Meteor-Up fork with free SSL certificates by Let's Encrypt

tsepelev · August 1, 2016, 12:09pm

Hi all,

Added Let’s encrypt certificates support to arundo/meteor-up. Built on top of Docker-letsencrypt-nginx-proxy-companion, it automatically generates certificates for specified domain and renews it in 30 days before expiration. All you need to do is add email & domain inside mup.json file and run mupx-letsencrypt setup & mupx-letsencrypt deploy

While I’m already using it on 3 production servers, it is still in beta, so I’m recommending to test it before deploying.

Release version currently supports Meteor <=1.3.5.1. For Meteor 1.4 you can try dev-version which is based on abernix/meteord:base container with Node 4.4.7:

npm install -g mupx-letsencrypt@meteor14

aadams · August 2, 2016, 5:16am

Will this mup version work with Meteor 1.3.5.1 deployments that don’t need SSL/nginx and other that other extra stuff?

When I tried to move to 1.3.5.1, my mup deployments broke.

tsepelev · August 2, 2016, 10:25am

@aadams Yes it will, but if you do not need SSL support it will be just the same as using official arunoda package mupx

davethe0nly · August 2, 2016, 2:56pm

A quick question, why do you renew the certificate every hour? The certificates are fine for 90 (or 30?) days right?

AndreasGalster · August 2, 2016, 3:13pm

Was there a reason why you forked this and didn’t try to get this in the newer MUP version?

tsepelev · August 2, 2016, 9:29pm

Correction: certificates are checked every hour and renewed in case if they are expiring in the next 30 days.

tsepelev · August 2, 2016, 9:44pm

Not actually, but the development inside mup rep does not look pretty active (only 1 pr was merged through the last year), so I doubt that it get there anytime soon. If @arunoda thinks that it makes any sense to make a pr - I would be happy to contribute.

arunoda · August 3, 2016, 2:41am

Yes. old mup is no longer active.
New development is done here and we’ll add Meteor 1.4 support by today.
@madushan1000 is working on that.

We’ll do a new major release for mup based on the new repo: https://github.com/kadirahq/meteor-up

@tsepelev send us a PR to this repo: https://github.com/kadirahq/meteor-up
We are pretty happy to get it.

AndreasGalster · August 3, 2016, 4:16am

An issue is open here in the new repo by the way with some people having experimented with it before.

arunoda · August 3, 2016, 4:24am

I think we could this soon.

satya · August 3, 2016, 8:08am

It’s really great to hear there’s active development again for MUP!

What timeline are you aiming to release the new Mup? And will there be any support / active development for Cluster?

arunoda · August 3, 2016, 8:23am

Actually, we released mup@1.0.0 now. Will do a blog post soon.
But I don’t think Cluster will be continued. It’s a big task and now there are many other solutions based on docker.

satya · August 3, 2016, 9:15am

Awesome about Mup v1!

Too bad regarding Cluster, I haven’t seen something similar and easy that’s focused on Meteor.
But understandable a lot of work to maintain it.

twhite · August 3, 2016, 6:30pm

Good to hear about mup(x). I am curious about cluster though. Do you have anything you recommend or use personally as a replacement for the cluster package? Thanks!

aadams · August 3, 2016, 6:32pm

@arunoda, does this version work with Meteor version 1.3.5.1? I can’t seem to find a version of mup that works with 1.3.5.

lfilho · October 7, 2016, 7:35pm

So, to my understanding that feature is still not there, is it?
Please do correct if I’m wrong.

wildhart · October 17, 2016, 9:04pm

@tsepelev, with your fork is it possible to specify multiple domains? I would like certificates for example.com, www.example.com and app.example.com.

I’ve got it working with kadirahq/meteor-up and ./letsencrypt-auto --manual certonly but would love to automate it with no server downtime!

tsepelev · October 20, 2016, 12:09am

Didn’t try by myself, but if all domains are going to point to the same app then it should work just fine. The fork is based on docker-letsencrypt-nginx-proxy-companion and it supports multiple domains out of the box.

Try to list urls in letsEncrypt domain key, like:

"letsEncrypt": {
  "domain": "example.com,www.example.com,app.example.com",
  "email": "johndoe@example.com"
}

And feel free to share the result

wildhart · October 20, 2016, 8:53am

Tried it, and it works perfectly on all three subdomains!

I’m on Meteor 1.4 so I used mupx-letsencrypt@meteor14. The server was previously setup using kadirahq/meteor-up, but mupx-letsencrypt init/setup/deploy replaced the previous configuration flawlessly. Clicking on the green icon in the browser reveals a brand new certificate.

Now I need to wait 60 days to see if it auto-renews… Is there anyway I can test this sooner?

This is awesomeness, thanks very much!

tsepelev · October 20, 2016, 11:08am

Awesome, glad it worked!

Certificates will be renewed after 30 days, but currently you will need to build your own docker-letsencrypt-nginx-proxy-companion container to adjust the number of days. (you can find more info here).

Otherwise you can connect to your server by ssh and check the renewal process by using docker logs letsencrypt-companion