niedziela, 28 lutego 2021

Traefik wildcard TLS with Digital Ocean DNS provider

version: "3.5"

services:
  gateway:
    image: traefik:2.4
    restart: always
    environment:
     DO_AUTH_TOKEN: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    command:
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --certificatesresolvers.le.acme.httpchallenge=false
      - --certificatesresolvers.le.acme.httpchallenge.entryPoint=http
      - --certificatesresolvers.le.acme.dnschallenge=true
      - --certificatesresolvers.le.acme.dnschallenge.provider=digitalocean
      - --certificatesresolvers.le.acme.dnschallenge.delaybeforecheck=0"
      - --certificatesResolvers.le.acme.storage=/acme/acme.json
     #- "--certificatesResolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - acme:/acme

  default:
    image: nginx:stable
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.redirect.redirectscheme.scheme=https
      - traefik.http.routers.app-http.rule=HostRegexp(`{default:.*}`)
      - traefik.http.routers.app-http.entrypoints=http
      - traefik.http.routers.app-http.middlewares=redirect
      - traefik.http.routers.app-https.rule=HostRegexp(`{default:.*}`)
      - traefik.http.routers.app-https.entrypoints=https
      - traefik.http.routers.app-https.tls=true
      - traefik.http.routers.app-https.tls.certresolver=le
      - traefik.http.routers.app-https.tls.domains[0].main=test.example.com
      - traefik.http.routers.app-https.tls.domains[0].sans=*.test.example.com,other.example.pl,*.other.example.pl
    volumes:
      - ./:/usr/share/nginx/html

volumes:
  acme:
# vim: set tabstop=2 shiftwidth=2 expandtab autoindent indentexpr= nosmartindent :