Give an example of using traefik for certificates generation as an alternative to nginx/certbot #84
Description
Here is an example for puffer panel running in-os and using Cloudflare with DNS auth, so that we could get the cert even if the panel is not exposed to the internet:
docker-compose.yaml:
services:
traefik:
image: traefik:v3.6.7
container_name: traefik
restart: unless-stopped
command:
- --entryPoints.websecure.address=:443
- --providers.docker.exposedByDefault=false
- --certificatesResolvers.letsencrypt.acme.email=email@domain.tld
- --certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme.json
- --certificatesResolvers.letsencrypt.acme.dnsChallenge.provider=cloudflare
- --providers.file.filename=/file.yaml
environment:
# Cloudflare token for DNS auth, so we could generate certs even if the site is not exposed to the internet
- CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN
ports:
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik:/etc/traefik
- ./traefik.yaml:/file.yaml
extra_hosts:
- "host.docker.internal:host-gateway"
logging:
driver: localtraefik.yaml:
http:
routers:
pufferpanel:
rule: Host(`domain.tld`)
entryPoints: [websecure]
service: pufferpanel
tls:
certResolver: letsencrypt
domains:
- main: domain.tld
services:
pufferpanel:
loadBalancer:
servers:
- url: "http://host.docker.internal:8080"- provider/auth can be changed to a different one and TLS/ALPN if needed
- if puffer panel is running as a docker container it's better to use docker provider with labels instead of file provider with the yaml config file.