edit traefik for custom ports and DNS TSIG

2025-03-28 18:01:20 -04:00 · 2025-03-28 18:01:20 -04:00 · a6f91c53a6
commit a6f91c53a6
parent 41c8fe041a
3 changed files with 30 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
+.env
+.DS_Store
+file-tracking.md
--- a/deploy.env
+++ b/deploy.env
@ -0,0 +1,9 @@
+# DNS TSIG Configuration
+TSIG_KEY=your-tsig-key-name
+TSIG_SECRET=your-tsig-secret
+DNS_SERVER=your-dns-server
+DNS_ZONE=your-dns-zone
+
+# Transfer.sh Configuration
+TRANSFER_USER=your-transfer-user
+TRANSFER_PASS=your-transfer-pass
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -10,12 +10,23 @@ services:
      - --entrypoints.web.http.redirections.entryPoint.to=https
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.https.address=:443
-      - --certificatesresolvers.le.acme.tlschallenge=true
+      - --certificatesresolvers.le.acme.dnschallenge=true
+      - --certificatesresolvers.le.acme.dnschallenge.provider=rfc2136
+      - --certificatesresolvers.le.acme.dnschallenge.resolvers=8.8.8.8,8.8.4.4
      - --certificatesresolvers.le.acme.email=transfer.sh@moeny.ai
      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
+      - --log.level=DEBUG
+    environment:
+      - RFC2136_TSIG_KEY=${TSIG_KEY}
+      - RFC2136_TSIG_SECRET=${TSIG_SECRET}
+      - RFC2136_NAMESERVER=${DNS_SERVER}
+      - RFC2136_ZONE=${DNS_ZONE}
+      - RFC2136_TSIG_ALGORITHM=hmac-sha256
+      - RFC2136_DEBUG=true
+      - RFC2136_TIMEOUT=60
    ports:
-      - "80:80"
-      - "443:443"
+      - "8090:80"
+      - "8490:443"
    volumes:
      - traefik:/letsencrypt:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
@ -29,13 +40,15 @@ services:
      - "traefik.http.routers.transfer.rule=Host(`tx.moeny.ai`)"
      - "traefik.http.routers.transfer.entrypoints=https"
      - "traefik.http.routers.transfer.tls.certresolver=le"
+      - "traefik.http.routers.transfer.tls.domains[0].main=moeny.ai"
+      - "traefik.http.routers.transfer.tls.domains[0].sans=*.moeny.ai"
      - "traefik.http.services.transfer.loadbalancer.server.port=8080"
    command:
      - --provider=local
      - --basedir=/txdata
      - --random-token-length=10
-      - --http-auth-user=moeny
-      - --http-auth-pass=m0eny-TX-98765!
+      - --http-auth-user=${TRANSFER_USER}
+      - --http-auth-pass=${TRANSFER_PASS}
    restart: always

 volumes: