi">:</span> <span class="s2">"</span><span class="s">api@internal"</span> <span class="na">traefik.http.routers.traefik.tls.certresolver</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myresolver"</span> <span class="na">traefik.http.routers.traefik.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">websecure"</span> <span class="c1"># Redirect to HTTPS</span> <span class="na">traefik.http.middlewares.redirect-to-https.redirectscheme.scheme</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https"</span> <span class="na">traefik.http.routers.http-catchall.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">hostregexp(`{host:.+}`)"</span> <span class="na">traefik.http.routers.http-catchall.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">web"</span> <span class="na">traefik.http.routers.http-catchall.middlewares</span><span class="pi">:</span> <span class="s2">"</span><span class="s">redirect-to-https"</span> </code></pre> </li> <li> <p>For Docker Swarm + HTTP-01 Challenge:<br> </p> <pre class="highlight yaml"><code><span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">traefik:v2.0.0"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">--entrypoints.web.address=:80</span> <span class="pi">-</span> <span class="s">--entrypoints.websecure.address=:443</span> <span class="pi">-</span> <span class="s">--providers.docker</span> <span class="pi">-</span> <span class="s">--api</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.email=sample@email.com</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.storage=acme.json</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./acme.json:/acme.json"</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># Traefik Dashboard</span> <span class="na">traefik.http.routers.traefik.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Host(`traefik.sample.com`)"</span> <span class="na">traefik.http.routers.traefik.service</span><span class="pi">:</span> <span class="s2">"</span><span class="s">api@internal"</span> <span class="na">traefik.http.routers.traefik.tls.certresolver</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myresolver"</span> <span class="na">traefik.http.routers.traefik.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">websecure"</span> <span class="c1"># Redirect to HTTPS</span> <span class="na">traefik.http.middlewares.redirect-to-https.redirectscheme.scheme</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https"</span> <span class="na">traefik.http.routers.http-catchall.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">hostregexp(`{host:.+}`)"</span> <span class="na">traefik.http.routers.http-catchall.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">web"</span> <span class="na">traefik.http.routers.http-catchall.middlewares</span><span class="pi">:</span> <span class="s2">"</span><span class="s">redirect-to-https"</span> <span class="c1"># service definitions</span> <span class="na">traefik.http.services.traefik.loadbalancer.server.port</span><span class="pi">:</span> <span class="s2">"</span><span class="s">80"</span> <span class="na">traefik.http.services.traefik.loadbalancer.server.port</span><span class="pi">:</span> <span class="s2">"</span><span class="s">443"</span> </code></pre> </li> <li> <p>For Docker Swarm + DNS-01 Challenge:<br> </p> <pre class="highlight yaml"><code><span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">traefik:v2.0.0"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DO_AUTH_TOKEN</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0f923jf..."</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">--entrypoints.web.address=:80</span> <span class="pi">-</span> <span class="s">--entrypoints.websecure.address=:443</span> <span class="pi">-</span> <span class="s">--providers.docker</span> <span class="pi">-</span> <span class="s">--api</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.email=sample@email.com</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.myresolver.acme.storage=acme.json</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./acme.json:/acme.json"</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># Traefik Dashboard</span> <span class="na">traefik.http.routers.traefik.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Host(`traefik.sample.com`)"</span> <span class="na">traefik.http.routers.traefik.service</span><span class="pi">:</span> <span class="s2">"</span><span class="s">api@internal"</span> <span class="na">traefik.http.routers.traefik.tls.certresolver</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myresolver"</span> <span class="na">traefik.http.routers.traefik.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">websecure"</span> <span class="c1"># Redirect to HTTPS</span> <span class="na">traefik.http.middlewares.redirect-to-https.redirectscheme.scheme</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https"</span> <span class="na">traefik.http.routers.http-catchall.rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">hostregexp(`{host:.