dns challenge with gandi
This commit is contained in:
Yax
parent
67501f5df0
commit
0979a3420a
3 changed files with 19 additions and 5 deletions
|
|
@ -1,7 +1,13 @@
|
||||||
|
# ssl
|
||||||
|
DNSCHALLENGE_PROVIDER=gandi
|
||||||
|
GANDI_API_KEY=xxxxxxxxxxxxxxxxx
|
||||||
|
LETSENCRYPT_EMAIL=root@localhost.localdomain
|
||||||
|
# sites
|
||||||
DOMAIN=localhost.localdomain
|
DOMAIN=localhost.localdomain
|
||||||
HOST_TRAEFIK=traefik
|
HOST_TRAEFIK=traefik
|
||||||
HOST_GLANCES=glances
|
HOST_GLANCES=glances
|
||||||
HOST_PORTAINER=portainer
|
HOST_PORTAINER=portainer
|
||||||
HOST_MAIL=mail
|
HOST_MAIL=mail
|
||||||
|
# other
|
||||||
TZ=Europe/Paris
|
TZ=Europe/Paris
|
||||||
LETSENCRYPT_EMAIL=root@localhost.localdomain
|
|
||||||
|
|
|
||||||
|
|
@ -12,15 +12,23 @@ services:
|
||||||
- --entrypoints.websecure.address=:443
|
- --entrypoints.websecure.address=:443
|
||||||
- --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
|
- --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
|
||||||
- --certificatesresolvers.letsencrypt.acme.storage=/acme.json
|
- --certificatesresolvers.letsencrypt.acme.storage=/acme.json
|
||||||
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
|
#- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
|
||||||
|
- --certificatesResolvers.letsencrypt.acme.dnsChallenge=true
|
||||||
|
- --certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
|
||||||
|
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${DNSCHALLENGE_PROVIDER}
|
||||||
|
#- --certificatesResolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=0
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.dashboard.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
|
- traefik.http.routers.dashboard.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
|
||||||
- traefik.http.routers.dashboard.entrypoints=web
|
- traefik.http.routers.dashboard.entrypoints=web
|
||||||
- traefik.http.routers.dashboard.entrypoints=websecure
|
- traefik.http.routers.dashboard.entrypoints=websecure
|
||||||
|
- traefik.http.routers.dashboard.service=api@internal
|
||||||
- traefik.http.routers.dashboard.tls=true
|
- traefik.http.routers.dashboard.tls=true
|
||||||
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
|
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
|
||||||
- traefik.http.services.dashboard.loadbalancer.server.port=8080
|
- traefik.http.routers.dashboard.tls.domains[0].main=${DOMAIN}
|
||||||
|
- traefik.http.routers.dashboard.tls.domains[0].sans=*.${DOMAIN}
|
||||||
|
#- traefik.http.services.dashboard.loadbalancer.server.port=8080
|
||||||
|
- traefik.http.routers.dashboard.middlewares=redirect-to-https
|
||||||
# global redirect to https
|
# global redirect to https
|
||||||
#- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
|
#- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
|
||||||
#- traefik.http.routers.http-catchall.entrypoints=web
|
#- traefik.http.routers.http-catchall.entrypoints=web
|
||||||
|
|
@ -38,4 +46,4 @@ services:
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
- /srv/hosting/traefik/acme.json:/acme.json
|
# - /srv/hosting/traefik/acme.json:/acme.json
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue