Add SSL support.

Traefik.php

@@ -45,19 +45,25 @@ class Traefik {
     }
     else {
       $fs->mkdir($traefikPath);
+      $fs->mkdir($traefikPath . '/certs');
+      $cmd = 'openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ';
+      $cmd .= $traefikPath . '/certs/key.pem -out ' . $traefikPath . '/certs/cert.pem';
+      exec($cmd);
       $traefik = [
         'version' => '2',
         'services' => [
           'traefik' => [
             'image' => 'traefik',
             'restart' => 'unless-stopped',
-            'command' => '-c /dev/null --web --docker --logLevel=DEBUG',
+            'command' => '-c /dev/null --web --docker --logLevel=DEBUG --defaultEntryPoints="https" --defaultEntryPoints="http" --entryPoints="Name:https Address::443 TLS:/certs/cert.pem,/certs/key.pem" --entryPoints="Name:http Address::80"',
             'networks' => [],
             'ports' => [
               '8000:80',
+              '443:443',
               '8080:8080',
             ],
             'volumes' => [
+              './certs:/certs/',
               '/var/run/docker.sock:/var/run/docker.sock',
             ],
           ],

[jurgenhaas]

This is added inside the if/else clause which checked if the traefikPath exists. So the way this is implemented now, the certs will not being created for already existing projects. I think there should be a separate if/else clase to check, if certs do exist and create them if not.

[jurgenhaas]

I'm wondering about the 365 day limitation. It may happen that users will just forget about it and suddenly the environment won't work anymore. Instead of thinking about a renewal process I wonder if we should probably use a really long duration like e.g. 10 years? It's local anyway, so I don't see any security implications with that.

[jurgenhaas]

Also, we should check for existing projects if we need to add the extra parts into the docker-compose.yml file.

[jurgenhaas]

Port 443 on the host may already be taken, so I would expose 8443 and map that internally to 443.