9454b3862e
- Add DNS resolvers (1.1.1.1, 8.8.8.8) to traefik.yml for faster DNS challenge - Create wildcard-cert.yml to request *.kelinreij.duckdns.org certificate - Add comprehensive setup documentation for wildcard certificates - Update to use production Let's Encrypt email This configuration will automatically request a wildcard certificate covering all subdomains once the Let's Encrypt rate limit resets (Feb 13, 2026 at 21:33 UTC), eliminating the need for individual per-service certificates.
58 lines
1.3 KiB
YAML
58 lines
1.3 KiB
YAML
# Traefik Static Configuration
|
|
# Copy to /opt/stacks/traefik/traefik.yml
|
|
|
|
global:
|
|
checkNewVersion: true
|
|
sendAnonymousUsage: false
|
|
|
|
api:
|
|
dashboard: true
|
|
insecure: false # Dashboard accessible via Traefik route with Authelia
|
|
|
|
entryPoints:
|
|
web:
|
|
address: ":80"
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: websecure
|
|
scheme: https
|
|
|
|
websecure:
|
|
address: ":443"
|
|
http:
|
|
tls:
|
|
certResolver: letsencrypt
|
|
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
acme:
|
|
email: kelinshomelab@gmail.com # Your email for Let's Encrypt notifications
|
|
caServer: https://acme-v02.api.letsencrypt.org/directory # Use staging for testing
|
|
storage: /letsencrypt/acme.json
|
|
# DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org)
|
|
# Works with DuckDNS - requires DUCKDNS_TOKEN in environment
|
|
dnsChallenge:
|
|
provider: duckdns
|
|
resolvers:
|
|
- "1.1.1.1:53"
|
|
- "8.8.8.8:53"
|
|
|
|
providers:
|
|
docker:
|
|
endpoint: "unix:///var/run/docker.sock"
|
|
exposedByDefault: false # Only expose services with traefik.enable=true
|
|
network: traefik-network
|
|
|
|
file:
|
|
directory: /dynamic
|
|
watch: true
|
|
|
|
log:
|
|
level: DEBUG # DEBUG, INFO, WARN, ERROR
|
|
filePath: /var/log/traefik/traefik.log
|
|
|
|
accessLog:
|
|
filePath: /var/log/traefik/access.log
|
|
bufferingSize: 100
|