Typesense and docker compose with SSL certificates

Typesense and docker compose with SSL certificates

I needed fast and robust search for the website I'm working on Affill.io

So I decided to go for the opensource tool Typesense, and I wanted to self host it.

I went for a small CX11 vps from Hetzner, and after following their guide on using docker compose I got it up and running. I dont have much data yet so the 2GB RAM is enough for now.

But I wanted to have my own domain for the search and get a SSL certificate from Let's encrypt.
It's been a while since I worked with linux, but the excellent howto from certbot on how to get the certificate generated helped me get up and running.

Now all that was left was to get typesense to work with my certificates, I made the docker-compose.yml file and tried to start the container with docker compose up -d

But the server just kept on restarting

NAME                    IMAGE                        COMMAND                  SERVICE     CREATED          STATUS                        PORTS
typesense-typesense-1   typesense/typesense:0.25.2   "/opt/typesense-serv…"   typesense   41 seconds ago   Restarting (1) 1 second ago

I ran docker compose logs and could see that typesense couldnt find my certification files.

typesense-1  | E20240415 18:01:05.855815     1 http_server.cpp:1069] An error occurred while trying to load server certificate file: /cert/fullchain.pem
typesense-1  | E20240415 18:01:05.861860     1 http_server.cpp:175] Failed to listen on - No such file or directory

The error was that I tried to map the domain folder of letsencrypt

- /etc/letsencrypt/live/www.example.com:/cert

When mounting this folder the symlink wouldnt work, so I had to change the folder mount to be the /etc/letsencrypt folder instead.

This is my final docker-compose.yml file:

version: '3.4'
    image: typesense/typesense:0.25.2
    restart: on-failure
      - "443:8108"
      - ./typesense-data:/data
      - ./log:/log
      - /etc/letsencrypt:/cert
    command: '--data-dir /data --log-dir /log --enable-cors --ssl-certificate /cert/live/www.example.com/fullchain.pem --ssl-certificate-key /cert/live/www.example.com/privkey.pem

And now everything works!