From acab2ebfdf58f48ad9fb8095f0e4ecbd06441d38 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Sat, 20 Mar 2021 01:32:35 +0100 Subject: [PATCH] Wildcard certificate with resolver for netcup API --- gitea/docker-compose.yaml | 2 +- nextcloud/docker-compose.yaml | 4 ++-- proxy/docker-compose.yaml | 20 ++++++++++++++------ wallabag/docker-compose.yaml | 2 +- www/docker-compose.yaml | 2 +- 5 files changed, 19 insertions(+), 11 deletions(-) diff --git a/gitea/docker-compose.yaml b/gitea/docker-compose.yaml index aa14649..5fbcab2 100644 --- a/gitea/docker-compose.yaml +++ b/gitea/docker-compose.yaml @@ -17,7 +17,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)" - "traefik.http.routers.gitea.entrypoints=websecure" - - "traefik.http.routers.gitea.tls.certresolver=myresolver" + - "traefik.http.routers.gitea.tls.certresolver=netcup" - "traefik.http.routers.gitea.tls.options=intermediate@file" - "traefik.http.services.gitea.loadbalancer.server.port=3000" depends_on: diff --git a/nextcloud/docker-compose.yaml b/nextcloud/docker-compose.yaml index 10c0596..1a5acb6 100644 --- a/nextcloud/docker-compose.yaml +++ b/nextcloud/docker-compose.yaml @@ -17,7 +17,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)" - "traefik.http.routers.nextcloud.entrypoints=websecure" - - "traefik.http.routers.nextcloud.tls.certresolver=myresolver" + - "traefik.http.routers.nextcloud.tls.certresolver=netcup" - "traefik.http.routers.nextcloud.tls.options=intermediate@file" - "traefik.http.middlewares.nextcloudHeader.headers.customRequestHeaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.nextcloudHeader.headers.stsSeconds=15552000" @@ -91,7 +91,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.office.rule=Host(`office.${DOMAIN}`)" - "traefik.http.routers.office.entrypoints=websecure" - - "traefik.http.routers.office.tls.certresolver=myresolver" + - "traefik.http.routers.office.tls.certresolver=netcup" - "traefik.http.routers.office.tls.options=intermediate@file" - "traefik.http.middlewares.officeHeader.headers.customRequestHeaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.officeHeader.headers.stsSeconds=15552000" diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml index 002a577..9d2e878 100644 --- a/proxy/docker-compose.yaml +++ b/proxy/docker-compose.yaml @@ -5,6 +5,11 @@ services: traefik: image: traefik:v2.4 restart: unless-stopped + environment: + - NETCUP_ENDPOINT=${NETCUP_ENDPOINT} + - NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER} + - NETCUP_API_KEY=${NETCUP_API_KEY} + - NETCUP_API_PASSWORD=${NETCUP_API_PASSWORD} command: - "--api.insecure=false" - "--api.dashboard=true" @@ -16,11 +21,12 @@ services: - "--entrypoints.web.http.redirections.entrypoint.to=websecure" - "--entrypoints.web.http.redirections.entrypoint.scheme=https" - "--entrypoints.websecure.address=:443" - - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - - "--certificatesresolvers.myresolver.acme.email=${LETSENCRYPT_MAIL}" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - "--providers.file.filename=/etc/traefik/tls.toml" + - "--certificatesresolvers.netcup.acme.dnschallenge=true" + - "--certificatesresolvers.netcup.acme.dnsChallenge.provider=netcup" + - "--certificatesresolvers.netcup.acme.dnsChallenge.resolvers=46.38.225.230:53,46.38.252.230:53" + - "--certificatesresolvers.netcup.acme.email=${LETSENCRYPT_MAIL}" + - "--certificatesresolvers.netcup.acme.storage=/letsencrypt/acme.json" ports: - "80:80" - "443:443" @@ -35,7 +41,9 @@ services: - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.entrypoints=websecure" - - "traefik.http.routers.dashboard.tls.certresolver=myresolver" + - "traefik.http.routers.dashboard.tls.certresolver=netcup" + - "traefik.http.routers.dashboard.tls.domains[0].main=${DOMAIN}" + - "traefik.http.routers.dashboard.tls.domains[0].sans=*.${DOMAIN}" - "traefik.http.routers.dashboard.tls.options=intermediate@file" - "traefik.http.routers.dashboard.middlewares=auth" - "traefik.http.middlewares.auth.basicauth.users=${HTPASSWD}" @@ -49,7 +57,7 @@ services: # - "traefik.enable=true" # - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)" # - "traefik.http.routers.whoami.entrypoints=websecure" -# - "traefik.http.routers.whoami.tls.certresolver=myresolver" +# - "traefik.http.routers.whoami.tls.certresolver=netcup # restart: unless-stopped diff --git a/wallabag/docker-compose.yaml b/wallabag/docker-compose.yaml index b60d551..b059e7e 100644 --- a/wallabag/docker-compose.yaml +++ b/wallabag/docker-compose.yaml @@ -26,7 +26,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.wallabag.rule=Host(`wallabag.${DOMAIN}`)" - "traefik.http.routers.wallabag.entrypoints=websecure" - - "traefik.http.routers.wallabag.tls.certresolver=myresolver" + - "traefik.http.routers.wallabag.tls.certresolver=netcup" - "traefik.http.routers.wallabag.tls.options=intermediate@file" depends_on: - db diff --git a/www/docker-compose.yaml b/www/docker-compose.yaml index d4cc572..aebd24d 100644 --- a/www/docker-compose.yaml +++ b/www/docker-compose.yaml @@ -13,7 +13,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.web-secure.entrypoints=websecure" - "traefik.http.routers.web-secure.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`)" - - "traefik.http.routers.web-secure.tls.certresolver=myresolver" + - "traefik.http.routers.web-secure.tls.certresolver=netcup" - "traefik.http.routers.web-secure.tls.options=intermediate@file" networks: