From 1d940628f05263183a79f296ec8661c561b00bc1 Mon Sep 17 00:00:00 2001 From: admin Date: Fri, 6 Feb 2026 12:24:16 -0700 Subject: [PATCH] cleaned up command block --- lxc1/p1-ingress/traefik.yml | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/lxc1/p1-ingress/traefik.yml b/lxc1/p1-ingress/traefik.yml index 11118cd..a474180 100644 --- a/lxc1/p1-ingress/traefik.yml +++ b/lxc1/p1-ingress/traefik.yml @@ -10,31 +10,22 @@ services: mem_reservation: "128m" restart: always command: - # --- Core & API --- - "--api.dashboard=true" - - "--api.insecure=true + - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - - "--providers.docker.network=${REQUIRED_NETWORKS}" # Ensure these are correct! + - "--providers.docker.network=${REQUIRED_NETWORKS}" - "--providers.file.directory=/etc/traefik/dynamic" - "--providers.file.watch=true" - - # --- Entrypoints --- - "--entrypoints.web.address=:80" - # Global Redirect: Force HTTP -> HTTPS for everyone - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entrypoints.websecure.address=:443" - # WILDCARD BLANKET: This tells Traefik "Use deSEC to get a wildcard cert for EVERYTHING on port 443" - "--entrypoints.websecure.http.tls.certresolver=desec" - "--entrypoints.websecure.http.tls.domains[0].main=mapletree.email" - "--entrypoints.websecure.http.tls.domains[0].sans=*.mapletree.email" - - "--entrypoints.websecure.http.tls.domains[0].sans=*.dev.mapletree.email" # Optional: Add your dev subdomain too + - "--entrypoints.websecure.http.tls.domains[0].sans=*.dev.mapletree.email" - "--entrypoints.websecure.http.tls.domains[0].sans=*.test.mapletree.email" - - # --- One Resolver to Rule Them All (deSEC) --- - # I renamed this to 'desec' for clarity. - "--certificatesresolvers.desec.acme.dnschallenge=true" - "--certificatesresolvers.desec.acme.dnschallenge.provider=desec" - "--certificatesresolvers.desec.acme.email=${ACME_EMAIL}" @@ -47,7 +38,6 @@ services: - "--certificatesresolvers.dns_resolver.acme.dnschallenge.provider=desec" - "--certificatesresolvers.dns_resolver.acme.email=${ACME_EMAIL}" - "--certificatesresolvers.dns_resolver.acme.storage=/letsencrypt/acme.json" - # Optimization: deSEC is fast; we don't need massive delays or propagation checks - "--certificatesresolvers.desec.acme.dnschallenge.delaybeforecheck=10" - "--certificatesresolvers.desec.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53" - "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53" @@ -59,11 +49,8 @@ services: - "/docker/traefik/letsencrypt:/letsencrypt" - "/docker/traefik/dynamic:/etc/traefik/dynamic" labels: - # 1. Catch requests for 'traefik.mapletree.email' - "traefik.http.routers.dashboard.rule=Host(`traefik.mapletree.email`)" - # 2. Send them to the internal API service (Magic Service) - "traefik.http.routers.dashboard.service=api@internal" - # 3. Use HTTPS - "traefik.http.routers.dashboard.entrypoints=websecure" - "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.tls.certresolver=dns_resolver" \ No newline at end of file