Add docker with traefik for dnschallenge certs

.gitignore

@@ -1 +1,2 @@
-.DS_Store
+.DS_Store
+.env

Dockerfile

@@ -0,0 +1,2 @@
+FROM nginx
+COPY html /usr/share/nginx/html

README.md

@@ -2,4 +2,8 @@
 
 This is the repository for the *[moeny.ai](https://moeny.ai)* website, showcasing New York’s network of AI experts and our journey toward building lean, impactful AI solutions.
 
-Looking to connect more? Join our [RocketChat](https://rocketchat.moeny.ai).
+Looking to connect more? Join our [RocketChat](https://rocketchat.moeny.ai).
+
+## Docker Compose
+
+The docker setup uses [traefik](https://hub.docker.com/_/traefik) to handle Let's Encrypt certificates, using a [DNS challenge](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge). In order for this setup to work, your DNS server must be configured with a TSIG key for dynamic updates. See our [bind9](https://gitea.moeny.ai/moeny/bind9) repo for more info.

deploy.env

@@ -0,0 +1,5 @@
+# DNS TSIG Configuration
+TSIG_KEY=your-tsig-key-name
+TSIG_SECRET=your-tsig-secret
+DNS_SERVER=your-dns-server
+DNS_ZONE=your-dns-zone

docker-compose.yaml

@@ -0,0 +1,53 @@
+services:
+  traefik:
+    image: traefik:v2.10
+    restart: always
+    networks:
+      - website_default
+    command:
+      - --api.insecure=false
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entryPoint.to=https
+      - --entrypoints.web.http.redirections.entryPoint.scheme=https
+      - --entrypoints.https.address=:443
+      - --certificatesresolvers.le_moeny_website.acme.dnschallenge=true
+      - --certificatesresolvers.le_moeny_website.acme.dnschallenge.provider=rfc2136
+      - --certificatesresolvers.le_moeny_website.acme.dnschallenge.resolvers=8.8.8.8,8.8.4.4
+      - --certificatesresolvers.le_moeny_website.acme.email=webmaster@moeny.ai
+      - --certificatesresolvers.le_moeny_website.acme.storage=/letsencrypt/acme.json
+      - --log.level=DEBUG
+    environment:
+      - RFC2136_TSIG_KEY=${TSIG_KEY}
+      - RFC2136_TSIG_SECRET=${TSIG_SECRET}
+      - RFC2136_NAMESERVER=${DNS_SERVER}
+      - RFC2136_ZONE=${DNS_ZONE}
+      - RFC2136_TSIG_ALGORITHM=hmac-sha256
+      - RFC2136_DEBUG=true
+      - RFC2136_TIMEOUT=60
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - traefik_moeny_website:/letsencrypt:rw
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+  moeny:
+    build: .
+    restart: always
+    networks:
+      - website_default
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.moeny_website.rule=Host(`moeny.ai`)"
+      - "traefik.http.routers.moeny_website.entrypoints=https"
+      - "traefik.http.routers.moeny_website.tls.certresolver=le_moeny_website"
+      - "traefik.http.services.moeny_website.loadbalancer.server.port=80"
+
+volumes:
+  traefik_moeny_website: { driver: local }
+
+networks:
+  website_default:
+    name: website_default