Created
March 7, 2021 02:12
-
-
Save thistac/fdd11ed45c48a9a13fb3b2dd40912634 to your computer and use it in GitHub Desktop.
Simple Traefik with cloudflare, letsencrypt dns-chalange using secrets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.9" | |
| services: | |
| traefik: | |
| image: "traefik:v2.4" | |
| container_name: "traefik" | |
| command: | |
| #- "--log.level=DEBUG" | |
| - "--api.insecure=true" | |
| - "--providers.docker=true" | |
| - "--providers.docker.exposedbydefault=false" | |
| - "--entrypoints.web.address=:80" | |
| - "--entrypoints.websecure.address=:443" | |
| # Enable a dns challenge named "cfresolver" | |
| - "--certificatesresolvers.cfresolver.acme.dnschallenge=true" | |
| # Tell which provider to use | |
| - "--certificatesresolvers.cfresolver.acme.dnschallenge.provider=cloudflare" | |
| # Uncomment to use test server, after everthing ok remove file acme.json and comment again | |
| #- "--certificatesresolvers.cfresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" | |
| # The email to provide to let's encrypt | |
| - "--certificatesresolvers.cfresolver.acme.email=email@xxxx" | |
| # Tell to store the certificate on a path under our volume | |
| - "--certificatesresolvers.cfresolver.acme.storage=/letsencrypt/acme.json" | |
| - "--certificatesResolvers.cfresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53" | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| - "8080:8080" | |
| # expose the predefined secret to the container by name | |
| secrets: | |
| - cf_api_key | |
| - cf_api_email | |
| # expose the path to file provided by docker containing the value we want for ENDPOINT. | |
| environment: | |
| CF_API_KEY_FILE: /run/secrets/cf_api_key | |
| CF_API_EMAIL_FILE: /run/secrets/cf_api_email | |
| volumes: | |
| # Create a letsencrypt dir within the folder where the docker-compose file is | |
| - "./letsencrypt:/letsencrypt" | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| networks: | |
| - traefik_public | |
| whoami: | |
| image: "traefik/whoami" | |
| container_name: "simple-service" | |
| labels: | |
| traefik.enable: "true" | |
| traefik.http.routers.whoami.rule: "Host(`whoami.example.com/`)" | |
| traefik.http.routers.whoami.entrypoints: "websecure" | |
| # Uses the Host rule to define which certificate to issue | |
| traefik.http.routers.whoami.tls.certresolver: "cfresolver" | |
| networks: | |
| - traefik_public | |
| networks: | |
| traefik_public: | |
| ipam: | |
| config: | |
| - subnet: "192.168.100.0/24" | |
| secrets: | |
| # secret name also used to name the file exposed within the container | |
| cf_api_key: | |
| # path on the host ( $ echo xxxxx > ./secrets/cf_api_key.secret) | |
| file: ./secrets/cf_api_key.secret | |
| cf_api_email: | |
| file: ./secrets/cf_api_email.secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for that, Traefik docs don't mention that you're supposed to use different variable names with secrets and I was trying to make it work with CLOUDFLARE_API_KEY. Changed the names to the same ones as yours and it worked!