feat: add letsencrypt cert resolver

- adjust the readme - remove the second traefik compose file
erkenes · Sep 15, 2024 · e61a204 · e61a204
1 parent 4bfb508
commit e61a204
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 34 deletions.
diff --git a/.env.example b/.env.example
@@ -4,6 +4,7 @@ CA_PATH=/docker/traefik/certs
 ROOT_DOMAIN_NAME=YOURDOMAIN.com
 
 TRAEFIK_DASHBOARD_HOST=traefik.$ROOT_DOMAIN_NAME
+TRAEFIK_DASHBOARD_CERT_RESOLVER=letsencrypt
 
 TRAEFIK_UID=2000
 DOCKER_GID=999

diff --git a/ReadMe.md b/ReadMe.md
@@ -160,13 +160,10 @@ certificatesResolvers:
          email: '[email protected]'
 ```
 
-Use the traefik-compose file by editing the [compose.yml](compose.yml) file.
+Change the cert resolver for the dashboard in the `.env` file.
 
-```yaml
-include:
-  - ./lib/compose.dockerproxy.yml
-#  - ./lib/compose.traefik.yml
-  - ./lib/compose.traefik.cloudflare.yml
+```text
+TRAEFIK_DASHBOARD_CERT_RESOLVER=dns-cloudflare
 ```
 
 ## Optional Features / Integrations

diff --git a/lib/compose.traefik.cloudflare.yml b/lib/compose.traefik.cloudflare.yml
diff --git a/lib/compose.traefik.yml b/lib/compose.traefik.yml
@@ -15,6 +15,11 @@ services:
       ROOT_DOMAIN_NAME: '${ROOT_DOMAIN_NAME}'
       TRAEFIK_DASHBOARD_HOST: '${TRAEFIK_DASHBOARD_HOST}'
       TZ: '${TIMEZONE}'
+      CF_API_EMAIL_FILE: '/run/secrets/cf_email'
+      CF_API_KEY_FILE: '/run/secrets/cf_api_key'
+    secrets:
+      - cf_email
+      - cf_api_key
     ports:
       - '0.0.0.0:80:10080'
       - '0.0.0.0:443:10443'
@@ -41,6 +46,7 @@ services:
       - 'traefik.http.routers.traefik-dashboard.tls=true'
       - 'traefik.http.routers.traefik-dashboard.entrypoints=https'
       - 'traefik.http.routers.traefik-dashboard.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)'
+      - 'traefik.http.routers.traefik-dashboard.tls.certresolver=${TRAEFIK_DASHBOARD_CERT_RESOLVER}'
       - 'traefik.http.routers.traefik-dashboard.service=api@internal'
 
       # Ping
@@ -55,6 +61,12 @@ services:
     user: "${TRAEFIK_UID}:${TRAEFIK_UID}" # user traefik has to be created on the host system
     # sudo useradd -u 2000 -M -s /usr/sbin/nologin traefik
 
+secrets:
+  cf_email:
+    file: '${ROOT_PATH}/secrets/cf_email'
+  cf_api_key:
+    file: '${ROOT_PATH}/secrets/cf_api_key'
+
 networks:
   traefik:
     name: traefik

diff --git a/lib/traefik/traefik.yml b/lib/traefik/traefik.yml
@@ -53,3 +53,10 @@ certificatesResolvers:
       storage: /etc/traefik/acme/cloudflare.json
       dnsChallenge:
         provider: cloudflare
+  letsencrypt:
+    acme:
+      # ToDo: Change this value with your email address
+      email: hostmaster@YOUR_DOMAIN.com
+      storage: /etc/traefik/acme/letsencrypt.json
+      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # do not use in production
+      tlsChallenge: {}