-
Notifications
You must be signed in to change notification settings - Fork 0
/
traefik.acme.yml
81 lines (69 loc) · 1.62 KB
/
traefik.acme.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# Traefik v2 config template for WAN use with HTTP-01 and DNS-01 (via local PowerDNS) acme challenges
global:
checkNewVersion: true
sendAnonymousUsage: true
entryPoints:
web:
address: "0.0.0.0:80"
forwardedHeaders:
insecure: true
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: false
websecure:
address: "0.0.0.0:443"
forwardedHeaders:
insecure: true
http:
tls:
certResolver: default
domains:
- main: "=DCAPE_DOMAIN="
sans:
- "*.=DCAPE_DOMAIN="
# Default cert sourse
# Have a sense in DNS-01 challenge
tls:
stores:
default:
defaultGeneratedCert:
resolver: default
domain:
- main: "=DCAPE_DOMAIN="
sans:
- "*.=DCAPE_DOMAIN="
certificatesResolvers:
default:
acme:
email: =TRAEFIK_EMAIL=
storage: /etc/traefik/acme.json
# STAGE: caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
# STEP: caServer: =TRAEFIK_CA_SERVER=
# STEP: certificatesDuration: 2160 # 90 days
tlsChallenge: true
dnsChallenge:
provider: pdns
httpChallenge:
entryPoint: web
# if you need another CA, just copy upper block with another name
# extra:
# acme:
providers:
docker:
exposedByDefault: false
# TODO: cli version does not work
constraints: "Label(`dcape.traefik.tag`,`=DCAPE_TAG=`)"
file:
directory: /etc/traefik/custom
watch: true
api:
insecure: false
ping:
manualRouting: true
log:
level: INFO
metrics:
prometheus: {}