with minimal results coming from my hours of no sleep and reading in regard to traefik/docker, i'm hoping someone could help with having my configuration run and help me understand in the process as existing guides all seem to conflict with one another at some point.
EDIT im happy to respond to any suggestions / info requests. im on this full time as of now
I'd like to wildcard cert my domains and have them resolved through cloudflare in a way that mozilla firefox wont scream at me.
I have acme.json being filled in with cert info and private key. but between the occasional 'incorrect itx record" and the never-ending hang after "msg='Configuration loaded from file: /traefik.yml'" or traefik default cert taking over, i cant pin the issue.
DOCKERFILE below:
version: '3.7'
services:
traefik:
image: 'traefik:latest'
container_name: traefik
restart: unless-stopped
security_opt:
- 'no-new-privileges:true'
networks:
- proxy
ports:
- '80:80'
- '443:443'
environment:
- CF_API_EMAIL=<my-email>
- CF_API_KEY=<my-cf-key>
# - CLOUDFLARE_POLLING_INTERVAL=10
# - CLOUDFLARE_PROPAGATION_TIMEOUT=300
volumes:
- '/etc/localtime:/etc/localtime:ro'
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- '/home/sadmin/traefik/data/traefik.yml:/traefik.yml:ro'
- '/home/sadmin/traefik/data/acme.json:/acme.json'
- '/home/sadmin/traefik/data/config.yml:/config.yml:ro'
labels:
traefik.enable: "true"
traefik.http.routers.traefik.entrypoints: "websecure"
traefik.http.routers.traefik.rule: "Host(`local.example.com`)"
traefik.http.middlewares.traefik-auth.basicauth.users: "<encoded-user-pass>"
traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme: "https"
traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: "https"
traefik.http.routers.traefik.middlewares: "traefik-https-redirect"
traefik.http.routers.traefik-secure.entrypoints: "websecure"
traefik.http.routers.traefik-secure.rule: "Host(`traefik.local.example.com`)"
traefik.http.routers.traefik-secure.middlewares: "traefik-auth"
traefik.http.routers.traefik-secure.tls: "true"
traefik.http.routers.traefik-secure.tls.certresolver: "cloudflare"
traefik.http.routers.traefik-secure.tls.domains[0].main: "local.example.com"
traefik.http.routers.traefik-secure.tls.domains[0].sans: "*.local.example.com"
traefik.http.routers.traefik-secure.service: "api@internal"
networks:
proxy:
external: true
traefik.yml below:
api:
dashboard: true
debug: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
# tls:
# certResolver: letsencrypt
# domains:
# - main=local.example.com
# - sans=*.local.example.com
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: <my-email>
storage: acme.json
dnsChallenge:
provider: cloudflare
# disablePropagationCheck: true
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
Note - Pulled from acme file:
https://acme-v02.api.letsencrypt.org/acme/acct/
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Method not allowed",
"status": 405
}
p.s. after over 24 hours of no sleep trying to 'beat this' i can confidently say that i'm not coming here too early. if i could have pieced the puzzle together myself then i would have by now