diff --git a/traefik/docker-compose.traefik.yml b/traefik/docker-compose.traefik.yml index 861818a327d742f347b420630133a34c09a8d7ab..947d5d1bf490c9605ec2c2e4cff1a85d3eb2da92 100644 --- a/traefik/docker-compose.traefik.yml +++ b/traefik/docker-compose.traefik.yml @@ -13,10 +13,15 @@ services: - '--entrypoints.web.http.redirections.entrypoint.to=websecure' - '--entrypoints.websecure.address=:${TRAEFIK_WEBSECURE_ENTRYPOINT:-443}' # Let's Encrypt - - '--certificatesresolvers.myresolver.acme.email=${ROOT_EMAIL:-changeme@changeme.org}' - - '--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web' - - '--certificatesresolvers.myresolver.acme.httpchallenge=true' - - '--entrypoints.websecure.http.tls.certresolver=myresolver' + # Add dns-hurricane as default certresolver for all services. Also enables TLS and no need to specify on individual services + - --entrypoints.https.http.tls.certresolver=dns-hurricane + - --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER + - --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME_CLOUD_SERVER + - --certificatesResolvers.dns-hurricane.acme.email=$HURRICANE_EMAIL + - --certificatesResolvers.dns-hurricane.acme.storage=/acme.json + - --certificatesResolvers.dns-hurricane.acme.dnsChallenge.provider=hurricane + - --certificatesResolvers.dns-hurricane.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 + - --certificatesResolvers.dns-hurricane.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate # HTTP/3 - '--experimental.http3=true' - '--entrypoints.websecure.http3' @@ -39,6 +44,7 @@ services: - '--providers.file.watch=true' environment: - 'TZ=${TZ:-Europe/Paris}' + - 'HURRICANE_TOKENS' healthcheck: test: ['CMD', 'traefik', 'healthcheck', '--ping'] labels: @@ -60,3 +66,4 @@ services: - '/var/run/docker.sock:/var/run/docker.sock' - './logs:/logs' - './dynamic_conf:/dynamic_conf' + - './acme/acme.json:/acme.json' # cert location - you must create this emtpy file and change permissions to 600