A while ago I wrote a post about running HAProxy on Docker, where the goal was to set up HAProxy in a Docker container so that it could provide frontends for requests and use Docker containers as backends.
The goal this time is to involve Let’s Encrypt/Certbot to generate and provide TLS certificates on the fly, so that HAProxy frontends are automatically equipped with corresponding certificates, avoiding separate server configurations for each interested container. The containers themself shall be in a Docker-internal network that is solely accessible through the HAProxy container.
At work I am currently developing an application that provides some tools and represents aggregated data from different sources to facilitate the workflow in different departments. It basically consists of two applications, a single page application being the front-end, and a RESTful API as back-end.
The applications run in separate Docker containers on a virtual machine in the firm’s intranet, as well as a couple of other dockerized applications. In the beginning that ensemble worked quite well, because those applications were only used by specific persons or systems. So exposing different ports for different applications under the same domain was not that much of a problem. But that changed when the aforementioned SPA & API became more widely used. On one hand it isn’t that great to explain to (technically challenged) users – to use one and the same domain but different ports for their apps -, on the other hand it just ain’t pretty. And since change needed to happen I also wanted to route HTTP traffic over TLS. Because… why not?