+}`)"</span> <span class="na">traefik.http.routers.http-catchall.entrypoints</span><span class="pi">:</span> <span class="s2">"</span><span class="s">web"</span> <span class="na">traefik.http.routers.http-catchall.middlewares</span><span class="pi">:</span> <span class="s2">"</span><span class="s">redirect-to-https"</span> <span class="c1"># service definitions</span> <span class="na">traefik.http.services.traefik.loadbalancer.server.port</span><span class="pi">:</span> <span class="s2">"</span><span class="s">80"</span> <span class="na">traefik.http.services.traefik.loadbalancer.server.port</span><span class="pi">:</span> <span class="s2">"</span><span class="s">443"</span> </code></pre> </li> </ol> <p>Again, don't forget to deploy this new service and after a couple of seconds you should be up and running.</p> </li> </ol> <h2> Switch to Production </h2> <p>As mentioned in step 4, you'll be using the <em>staging</em> Let's Encrypt server for certificate generation. Thus, your certificate won't be trusted by the browser yet:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2For09mi6ngfmqfc929gt7.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2For09mi6ngfmqfc929gt7.jpg" alt="before TLS"></a></p> <p>Easy fix: as soon as everything works as expected with the <em>invalid</em> certificate simply delete the line defining <code>certificateresolvers.myresolver.acme.caserver</code> and redeploy your Traefik container.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1fuqkjpsjfj7ga4okchu.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1fuqkjpsjfj7ga4okchu.jpg" alt="After TLS"></a></p> <h2> Still confused? </h2> <ol> <li><a href="https://snyk.io/blog/10-reasons-to-use-https/" rel="noopener noreferrer">Why use HTTPS?</a></li> <li><a href="https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/" rel="noopener noreferrer">What is TLS</a></li> </ol> docker security microservices devops Start All Your DEV Programs in one Shortcut on Windows 10 Serzhan Akhmetov Fri, 29 Nov 2019 11:35:03 +0000 https://dev.to/siaarzh/start-all-your-dev-programs-in-one-shortcut-on-windows-10-2feo https://dev.to/siaarzh/start-all-your-dev-programs-in-one-shortcut-on-windows-10-2feo <p>If you're like me - god help us - then you have this constant itch to automate every single part of your existence. The following two scripts will give a blueprint for creating your own start-my-dev-environment scripts.</p> <h3> Step 1 - Launching apps in batch file </h3> <p>We'll be launching 3 programs:</p> <ul> <li>Spotify</li> <li>Chrome</li> <li>Visual Studio Code</li> </ul> <p>additionally, we'll start an OpenVPN client connection.</p> <p>You'll want to create a batch file like so:<br> </p> <div class="highlight"><pre class="highlight batchfile"><code>@ECHO <span class="kd">OFF</span> <span class="nb">tasklist</span> <span class="na">/FI </span><span class="s2">"IMAGENAME eq Spotify.exe"</span> <span class="m">2</span><span class="o">&gt;</span><span class="kd">NUL</span> <span class="o">|</span> <span class="nb">find</span> <span class="na">/I /N </span><span class="s2">"Spotify.exe"</span><span class="o">&gt;</span><span class="kd">NUL</span> <span class="k">if</span> <span class="kd">NOT</span> <span class="s2">"</span><span class="nv">%ERRORLEVEL%</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"0"</span> <span class="nb">start</span> <span class="s2">"spotify_play_lofi-playlist.vbs"</span> <span class="s2">"C:\Users\&lt;username&gt;\Documents\batch_scripts\spotify_play_lofi-playlist.vbs"</span> <span class="o">&amp;&amp;</span> <span class="kd">TIMEOUT</span> <span class="m">5</span> <span class="nb">tasklist</span> <span class="na">/FI </span><span class="s2">"IMAGENAME eq chrome.exe"</span> <span class="m">2</span><span class="o">&gt;</span><span class="kd">NUL</span> <span class="o">|</span> <span class="nb">find</span> <span class="na">/I /N </span><span class="s2">"chrome.exe"</span><span class="o">&gt;</span><span class="kd">NUL</span> <span class="k">if</span> <span class="kd">NOT</span> <span class="s2">"</span><span class="nv">%ERRORLEVEL%</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"0"</span> <span class="nb">start</span> <span class="s2">"chrome.exe"</span> <span class="s2">"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"</span> <span class="nb">start</span> <span class="s2">" "</span> <span class="s2">"C:\Program Files\OpenVPN\bin\openvpn-gui.exe"</span> <span class="o">-</span><span class="na">-command </span><span class="kd">disconnect_all</span> <span class="nb">start</span> <span class="s2">"openvpn-gui.exe"</span> <span class="s2">"C:\Program Files\OpenVPN\bin\openvpn-gui.exe"</span> <span class="o">-</span><span class="na">-connect </span><span class="kd">my_conf</span>.ovpn <span class="nb">tasklist</span> <span class="na">/FI </span><span class="s2">"IMAGENAME eq Code.exe"</span> <span class="m">2</span><span class="o">&gt;</span><span class="kd">NUL</span> <span class="o">|</span> <span class="nb">find</span> <span class="na">/I /N </span><span class="s2">"Code.exe"</span><span class="o">&gt;</span><span class="kd">NUL</span> <span class="k">if</span> <span class="kd">NOT</span> <span class="s2">"</span><span class="nv">%ERRORLEVEL%</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"0"</span> <span class="nb">start</span> <span class="s2">"Code"</span> <span class="s2">"C:\Users\&lt;username&gt;\AppData\Local\Programs\Microsoft VS Code\Code.exe"</span> </code></pre></div> <p>Here, the <code>tasklist</code> commands are there to make sure we don't run a second instance of an app. For OpenVPN, it's easier to just reconnect.