From 0979a3420a4b2a5fa70145db49746619cb69cf10 Mon Sep 17 00:00:00 2001
From: Yax <1949284+kianby@users.noreply.github.com>
Date: Sun, 28 Jun 2020 16:43:30 +0200
Subject: [PATCH] dns challenge with gandi

---
 .env.default               |  8 +++++++-
 traefik/acme.json          |  0
 traefik/docker-compose.yml | 16 ++++++++++++----
 3 files changed, 19 insertions(+), 5 deletions(-)
 delete mode 100644 traefik/acme.json

diff --git a/.env.default b/.env.default
index bcfab43..8d09638 100644
--- a/.env.default
+++ b/.env.default
@@ -1,7 +1,13 @@
+# ssl
+DNSCHALLENGE_PROVIDER=gandi
+GANDI_API_KEY=xxxxxxxxxxxxxxxxx
+LETSENCRYPT_EMAIL=root@localhost.localdomain
+# sites
 DOMAIN=localhost.localdomain
 HOST_TRAEFIK=traefik
 HOST_GLANCES=glances
 HOST_PORTAINER=portainer
 HOST_MAIL=mail
+# other
 TZ=Europe/Paris
-LETSENCRYPT_EMAIL=root@localhost.localdomain
+
diff --git a/traefik/acme.json b/traefik/acme.json
deleted file mode 100644
index e69de29..0000000
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
index 3483b4d..592fa1d 100644
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@@ -12,15 +12,23 @@ services:
       - --entrypoints.websecure.address=:443
       - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
       - --certificatesresolvers.letsencrypt.acme.storage=/acme.json
-      - --certificatesresolvers.letsencrypt.acme.tlschallenge=true   
+      #- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
+      - --certificatesResolvers.letsencrypt.acme.dnsChallenge=true
+      - --certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
+      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${DNSCHALLENGE_PROVIDER}
+      #- --certificatesResolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=0
     labels: 
       - traefik.enable=true
       - traefik.http.routers.dashboard.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
       - traefik.http.routers.dashboard.entrypoints=web
       - traefik.http.routers.dashboard.entrypoints=websecure
+      - traefik.http.routers.dashboard.service=api@internal      
       - traefik.http.routers.dashboard.tls=true
-      - traefik.http.routers.dashboard.tls.certresolver=letsencrypt    
-      - traefik.http.services.dashboard.loadbalancer.server.port=8080
+      - traefik.http.routers.dashboard.tls.certresolver=letsencrypt
+      - traefik.http.routers.dashboard.tls.domains[0].main=${DOMAIN}
+      - traefik.http.routers.dashboard.tls.domains[0].sans=*.${DOMAIN}         
+      #- traefik.http.services.dashboard.loadbalancer.server.port=8080
+      - traefik.http.routers.dashboard.middlewares=redirect-to-https
       # global redirect to https
       #- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
       #- traefik.http.routers.http-catchall.entrypoints=web
@@ -38,4 +46,4 @@ services:
     restart: unless-stopped
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - /srv/hosting/traefik/acme.json:/acme.json
+#      - /srv/hosting/traefik/acme.json:/acme.json