docker-compose-traefik-letsencrypt-cloudflare/acdct at main · eingress/docker-compose-traefik-letsencrypt-cloudflare · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/usr/bin/env bash

# Acme Cloudflare Docker Compose Traefik generator

# Edit as necessary

TRAEFIK_IMAGE_VERSION=v3.6

# DO NOT EDIT BELOW THIS LINE

pushd() {
  command pushd "$@" >/dev/null
}

popd() {
  command popd "$@" >/dev/null
}

WORK_DIR="${1:-$(pwd)}"

read -p 'Enter the Traefik dashboard host name e.g. traefik.eingress.io: ' HOST
read -p 'Enter the Cloudflare account email address: ' CF_EMAIL
read -p 'Enter the Cloudflare DNS api token: ' CF_TOKEN
read -p 'Enter the Traefik dashboard user name: ' USER

PASSWORD=$(openssl passwd -apr1)

mkdir -p $WORK_DIR
pushd $WORK_DIR

echo '' | tee .env .htpasswd

echo "CF_API_EMAIL=${CF_EMAIL}" >>.env
echo "CF_API_TOKEN=${CF_TOKEN}" >>.env
echo "HOST_NAME=${HOST}" >>.env
echo "TRAEFIK_IMAGE=traefik:${TRAEFIK_IMAGE_VERSION}" >>.env

echo "$USER:$PASSWORD" >>.htpasswd

cat <<-EOF >compose.yaml

networks:
  global:

services:

  main:

    command:
      - --api=true
      - --api.dashboard=true

      - --certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true

      - --certificatesresolvers.letsencrypt.acme.email=\${CF_API_EMAIL}
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json

      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --entryPoints.https.http3
      - --entryPoints.https.http3.advertisedport=443

      - --providers.docker=true

      # !!! IMPORTANT! Comment out or delete next line in production! !!!
      - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory

    env_file:
      - ./.env

    environment:
      - CLOUDFLARE_DNS_API_TOKEN=\${CF_API_TOKEN}

    hostname: \${HOST_NAME}

    image: \${TRAEFIK_IMAGE}

    labels:
      - traefik.http.middlewares.auth.basicauth.usersFile=/etc/traefik/.htpasswd
      - traefik.http.middlewares.to-https.redirectscheme.scheme=https

      - traefik.http.routers.to-https.entrypoints=http
      - traefik.http.routers.to-https.middlewares=to-https
      - traefik.http.routers.to-https.rule=HostRegexp(\`{host:.+}\`)

      - traefik.http.routers.traefik.entrypoints=https
      - traefik.http.routers.traefik.middlewares=auth
      - traefik.http.routers.traefik.rule=Host(\`\${HOST_NAME}\`)
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.tls.certresolver=letsencrypt
      - traefik.http.routers.traefik.tls=true

    networks:
      - global

    ports:
      - 80:80
      - 443:443/tcp
      - 443:443/udp

    restart: unless-stopped

    volumes:
      - .htpasswd:/etc/traefik/.htpasswd
      - /var/run/docker.sock:/var/run/docker.sock:ro

      - acme:/letsencrypt

volumes:
  acme:
EOF

echo "Created .env, .htpasswd, and compose.yaml files in ${WORK_DIR}"
echo "Goodbye"

popd

exit 0