@uranther are both matrix and media goblin expecting to be front-end servers, or would proxying them through a third docker image be fine?

@uranther fwiw my strategy there would be to run a third docker that gets the world-visible port 443, handles LE, and proxies vhosts to the other two domains

@bonzoesc can I setup subdomains here for MediaGoblin and Matrix and forward to 8008 and another for 8080?

@uranther yeah; what I have is caddy running on world-visible tcp 443, proxying to mastodon's thin on a docker-private network tcp 3000, and i just realized i should hook up streaming on tcp 4000 as well

@bonzoesc Nice! Thanks for the help. I will play with this config some more.

@uranther https://github.com/bkerley/mastodon/blob/bk-bonzoesc-custom/docker-compose.yml is how i have the docker set up; there's an incomplete Caddyfile nearby as well

@uranther cool, best wishes!

@uranther ps that Caddyfile should be a bit better now that streaming works; i found it a lot easier than nginx but it's not ubiquitous yet

@bonzoesc Never heard of Caddy but I will give it a try!

@uranther I went with it because the default configuration sets up LE automatically

@bonzoesc an nginx proxy with Let'sEncrypt would work.. but what about the two port numbers? Must they be in addition to port 80?

@uranther The cert that letsencrypt gives you for a domain can be used for services running on different ports as long as they have the same domain name. So just copy the LE cert to the two dockers. LE needs to be able to listen on port 80 to establish the cert though.

@matrix @uranther Also there are a bunch of ways to validate if you don’t have access to port 80 on a particular host.