From 8e90029a84762308a9bfaa32871019a8acabd1de Mon Sep 17 00:00:00 2001 From: Nemo Date: Wed, 28 Mar 2018 15:45:44 +0530 Subject: [PATCH] wildcard certs are here!!! --- cloudflare/main.tf | 8 ++++++++ docker/conf/traefik.toml | 18 ++++++++++++------ docker/data.tf | 2 +- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/cloudflare/main.tf b/cloudflare/main.tf index b722506..bc64788 100644 --- a/cloudflare/main.tf +++ b/cloudflare/main.tf @@ -37,6 +37,14 @@ resource "cloudflare_record" "internet-wildcard" { ttl = 3600 } +resource "cloudflare_record" "acme-no-cname-1" { + domain = "${var.domain}" + name = "_acme-challenge.${var.domain}" + type = "A" + value = "127.0.0.1" + ttl = "300" +} + /** * vpn.bb8.fun * *.vpn.bb8.fun diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml index a522780..3f8965d 100644 --- a/docker/conf/traefik.toml +++ b/docker/conf/traefik.toml @@ -85,13 +85,13 @@ acmelogging = true [acme.httpChallenge] entryPoint = "http" -# Keep DNS challenge disabled -# for now -# [acme.dnsChallenge] -# provider = "cloudflare" -# delayBeforeCheck = 5 -# Get wildcard once possible +[acme.dnsChallenge] + provider = "cloudflare" + delayBeforeCheck = 30 +# This is a legacy certificate +# From when traefik did not support +# wildcard certs [[acme.domains]] main = "bb8.fun" sans = [ @@ -126,3 +126,9 @@ sans = [ "wifi.bb8.fun", "wiki.bb8.fun" ] +# Primary 2 wildcard certs +[[acme.domains]] + main = "*.bb8.fun" +# Internal services are also protected! +[[acme.domains]] + main = "*.in.bb8.fun" diff --git a/docker/data.tf b/docker/data.tf index f2ff731..802cf9b 100644 --- a/docker/data.tf +++ b/docker/data.tf @@ -17,7 +17,7 @@ data "docker_registry_image" "transmission" { } data "docker_registry_image" "traefik" { - name = "traefik:cancoillotte-alpine" + name = "traefik:1.6" } data "docker_registry_image" "wikijs" {