|
|
|
@@ -98,3 +98,24 @@ aux_file_definitions: |
|
|
|
certFile: /ssl/cert.pem |
|
|
|
keyFile: /ssl/privkey.pem |
|
|
|
``` |
|
|
|
|
|
|
|
## Configuring DNS-01 ACME Challenges |
|
|
|
|
|
|
|
You can configure traefik to use the DNS-01 validation for Let's Encrypt. This is less frequent than using the normal HTTP challenge, but it can be helpful to hide your public IP from Let's Encrypt logs or if your matrix server is running behind a proxy that prevents the HTTP challenge to succeed. This is an example for how to edit the `vars.yml` file if you're using Cloudflare: |
|
|
|
|
|
|
|
```yaml |
|
|
|
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true |
|
|
|
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare" |
|
|
|
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60 |
|
|
|
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers: |
|
|
|
- "1.1.1.1:53" |
|
|
|
devture_traefik_environment_variables_additional_variables: | |
|
|
|
CF_API_EMAIL=redacted |
|
|
|
CF_ZONE_API_TOKEN=redacted |
|
|
|
CF_DNS_API_TOKEN=redacted |
|
|
|
LEGO_DISABLE_CNAME_SUPPORT=true |
|
|
|
``` |
|
|
|
|
|
|
|
Make sure to change the value of "provider" to your particular DNS solution, and provide the appropriate environment variables. The full list of supported providers is available here: https://doc.traefik.io/traefik/https/acme/#providers |
|
|
|
|
|
|
|
This example assumes you're using Cloudflare to manage your DNS zone. Note that it requires the use of two tokens: one for reading all zones (`CF_ZONE_API_TOKEN`) and another that must be able to edit the particular domain you're using (`CF_DNS_API_TOKEN`). For security, it's recommended that you create two fine-grained tokens for this purpose, but you might choose to use the same token for both. |
lon
1 год назад
lon