elfateh/launchpad-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor Traefik service configuration to use HTTP-01 challenge and remove Namecheap DNS settings

Browse Source
This commit is contained in:
Mohmmed Elfateh Sabry
2025-08-11 00:40:05 +03:00
parent 2e7b1c7120
commit 97a8a23582
2 changed files with 6 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example
View File

@@ -9,11 +9,6 @@ TZ=Your/Timezone
# Your email address for Let's Encrypt certificate notifications # Your email address for Let's Encrypt certificate notifications
ACME_EMAIL=admin@your-domain.com ACME_EMAIL=admin@your-domain.com
## Namecheap DNS API (whitelist your VPS IP in Namecheap API settings)
# Your Namecheap username
NAMECHEAP_API_USER=your_namecheap_username
# Your Namecheap API key (found in your Namecheap account settings)
NAMECHEAP_API_KEY=your_namecheap_api_key
## CrowdSec ## CrowdSec
# Generate with: docker exec -it crowdsec cscli bouncers add traefik-bouncer # Generate with: docker exec -it crowdsec cscli bouncers add traefik-bouncer

16
docker-compose.yml
View File

@@ -29,7 +29,7 @@ volumes:
services: services:
## ───────────────────────────────────────────── ## ─────────────────────────────────────────────
## Traefik — edge router + ACME (Namecheap DNS) ## Traefik — edge router + ACME (HTTP-01)
## ───────────────────────────────────────────── ## ─────────────────────────────────────────────
traefik: traefik:
image: traefik:v3.1 image: traefik:v3.1
@@ -40,9 +40,6 @@ services:
- "443:443" - "443:443"
networks: [traefik_proxy, monitoring] networks: [traefik_proxy, monitoring]
environment: environment:
# Namecheap DNS challenge auth
NAMECHEAP_API_USER: "${NAMECHEAP_API_USER}"
NAMECHEAP_API_KEY: "${NAMECHEAP_API_KEY}"
TZ: "${TZ}" TZ: "${TZ}"
command: command:
# Providers # Providers
@@ -58,13 +55,12 @@ services:
# Dashboard/API (internal) # Dashboard/API (internal)
- --api.dashboard=true - --api.dashboard=true
# ACME via DNS-01 (wildcard for *.gate.${DOMAIN}) # ACME via HTTP-01
- --certificatesresolvers.le.acme.email=${ACME_EMAIL} - --certificatesresolvers.le.acme.email=${ACME_EMAIL}
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.le.acme.dnschallenge=true - --certificatesresolvers.le.acme.httpchallenge=true
- --certificatesresolvers.le.acme.dnschallenge.provider=namecheap - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
# Optional: if DNS propagation is slow, uncomment:
# - --certificatesresolvers.le.acme.dnschallenge.disablepropagationcheck=true
# Metrics (Prometheus) # Metrics (Prometheus)
- --metrics.prometheus=true - --metrics.prometheus=true
@@ -306,4 +302,4 @@ services:
- traefik.http.routers.grafana.entrypoints=websecure - traefik.http.routers.grafana.entrypoints=websecure
- traefik.http.routers.grafana.tls.certresolver=le - traefik.http.routers.grafana.tls.certresolver=le
- traefik.http.routers.grafana.middlewares=crowdsec,authelia,security-headers - traefik.http.routers.grafana.middlewares=crowdsec,authelia,security-headers
- traefik.http.services.grafana.loadbalancer.server.port=3000 - traefik.http.services.grafana.loadbalancer.server.port=3000