kovagoadi.hu/traefik
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(traefik): allow acme bypass and set high priority for whoami
All checks were successful
Remote Deployment Pipeline / Prepare Context (pull_request) Successful in 2s
Details
Remote Deployment Pipeline / Deploy (Staging) (pull_request) Has been skipped
Details
Remote Deployment Pipeline / Deploy (Dev/Preview) (pull_request) Successful in 48s
Details
Remote Deployment Pipeline / Deploy (Production) (pull_request) Has been skipped
Details
Remote Deployment Pipeline / Cleanup Preview (pull_request) Has been skipped
Details

Browse Source
This commit is contained in:
kovagoadi
2025-12-19 22:59:49 +01:00
parent 4e3aa30c61
commit 92b98879f8
2 changed files with 4 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
dev/forward-to-legacy-nginx.yaml
View File

@@ -23,7 +23,7 @@ tcp:
nginx-legacy-router-secure: nginx-legacy-router-secure:
# DO NOT use "*". List the domains that Nginx manages itself. # DO NOT use "*". List the domains that Nginx manages itself.
# If you use "*", Traefik's own HTTPS domains will not work. # If you use "*", Traefik's own HTTPS domains will not work.
rule: "HostSNI(`excali.kovagoadi.hu`, `another-legacy.hu`)" rule: "HostSNI(`excali.kovagoadi.hu`) || HostSNI(`another-legacy.hu`)"
service: nginx-legacy-service-secure service: nginx-legacy-service-secure
tls: tls:
passthrough: true passthrough: true
@@ -39,8 +39,7 @@ tcp:
http: http:
routers: routers:
# 1. TRAEFIK-MANAGED ACME HANDLER # 1. TRAEFIK-MANAGED ACME HANDLER (Removed manual router)
# 2. THE HTTP CATCH-ALL (Sends other ACME and HTTP to Nginx) # 2. THE HTTP CATCH-ALL (Sends other ACME and HTTP to Nginx)
nginx-legacy-router: nginx-legacy-router:

8
docker-compose.yaml
View File

@@ -1,5 +1,5 @@
services: services:
traefik4: traefik3:
image: "traefik:v3.6@sha256:4ec25d36f3203240bc1631bb43954c61e872331ab693e741398f1dde6974c145" image: "traefik:v3.6@sha256:4ec25d36f3203240bc1631bb43954c61e872331ab693e741398f1dde6974c145"
restart: unless-stopped restart: unless-stopped
security_opt: security_opt:
@@ -19,10 +19,6 @@ services:
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com" - "--certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
- "traefik.http.routers.traefik-acme-handler.rule=Host(`test-whoami.dev.kovagoadi.hu`) && PathPrefix(`/.well-known/acme-challenge/`)"
- "traefik.http.routers.traefik-acme-handler.entrypoints=web"
- "traefik.http.routers.traefik-acme-handler.service=acme-http@internal"
- "traefik.http.routers.traefik-acme-handler.priority=1000"
- "${TRAEFIK_LEGACY_OPT:-}" - "${TRAEFIK_LEGACY_OPT:-}"
- "--providers.file.watch=true" - "--providers.file.watch=true"
ports: ports:
@@ -42,12 +38,12 @@ services:
labels: labels:
- "env=${ENV}" - "env=${ENV}"
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.whoami.priority=10000"
- "traefik.http.routers.whoami.rule=Host(`test-whoami.${DOMAIN}`)" - "traefik.http.routers.whoami.rule=Host(`test-whoami.${DOMAIN}`)"
- "traefik.http.routers.https.rule=Host(`test-whoami.${DOMAIN}`)" - "traefik.http.routers.https.rule=Host(`test-whoami.${DOMAIN}`)"
- "traefik.http.routers.whoami.entrypoints=web" - "traefik.http.routers.whoami.entrypoints=web"
- traefik.http.routers.https.entrypoints=https - traefik.http.routers.https.entrypoints=https
- traefik.http.routers.https.tls=true - traefik.http.routers.https.tls=true
- traefik.http.routers.https.tls.certresolver=letsencrypt
networks: networks:
proxy: proxy:
legacy-nginx: legacy-nginx: