Skip to content

Commit

Permalink
[Documentation] Enable HTTPS use Custom Certificates (#7508)
Browse files Browse the repository at this point in the history
### Motivation and context
fix #4767 
my docker-compose.https.yml:
```yaml
# Copyright (C) 2018-2022 Intel Corporation
#
# SPDX-License-Identifier: MIT

### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable for some reason, then ~~explicitly
strikethrough~~ the whole
line. If you don't do that, GitHub will show incorrect progress for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [x] I have created a changelog fragment <!-- see top comment in
CHANGELOG.md -->
- [x] I have updated the documentation accordingly
- [x] I have added tests to cover my changes
- [x] I have linked related issues (see [GitHub docs](

https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))
- [x] I have increased versions of npm packages if it is necessary

([cvat-canvas](https://github.com/opencv/cvat/tree/develop/cvat-canvas#versioning),

[cvat-core](https://github.com/opencv/cvat/tree/develop/cvat-core#versioning),

[cvat-data](https://github.com/opencv/cvat/tree/develop/cvat-data#versioning)
and

[cvat-ui](https://github.com/opencv/cvat/tree/develop/cvat-ui#versioning))

### License

- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/opencv/cvat/blob/develop/LICENSE) that covers the
project.
  Feel free to contact the maintainers if that's a concern.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Introduced comprehensive documentation for implementing custom SSL
certificates in the CVAT environment.
- Provided step-by-step instructions for setting up and configuring
Traefik to use custom certificates.

- **Documentation**
- Added a new file detailing the process of creating a certificates
directory, modifying Traefik configuration, and starting CVAT with
custom SSL certificates.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Andrey Zhavoronkov <andrey@cvat.ai>
  • Loading branch information
echowxsy and azhavoro authored Oct 8, 2024
1 parent 0572fa1 commit 5f27977
Show file tree
Hide file tree
Showing 2 changed files with 83 additions and 0 deletions.
4 changes: 4 additions & 0 deletions changelog.d/20240919_114257_echowxsy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
### Added

- Added custom certificates documentation
(<https://github.com/cvat-ai/cvat/pull/7508>)
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
---
title: 'Custom Certificates'
linkTitle: 'Custom Certificates'
description: 'Use Custom Certificates in CVAT'
weight: 100
---

CVAT use traefik as a reverse proxy to manage SSL certificates.
By default, traefik uses Let's Encrypt to generate SSL certificates.
However, you can use your own certificates instead of Let's Encrypt.

See:

- [Setup Custom Certificates](#setup-custom-certificates)
- [Create Certificates Directory](#create-certificates-directory)
- [Change Traefik Configuration](#change-traefik-configuration)
- [Start CVAT](#start-cvat)


## Setup Custom Certificates

### Create Certificates Directory

Create a `certs` directory in the root of the project:

```bash
mkdir -p ./certs

```

Move your certificates to the `./certs` directory:

```bash
mv /path/to/cert.pem ./certs/cert.pem
mv /path/to/key.pem ./certs/key.pem
```

### Change Traefik Configuration

Create `tls.yml` in the root of the project directory with the following content:

```yaml
tls:
stores:
default:
defaultCertificate:
certFile: /certs/cert.pem
keyFile: /certs/key.pem
```
Edit the `docker-compose.https.yml` file and change the traefik servise configuration as follows:

```yaml
traefik:
environment:
TRAEFIK_ENTRYPOINTS_web_ADDRESS: :80
TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
TRAEFIK_ENTRYPOINTS_websecure_ADDRESS: :443
# Disable Let's Encrypt
# TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL: "${ACME_EMAIL:?Please set the ACME_EMAIL env variable}"
# TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE: "true"
# TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_STORAGE: /letsencrypt/acme.json
ports:
- 80:80
- 443:443
# Add certificates volume and tls.yml rules
volumes:
- ./certs:/certs
- ./tls.yml:/etc/traefik/rules/tls.yml
```

### Start CVAT

Start CVAT with the following command:

```bash
docker compose -f docker-compose.yml -f docker-compose.https.yml up -d
```

0 comments on commit 5f27977

Please sign in to comment.