cleaned up command block
Some checks are pending
PVE2 Infrastructure Deploy / terraform (push) Waiting to run
Some checks are pending
PVE2 Infrastructure Deploy / terraform (push) Waiting to run
This commit is contained in:
admin
parent
11f78e6c38
commit
1d940628f0
1 changed files with 3 additions and 16 deletions
|
|
@ -10,31 +10,22 @@ services:
|
||||||
mem_reservation: "128m"
|
mem_reservation: "128m"
|
||||||
restart: always
|
restart: always
|
||||||
command:
|
command:
|
||||||
# --- Core & API ---
|
|
||||||
- "--api.dashboard=true"
|
- "--api.dashboard=true"
|
||||||
- "--api.insecure=true
|
- "--api.insecure=true"
|
||||||
- "--providers.docker=true"
|
- "--providers.docker=true"
|
||||||
- "--providers.docker.exposedbydefault=false"
|
- "--providers.docker.exposedbydefault=false"
|
||||||
- "--providers.docker.network=${REQUIRED_NETWORKS}" # Ensure these are correct!
|
- "--providers.docker.network=${REQUIRED_NETWORKS}"
|
||||||
- "--providers.file.directory=/etc/traefik/dynamic"
|
- "--providers.file.directory=/etc/traefik/dynamic"
|
||||||
- "--providers.file.watch=true"
|
- "--providers.file.watch=true"
|
||||||
|
|
||||||
# --- Entrypoints ---
|
|
||||||
- "--entrypoints.web.address=:80"
|
- "--entrypoints.web.address=:80"
|
||||||
# Global Redirect: Force HTTP -> HTTPS for everyone
|
|
||||||
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
||||||
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
||||||
|
|
||||||
- "--entrypoints.websecure.address=:443"
|
- "--entrypoints.websecure.address=:443"
|
||||||
# WILDCARD BLANKET: This tells Traefik "Use deSEC to get a wildcard cert for EVERYTHING on port 443"
|
|
||||||
- "--entrypoints.websecure.http.tls.certresolver=desec"
|
- "--entrypoints.websecure.http.tls.certresolver=desec"
|
||||||
- "--entrypoints.websecure.http.tls.domains[0].main=mapletree.email"
|
- "--entrypoints.websecure.http.tls.domains[0].main=mapletree.email"
|
||||||
- "--entrypoints.websecure.http.tls.domains[0].sans=*.mapletree.email"
|
- "--entrypoints.websecure.http.tls.domains[0].sans=*.mapletree.email"
|
||||||
- "--entrypoints.websecure.http.tls.domains[0].sans=*.dev.mapletree.email" # Optional: Add your dev subdomain too
|
- "--entrypoints.websecure.http.tls.domains[0].sans=*.dev.mapletree.email"
|
||||||
- "--entrypoints.websecure.http.tls.domains[0].sans=*.test.mapletree.email"
|
- "--entrypoints.websecure.http.tls.domains[0].sans=*.test.mapletree.email"
|
||||||
|
|
||||||
# --- One Resolver to Rule Them All (deSEC) ---
|
|
||||||
# I renamed this to 'desec' for clarity.
|
|
||||||
- "--certificatesresolvers.desec.acme.dnschallenge=true"
|
- "--certificatesresolvers.desec.acme.dnschallenge=true"
|
||||||
- "--certificatesresolvers.desec.acme.dnschallenge.provider=desec"
|
- "--certificatesresolvers.desec.acme.dnschallenge.provider=desec"
|
||||||
- "--certificatesresolvers.desec.acme.email=${ACME_EMAIL}"
|
- "--certificatesresolvers.desec.acme.email=${ACME_EMAIL}"
|
||||||
|
|
@ -47,7 +38,6 @@ services:
|
||||||
- "--certificatesresolvers.dns_resolver.acme.dnschallenge.provider=desec"
|
- "--certificatesresolvers.dns_resolver.acme.dnschallenge.provider=desec"
|
||||||
- "--certificatesresolvers.dns_resolver.acme.email=${ACME_EMAIL}"
|
- "--certificatesresolvers.dns_resolver.acme.email=${ACME_EMAIL}"
|
||||||
- "--certificatesresolvers.dns_resolver.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.dns_resolver.acme.storage=/letsencrypt/acme.json"
|
||||||
# Optimization: deSEC is fast; we don't need massive delays or propagation checks
|
|
||||||
- "--certificatesresolvers.desec.acme.dnschallenge.delaybeforecheck=10"
|
- "--certificatesresolvers.desec.acme.dnschallenge.delaybeforecheck=10"
|
||||||
- "--certificatesresolvers.desec.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
|
- "--certificatesresolvers.desec.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
|
||||||
- "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
|
- "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
|
||||||
|
|
@ -59,11 +49,8 @@ services:
|
||||||
- "/docker/traefik/letsencrypt:/letsencrypt"
|
- "/docker/traefik/letsencrypt:/letsencrypt"
|
||||||
- "/docker/traefik/dynamic:/etc/traefik/dynamic"
|
- "/docker/traefik/dynamic:/etc/traefik/dynamic"
|
||||||
labels:
|
labels:
|
||||||
# 1. Catch requests for 'traefik.mapletree.email'
|
|
||||||
- "traefik.http.routers.dashboard.rule=Host(`traefik.mapletree.email`)"
|
- "traefik.http.routers.dashboard.rule=Host(`traefik.mapletree.email`)"
|
||||||
# 2. Send them to the internal API service (Magic Service)
|
|
||||||
- "traefik.http.routers.dashboard.service=api@internal"
|
- "traefik.http.routers.dashboard.service=api@internal"
|
||||||
# 3. Use HTTPS
|
|
||||||
- "traefik.http.routers.dashboard.entrypoints=websecure"
|
- "traefik.http.routers.dashboard.entrypoints=websecure"
|
||||||
- "traefik.http.routers.dashboard.tls=true"
|
- "traefik.http.routers.dashboard.tls=true"
|
||||||
- "traefik.http.routers.dashboard.tls.certresolver=dns_resolver"
|
- "traefik.http.routers.dashboard.tls.certresolver=dns_resolver"
|
||||||
Loading…
Reference in a new issue