I am fairly new to the Traefik community, so if this is already answered pls point me to the right location.
I am trying to set up an API with docker and using Traefik for SSL endpoint and automated Cert management. Everything worked fine, except I had to do several Docker builds for quick feature updates/bug fixes. (Note that all my tests needed SSL so couldn't do it locally).
Unfortunately, I hit the cert generation limit and got temporarily banned by letsencrypt.
Does it make sense to configure Traefik to use stored certificates instead of hitting the provider for each new build? How would you do that - Is there a sample traefik.toml file for the same? Or is this configured on docker-compose.
Here's my traefik.toml:
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[accessLog]
[providers]
[providers.docker]
exposedByDefault = false
[certificatesResolvers.letsencrypt.acme]
email = "user@example.com"
storage= "acme.json"
[certificatesResolvers.letsencrypt.acme.httpChallenge]
entryPoint = "web"
And here's my docker-compose.yaml
version: '3.8'
services:
web:
build:
context: ./app
command: gunicorn main:app --bind 0.0.0.0:5000 -w 4 -k uvicorn.workers.UvicornWorker
expose:
- 5000
labels:
- "traefik.enable=true"
- "traefik.http.routers.fastapi.rule=Host(`backend-agi.zolnoi.app`)"
- "traefik.http.routers.fastapi.tls=true"
- "traefik.http.routers.fastapi.tls.certresolver=letsencrypt"
traefik:
image: traefik:v2.2
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik/traefik.toml:/etc/traefik/traefik.toml"
Appreciate any inputs here or direction to the docs/blog where I can find a solution.
Thanks