From a8e5be2162ea1de7a6b0eed27041bb38a3b4e4c4 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Wed, 27 Jul 2022 11:12:08 -0700 Subject: [PATCH] Get letsencrypt certs working with Traefik --- traefik/traefik.nomad | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/traefik/traefik.nomad b/traefik/traefik.nomad index bc9c924..7cc588e 100644 --- a/traefik/traefik.nomad +++ b/traefik/traefik.nomad @@ -54,10 +54,8 @@ job "traefik" { tags = [ "traefik.enable=true", - "traefik.http.routers.traefik_dashboard.entryPoints=websecure", - "traefik.http.routers.traefik_dashboard.rule=Host(`traefik.${var.base_hostname}`)", - "traefik.http.routers.traefik_dashboard.service=api@internal", - "traefik.http.routers.traefik_dashboard.tls=true", + "traefik.http.routers.traefik.entryPoints=websecure", + "traefik.http.routers.traefik.service=api@internal", ] } @@ -107,7 +105,9 @@ job "traefik" { [entryPoints.websecure] address = ":443" [entryPoints.websecure.http.tls] - # certResolver = "letsEncrypt" + << if keyExists "traefik/acme/email" ->> + certResolver = "letsEncrypt" + << end ->> [entryPoints.metrics] address = ":8989" @@ -131,13 +131,34 @@ job "traefik" { connectAware = true connectByDefault = true exposedByDefault = false - defaultRule = "Host(`{{normalize .Name}}.${var.base_hostname}`)" + defaultRule = "Host(`{{normalize .Name}}.<< keyOrDefault "global/base_hostname" "${var.base_hostname}" >>`)" [providers.consulCatalog.endpoint] address = "http://<< env "CONSUL_HTTP_ADDR" >>" + +<< if keyExists "traefik/acme/email" ->> +[certificatesResolvers.letsEncrypt.acme] + email = "<< key "traefik/acme/email" >>" + storage = "acme.json" + [certificatesResolvers.letsEncrypt.acme.dnsChallenge] + provider = "cloudflare" + resolvers = ["1.1.1.1:53", "8.8.8.8:53"] + delayBeforeCheck = 0 +<< end ->> EOH destination = "local/config/traefik.toml" } + template { + data = <