From 3a82d536f0435c9deca8c2869839937337e5841b Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 24 Aug 2022 06:03:24 +0200 Subject: [PATCH] Add domain hosted by infomaniak and use wildcard certificate from letsencrypt. --- common/docker-compose.yaml | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/common/docker-compose.yaml b/common/docker-compose.yaml index 1be1b61..8c77f36 100644 --- a/common/docker-compose.yaml +++ b/common/docker-compose.yaml @@ -29,10 +29,15 @@ services: - --certificatesresolvers.myresolver.acme.tlschallenge=true - --certificatesresolvers.myresolver.acme.email=christiansteinle@arcor.de - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json + - --certificatesresolvers.infomaniak.acme.dnschallenge=true + - --certificatesresolvers.infomaniak.acme.dnschallenge.provider=infomaniak + - --certificatesresolvers.infomaniak.acme.storage=/letsencrypt/infomaniak.json - --log=true - --accessLog=true - --metrics.prometheus=true - --metrics.prometheus.addRoutersLabels=true + environment: + - INFOMANIAK_ACCESS_TOKEN=5IraYq8HK9qur57Mj_TnHQ9pS9G79NPvjF8ID17n-EvfYO7TU6Fi0ZmDKSX6mIhTQJbyYegRd1hfmM-t ports: - "80:80" - "443:443" @@ -43,8 +48,16 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=web" - - "traefik.http.routers.traefik.rule=Host(`traefik.lan`)" - - "traefik.http.services.traefik.loadbalancer.server.port=8080" + - "traefik.http.routers.traefik.rule=Host(`traefik.fam-steinle.de`)" + - "traefik.http.routers.traefik.middlewares=traefik" + - "traefik.http.middlewares.traefik.redirectscheme.scheme=https" + - "traefik.http.routers.traefik-secure.entrypoints=websecure" + - "traefik.http.routers.traefik-secure.rule=Host(`traefik.fam-steinle.de`)" + - "traefik.http.routers.traefik-secure.tls.certresolver=infomaniak" + - "traefik.http.routers.traefik-secure.tls.domains[0].main=fam-steinle.de" + - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.fam-steinle.de" + - "traefik.http.services.traefik-secure.loadbalancer.server.port=8080" + networks: - proxy @@ -52,7 +65,7 @@ services: image: portainer/portainer-ce:alpine container_name: portainer command: -H unix:///var/run/docker.sock - restart: always + restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer:/data @@ -60,8 +73,16 @@ services: - proxy labels: - "traefik.enable=true" - - "traefik.http.routers.portainer.rule=Host(`portainer.lan`)" - "traefik.http.routers.portainer.entrypoints=web" - - "traefik.http.routers.portainer.service=portainer" - - "traefik.http.services.portainer.loadbalancer.server.port=9000" + - "traefik.http.routers.portainer.rule=Host(`portainer.fam-steinle.de`)" + - "traefik.http.routers.portainer.middlewares=portainer" + - "traefik.http.middlewares.portainer.redirectscheme.scheme=https" + - "traefik.http.routers.portainer-secure.entrypoints=websecure" + - "traefik.http.routers.portainer-secure.rule=Host(`portainer.fam-steinle.de`)" + - "traefik.http.routers.portainer-secure.middlewares=portainer-secure" + - "traefik.http.middlewares.portainer-secure.headers.addvaryheader=true" + - "traefik.http.middlewares.portainer-secure.headers.accesscontrolalloworiginlist=https://homer.fam-steinle.de" + - "traefik.http.middlewares.portainer-secure.headers.accesscontrolallowheaders=x-api-key" + - "traefik.http.routers.portainer-secure.tls.certresolver=infomaniak" + - "traefik.http.services.portainer-secure.loadbalancer.server.port=9000"