dns challenge with gandi

2020-06-28 16:43:30 +02:00 · 2020-06-28 16:43:30 +02:00 · 0979a3420a
commit 0979a3420a
parent 67501f5df0
3 changed files with 19 additions and 5 deletions
--- a/.env.default
+++ b/.env.default
@ -1,7 +1,13 @@
+# ssl
+DNSCHALLENGE_PROVIDER=gandi
+GANDI_API_KEY=xxxxxxxxxxxxxxxxx
+LETSENCRYPT_EMAIL=root@localhost.localdomain
+# sites
 DOMAIN=localhost.localdomain
 HOST_TRAEFIK=traefik
 HOST_GLANCES=glances
 HOST_PORTAINER=portainer
 HOST_MAIL=mail
+# other
 TZ=Europe/Paris
-LETSENCRYPT_EMAIL=root@localhost.localdomain
+
--- a/traefik/acme.json
+++ b/traefik/acme.json
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@ -12,15 +12,23 @@ services:
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
      - --certificatesresolvers.letsencrypt.acme.storage=/acme.json
-      - --certificatesresolvers.letsencrypt.acme.tlschallenge=true   
+      #- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
+      - --certificatesResolvers.letsencrypt.acme.dnsChallenge=true
+      - --certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
+      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${DNSCHALLENGE_PROVIDER}
+      #- --certificatesResolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=0
    labels: 
      - traefik.enable=true
      - traefik.http.routers.dashboard.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
      - traefik.http.routers.dashboard.entrypoints=web
      - traefik.http.routers.dashboard.entrypoints=websecure
+      - traefik.http.routers.dashboard.service=api@internal      
      - traefik.http.routers.dashboard.tls=true
-      - traefik.http.routers.dashboard.tls.certresolver=letsencrypt    
-      - traefik.http.services.dashboard.loadbalancer.server.port=8080
+      - traefik.http.routers.dashboard.tls.certresolver=letsencrypt
+      - traefik.http.routers.dashboard.tls.domains[0].main=${DOMAIN}
+      - traefik.http.routers.dashboard.tls.domains[0].sans=*.${DOMAIN}         
+      #- traefik.http.services.dashboard.loadbalancer.server.port=8080
+      - traefik.http.routers.dashboard.middlewares=redirect-to-https
      # global redirect to https
      #- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
      #- traefik.http.routers.http-catchall.entrypoints=web
@ -38,4 +46,4 @@ services:
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - /srv/hosting/traefik/acme.json:/acme.json
+#      - /srv/hosting/traefik/acme.json:/acme.json