traefik.acme.yml

# Traefik v2 config template for WAN use with HTTP-01 and DNS-01 (via local PowerDNS) acme challenges

global:
  checkNewVersion: true
  sendAnonymousUsage: true

entryPoints:
  web:
    address: "0.0.0.0:80"
    forwardedHeaders:
      insecure: true
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: false

  websecure:
    address: "0.0.0.0:443"
    forwardedHeaders:
      insecure: true
    http:
      tls:
        certResolver: default
        domains:
          - main: "=DCAPE_DOMAIN="
            sans:
              - "*.=DCAPE_DOMAIN="

# Default cert sourse
# Have a sense in DNS-01 challenge
tls:
  stores:
    default:
      defaultGeneratedCert:
        resolver: default
        domain:
          - main: "=DCAPE_DOMAIN="
            sans:
              - "*.=DCAPE_DOMAIN="

certificatesResolvers:
  default:
    acme:
      email: =TRAEFIK_EMAIL=
      storage: /etc/traefik/acme.json
      # STAGE: caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
# STEP:     caServer: =TRAEFIK_CA_SERVER=
# STEP:     certificatesDuration: 2160 # 90 days
      tlsChallenge: true
      dnsChallenge:
        provider: pdns
      httpChallenge:
        entryPoint: web

# if you need another CA, just copy upper block with another name
#  extra:
#    acme:

providers:
  docker:
    exposedByDefault: false
     # TODO: cli version does not work
    constraints: "Label(`dcape.traefik.tag`,`=DCAPE_TAG=`)"

  file:
    directory: /etc/traefik/custom
    watch: true

api:
  insecure: false

ping:
  manualRouting: true

log:
  level: INFO

metrics:
  prometheus: {}