Merge pull request #2 from peb-adr/traefik

Add missing certResolver field

Author: boehlke

Dockerfile

@@ -1,6 +1,6 @@
 ARG CONTEXT=prod
 
-FROM traefik:3.6.0 as base
+FROM traefik:3.6.0 AS base
 
 ## Setup
 ARG CONTEXT

README.md

@@ -28,7 +28,7 @@ The proxy service is configured through:
 - `TRAEFIK_LOG_LEVEL` - Log level (default: INFO, DEBUG in dev image)
 - `ENABLE_DASHBOARD` - Enable traefik web-based dashboard, also sets `debug: true` for now
 - `ENABLE_LOCAL_HTTPS` - Enable TLS using certs provided through `HTTPS_*_FILE`. Can be self-signed (used in dev by default) or manually generated/trusted.
-- `ENABLE_AUTO_HTTPS` - Enable cert retrieval through ACME. Depends on further variables.
+- `ENABLE_AUTO_HTTPS` - Enable cert retrieval through ACME. Depends on further variables. (Overruled by `ENABLE_LOCAL_HTTPS` if both are set)
   - `EXTERNAL_ADDRESS` - domain for which to retrieve cert
   - `ACME_ENDPOINT` - when unset will fallback to traefiks default value for `acme.caServer: https://acme-v02.api.letsencrypt.org/directory`
   - `ACME_EMAIL` - Email Address sent to acme endpoint during cert retrieval

entrypoint.sh

@@ -79,10 +79,10 @@ elif [ -n "$ENABLE_AUTO_HTTPS" ]; then
       tls:
         domains:
           - main: ${EXTERNAL_ADDRESS}
+        certResolver: acmeResolver
 EOF
   # Additionally a plain HTTP endpoint to answer ACME challenges on must be
   # configured
-  echo "Configuring traefik to answer acme challenges on port 8001."
   cat >> "$TRAEFIK_CONFIG" << 'EOF'
 
   acme:
@@ -105,6 +105,10 @@ EOF
       caServer: ${ACME_ENDPOINT}
 EOF
   fi
+
+  echo "traefik was configured to automatically retrieve a TLS certificates via acme."
+  echo "Make sure incoming challange requests (to HOST:80/.well-known/acme-challenge/) reach this container on port 8001"
+  echo "In most cases forwarding the hosts port 80 to containers port 8001 is enough."
 fi