From a6f91c53a673daf64ab8dc913bb144b509aa0410 Mon Sep 17 00:00:00 2001
From: moeny-matt <matt@moeny.ai>
Date: Fri, 28 Mar 2025 18:01:20 -0400
Subject: [PATCH] edit traefik for custom ports and DNS TSIG

---
 .gitignore          |  3 +++
 deploy.env          |  9 +++++++++
 docker-compose.yaml | 23 ++++++++++++++++++-----
 3 files changed, 30 insertions(+), 5 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 deploy.env

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..87f3442
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.env
+.DS_Store
+file-tracking.md
\ No newline at end of file
diff --git a/deploy.env b/deploy.env
new file mode 100644
index 0000000..6c2f03a
--- /dev/null
+++ b/deploy.env
@@ -0,0 +1,9 @@
+# DNS TSIG Configuration
+TSIG_KEY=your-tsig-key-name
+TSIG_SECRET=your-tsig-secret
+DNS_SERVER=your-dns-server
+DNS_ZONE=your-dns-zone
+
+# Transfer.sh Configuration
+TRANSFER_USER=your-transfer-user
+TRANSFER_PASS=your-transfer-pass
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 72bc990..dc331ca 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -10,12 +10,23 @@ services:
       - --entrypoints.web.http.redirections.entryPoint.to=https
       - --entrypoints.web.http.redirections.entryPoint.scheme=https
       - --entrypoints.https.address=:443
-      - --certificatesresolvers.le.acme.tlschallenge=true
+      - --certificatesresolvers.le.acme.dnschallenge=true
+      - --certificatesresolvers.le.acme.dnschallenge.provider=rfc2136
+      - --certificatesresolvers.le.acme.dnschallenge.resolvers=8.8.8.8,8.8.4.4
       - --certificatesresolvers.le.acme.email=transfer.sh@moeny.ai
       - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
+      - --log.level=DEBUG
+    environment:
+      - RFC2136_TSIG_KEY=${TSIG_KEY}
+      - RFC2136_TSIG_SECRET=${TSIG_SECRET}
+      - RFC2136_NAMESERVER=${DNS_SERVER}
+      - RFC2136_ZONE=${DNS_ZONE}
+      - RFC2136_TSIG_ALGORITHM=hmac-sha256
+      - RFC2136_DEBUG=true
+      - RFC2136_TIMEOUT=60
     ports:
-      - "80:80"
-      - "443:443"
+      - "8090:80"
+      - "8490:443"
     volumes:
       - traefik:/letsencrypt:rw
       - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -29,13 +40,15 @@ services:
       - "traefik.http.routers.transfer.rule=Host(`tx.moeny.ai`)"
       - "traefik.http.routers.transfer.entrypoints=https"
       - "traefik.http.routers.transfer.tls.certresolver=le"
+      - "traefik.http.routers.transfer.tls.domains[0].main=moeny.ai"
+      - "traefik.http.routers.transfer.tls.domains[0].sans=*.moeny.ai"
       - "traefik.http.services.transfer.loadbalancer.server.port=8080"
     command:
       - --provider=local
       - --basedir=/txdata
       - --random-token-length=10
-      - --http-auth-user=moeny
-      - --http-auth-pass=m0eny-TX-98765!
+      - --http-auth-user=${TRANSFER_USER}
+      - --http-auth-pass=${TRANSFER_PASS}
     restart: always
 
 volumes: