Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable HTTPS use Custom Certificates #7508

Merged
merged 21 commits into from
Oct 8, 2024
Merged

Enable HTTPS use Custom Certificates #7508

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
1ceed95
Enable traefik logging and access logs
echowxsy Feb 22, 2024
75a03df
Configure traefik HTTPS for CVAT services
echowxsy Feb 22, 2024
61de32f
Revert "Enable traefik logging and access logs"
echowxsy Sep 6, 2024
88a2e20
Revert "Configure traefik HTTPS for CVAT services"
echowxsy Sep 6, 2024
ca49376
Merge branch 'develop' into develop
echowxsy Sep 6, 2024
01862d9
Add doc: Custom Certificates
echowxsy Sep 6, 2024
3b05f49
Add doc: Custom Certificates
echowxsy Sep 6, 2024
52f351d
Merge branch 'develop' into develop
echowxsy Sep 6, 2024
cd98213
Merge branch 'develop' into develop
echowxsy Sep 9, 2024
4fdf0e9
Merge branch 'develop' into develop
echowxsy Sep 9, 2024
2ce8e45
Update site/content/en/docs/administration/advanced/custom_certificat…
echowxsy Sep 19, 2024
e671ec7
Update site/content/en/docs/administration/advanced/custom_certificat…
echowxsy Sep 19, 2024
89bfc61
Update site/content/en/docs/administration/advanced/custom_certificat…
echowxsy Sep 19, 2024
db62642
Change CHANGELOG via scriv
echowxsy Sep 19, 2024
95a34fa
Update site/content/en/docs/administration/advanced/custom_certificat…
echowxsy Sep 19, 2024
c2de4c0
Merge branch 'develop' into develop
echowxsy Sep 19, 2024
87a0f71
Merge branch 'develop' into develop
echowxsy Sep 22, 2024
e1e1f0c
Merge branch 'develop' into develop
echowxsy Sep 25, 2024
14f7885
Merge branch 'develop' into develop
echowxsy Oct 6, 2024
aeb9f9e
fix: fix remark-lint warning
echowxsy Oct 6, 2024
b8ab6c7
Merge branch 'develop' into develop
echowxsy Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions changelog.d/20240919_114257_echowxsy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
### Added

- Added custom certificates documentation
(<https://github.com/cvat-ai/cvat/pull/7508>)
79 changes: 79 additions & 0 deletions site/content/en/docs/administration/advanced/custom_certificates.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
---
title: 'Custom Certificates'
linkTitle: 'Custom Certificates'
description: 'Use Custom Certificates in CVAT'
weight: 100
---

CVAT use traefik as a reverse proxy to manage SSL certificates.
By default, traefik uses Let's Encrypt to generate SSL certificates.
However, you can use your own certificates instead of Let's Encrypt.

See:

- [Setup Custom Certificates](#setup-custom-certificates)
- [Create Certificates Directory](#create-certificates-directory)
- [Change Traefik Configuration](#change-traefik-configuration)
- [Start CVAT](#start-cvat)


## Setup Custom Certificates

### Create Certificates Directory

Create a `certs` directory in the root of the project:

```bash
mkdir -p ./certs

```

Move your certificates to the `./certs` directory:

```bash
mv /path/to/cert.pem ./certs/cert.pem
mv /path/to/key.pem ./certs/key.pem
```

### Change Traefik Configuration

Create `tls.yml` in the root of the project directory with the following content:

```yaml
tls:
stores:
default:
defaultCertificate:
certFile: /certs/cert.pem
keyFile: /certs/key.pem
```

Edit the `docker-compose.https.yml` file and change the traefik servise configuration as follows:

```yaml
traefik:
environment:
TRAEFIK_ENTRYPOINTS_web_ADDRESS: :80
TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
TRAEFIK_ENTRYPOINTS_websecure_ADDRESS: :443
# Disable Let's Encrypt
# TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL: "${ACME_EMAIL:?Please set the ACME_EMAIL env variable}"
# TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE: "true"
# TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_STORAGE: /letsencrypt/acme.json
ports:
- 80:80
- 443:443
# Add certificates volume and tls.yml rules
volumes:
- ./certs:/certs
- ./tls.yml:/etc/traefik/rules/tls.yml
```

### Start CVAT

Start CVAT with the following command:

```bash
docker compose -f docker-compose.yml -f docker-compose.https.yml up -d
```
Loading