</p> <h3> Step 2 - Spotify Autoplay Script </h3> <p>The spotify VB script is there to launch Spotify and start a playlist in shuffle mode. Save it in the same folder as your batch script, for safekeeping.<br> </p> <div class="highlight"><pre class="highlight vb"><code><span class="k">Set</span> <span class="n">WshShell</span> <span class="o">=</span> <span class="n">WScript</span><span class="p">.</span><span class="n">CreateObject</span><span class="p">(</span><span class="s">"WScript.Shell"</span><span class="p">)</span> <span class="n">Comandline</span> <span class="o">=</span> <span class="s">"C:\Users\&lt;username&gt;\AppData\Roaming\Spotify\Spotify.exe"</span> <span class="n">WScript</span><span class="p">.</span><span class="n">sleep</span> <span class="mi">500</span> <span class="n">CreateObject</span><span class="p">(</span><span class="s">"WScript.Shell"</span><span class="p">).</span><span class="n">Run</span><span class="p">(</span><span class="s">"spotify:playlist:74sUjcvpGfdOvCHvgzNEDO"</span><span class="p">)</span> <span class="n">WScript</span><span class="p">.</span><span class="n">sleep</span> <span class="mi">3000</span> <span class="n">WshShell</span><span class="p">.</span><span class="n">SendKeys</span> <span class="s">" "</span> <span class="n">WScript</span><span class="p">.</span><span class="n">sleep</span> <span class="mi">100</span> <span class="n">WshShell</span><span class="p">.</span><span class="n">SendKeys</span> <span class="s">"^{RIGHT}"</span> </code></pre></div> <p>You can get the playlist URI by right-clicking the playlist &gt; Share &gt; Copy Spotify URI.</p> <h3> Step 3 - Shortcut Placement </h3> <p>This is simple, create a shortcut to your batch file and place it in your Start Menu Programs folder (<code>%ProgramData%\Microsoft\Windows\Start Menu\Programs</code>). You may then move it to the quick-launch bar if you wish.</p> <h2> References </h2> <ul> <li><a href="https://community.spotify.com/t5/Desktop-Windows/Is-there-a-command-to-play-a-playlist-using-command-line/m-p/1185322">Spotify Forums</a></li> <li><a href="https://henryreith.co/open-multiple-programs-at-once-on-windows/">Opening multiple programs on Windows</a></li> </ul> automation VS Code with Python in Docker Quickstart Serzhan Akhmetov Tue, 25 Jun 2019 06:44:38 +0000 https://dev.to/siaarzh/vs-code-with-python-in-docker-quickstart-3ph4 https://dev.to/siaarzh/vs-code-with-python-in-docker-quickstart-3ph4 <p>You love VS Code? Get ready to love it even more!</p> <p>Recently, a new extension pack has come out from the good folks at Microsoft that enables remote development! Not only SSH, but also using local containers with either single containers or multiple containers with docker-compose!</p> <h2> Steps </h2> <ol> <li>Install <a href="https://code.visualstudio.com/">VS Code</a> and the <a href="https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.vscode-remote-extensionpack">Remote Development</a> extension pack</li> <li> <p>Start a new project by opening a new directory with VS Code Insiders and create a <em>requirements.txt</em> file with the Python packages you wish to have, e.g.:</p> <pre class="highlight plaintext"><code>django==2.2.2 </code></pre> </li> <li><p>ctrl+shift+p and start typing "remdev", select "Remote-Containers: Add Dev Container Configuration Files..."</p></li> <li> <p>Search for "pypo" and select "Python 3 &amp; PostgreSQL" as your environmet. This will create a <em>.devcontainer</em> folder with the files:</p> <ul> <li>devcontainer.json</li> <li>docker-compose.yml</li> <li>Dockerfile</li> <li>noop.txt</li> </ul> </li> <li><p>ctrl+shift+p and start typing "rerefo", select "Remote-Containers: Reopen Folder in Container"</p></li> <li><p>Start coding ☕💻</p></li> </ol> <h3> A note on opening ports </h3> <p>So how do you open a port to your container? Easy! VS Code already knows which ports are open in your container.</p> <p>Say you started your server with <code>python manage.py runserver</code>, which would open a port on 127.0.0.1:8000 in your container. VS Code is aware of this and will give you the option to forward your system ports to that port.</p> <p>Press ctrl+shift+p, search "port" and select "Remote-Containers: Forward Port from Container...". A list of open ports will come up, select port 8000.</p> <h2> Source Code </h2> <p><a href="https://github.com/siaarzh/python-vscode-starter">https://github.com/siaarzh/python-vscode-starter</a></p> <h2> References </h2> <ul> <li> <a href="https://code.visualstudio.com/docs/remote/containers">Container Remote Development</a> with VS Code</li> <li><a href="https://docs.djangoproject.com/en/2.2/intro/tutorial01/">Django Tutorial part 1</a></li> </ul> docker vscode python