From 373f94535fec86e8febc44980e38a7cc7adc178d Mon Sep 17 00:00:00 2001
From: lab <hi@esin.io>
Date: Fri, 3 Dec 2021 04:18:31 +0800
Subject: [PATCH] fix: dns-challenge

---
 .gitignore                 |  1 +
 gitea/docker-compose.yml   |  8 +++++--
 traefik/docker-compose.yml | 44 +++++++++++++++++++++++++-------------
 3 files changed, 36 insertions(+), 17 deletions(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2eea525
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.env
\ No newline at end of file
diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml
index 289991d..b4ce22f 100644
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@@ -12,6 +12,8 @@ services:
       - "traefik.http.routers.gitea.entrypoints=websecure"
       - "traefik.http.routers.gitea.tls=true"
       - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.gitea.tls.domains[0].main=esin.io"
+      - "traefik.http.routers.gitea.tls.domains[0].sans=*.esin.io"
       - "traefik.http.routers.gitea.middlewares=gitea-mw"
       - "traefik.http.middlewares.gitea-mw.compress=true"
       - "traefik.http.middlewares.gitea-mw.compress.excludedcontenttypes=text/event-stream"
@@ -23,8 +25,10 @@ services:
     external_links:
       - postgresql
     networks:
-      - traefik
-      - database
+      traefik:
+        priority: 1000
+      database:
+        priority: 100
 networks:
   traefik:
     external: true
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
index a1950c6..fd68549 100644
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@@ -3,38 +3,52 @@ version: "3.9"
 services:
   reverse-proxy:
     image: traefik:v2.5
+    restart: always
     command: 
-      - --entrypoints.web.address=:80
-      - --entrypoints.websecure.address=:443
+      - "--global.sendanonymoususage=false"
+      - "--global.checknewversion=false"
+      # EntryPoints
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
       # Global HTTP -> HTTPS
       - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
       - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
       # Enable dashboard
-      - --api.dashboard=true
-      - --providers.docker.exposedByDefault=false
-      - --ping
+      - "--api.dashboard=true"
+      - "--ping"
+      # Provider docker
+      - "--providers.docker.watch=true"
+      - "--providers.docker.exposedByDefault=false"
+      # Provider file
+      - "--providers.file.watch=true"
+      - "--providers.file.directory=/etc/traefik"
       # SSL configuration
-      - --certificatesresolvers.letsencrypt.acme.email=hi@esin.io
-      - --certificatesresolvers.letsencrypt.acme.storage=/etc/acme/acme.json
-      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
-      - --log.filePath=/var/log/traefik.log
-      - --log.format=json
-      - --log.level=INFO
-      - --accessLog.filepath=/var/log/access.log
-      - --accessLog.format=json
-      - --accessLog.bufferingsize=100
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=linode"
+      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/acme/acme.json"
+      #- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
+      - "--log.filePath=/var/log/traefik.log"
+      - "--log.format=json"
+      - "--log.level=INFO"
+      - "--accessLog.filepath=/var/log/access.log"
+      - "--accessLog.format=json"
+      - "--accessLog.bufferingsize=100"
     ports:
       - "80:80"
       - "443:443"
     environment:
       - "TZ=Asia/Shanghai"
+      - LINODE_TOKEN=${LINODE_TOKEN}
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.dashboard.entrypoints=websecure"
-      - "traefik.http.routers.dashboard.rule=Host(`traefik.esin.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
       - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.esin.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
       - "traefik.http.routers.dashboard.tls=true"
       - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.dashboard.tls.domains[0].main=esin.io"
+      - "traefik.http.routers.dashboard.tls.domains[0].sans=*.esin.io"
       - "traefik.http.routers.dashboard.middlewares=dashboard-auth"
       - "traefik.http.middlewares.dashboard.compress=true"
       - "traefik.http.middlewares.dashboard.compress.excludedcontenttypes=text/event-stream"