Hi,
I am trying to setup secrets for Cloudflare API toques but I was getting authentication error with docker swarm secrets. I was able to get it working without the secrets below is the docker compose file that I am using. Can someone please help me.
version: "3.4"
services:
traefik:
image: "traefik:latest"
networks:
- traefik_default
deploy:
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik-dashboard.tls=true"
- "traefik.http.routers.traefik-dashboard.entrypoints=websecure"
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.example.com`)"
- "traefik.http.routers.traefik-dashboard.service=api@internal"
- "traefik.http.routers.traefik-dashboard.tls.domains[0].main=example.com"
- "traefik.http.routers.traefik-dashboard.tls.domains[0].sans=*.example.com"
- "traefik.http.routers.traefik-dashboard.tls.certresolver=myresolver"
- "traefik.http.services.noop.loadbalancer.server.port=8080"
command:
- "--global.checknewversion=true"
- "--global.sendanonymoususage=false"
- "--log.level=DEBUG"
- "--api.insecure=true"
# - "--api.dashboard=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls.certresolver=myresolver"
- "--entrypoints.websecure.http.tls.domains[0].main=example.com"
- "--entrypoints.websecure.http.tls.domains[0].sans=*.example.com"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=admin@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/ssl-certs/acme.json"
- "--providers.docker=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik_default"
ports:
- "80:80"
- "443:443"
secrets:
- cf_email
- cf_token
environment:
- "CF_API_EMAIL=/run/secrets/cf_email"
- "CF_DNS_API_TOKEN=/run/secrets/cf_token"
# - "CF_API_EMAIL=<EMAIL ID>"
# - "CF_DNS_API_TOKEN=<Token Key>"
volumes:
# - traefik:/etc/traefik
- traefik-certs:/ssl-certs
- /var/run/docker.sock:/var/run/docker.sock:ro
secrets:
cf_email:
external: true
cf_token:
external: true
volumes:
traefik-certs:
driver: glusterfs
name: "gfs-docker/traefik-certs"
# traefik:
# driver: glusterfs
# name: "gfs-docker/traefik"
networks:
traefik_default:
external: true