poduck/smoothschedule
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(traefik): Add DNS challenge for wildcard SSL certificates

Browse Source 
HostRegexp patterns don't work with HTTP challenge because Traefik
can't request certificates for dynamic subdomains. Switched to DNS
challenge using DigitalOcean provider for *.smoothschedule.com wildcard.

Requires DO_AUTH_TOKEN environment variable to be set.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
poduck
2025-12-03 16:48:50 -05:00
parent 434f874963
commit 33e4b6b9b5
2 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
smoothschedule/compose/production/traefik/traefik.yml
View File

@@ -28,6 +28,17 @@ certificatesResolvers:
httpChallenge: httpChallenge:
entryPoint: web entryPoint: web
letsencrypt-dns:
# DNS challenge for wildcard certificates (*.smoothschedule.com)
acme:
email: 'admin@smoothschedule.com'
storage: /etc/traefik/acme/acme.json
dnsChallenge:
provider: digitalocean
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
http: http:
routers: routers:
# Main domain and www # Main domain and www
@@ -86,7 +97,7 @@ http:
certResolver: letsencrypt certResolver: letsencrypt
# Wildcard subdomain router for tenant subdomains # Wildcard subdomain router for tenant subdomains
# Each subdomain gets its own certificate via HTTP challenge # Uses DNS challenge for wildcard certificate (*.smoothschedule.com)
# Routes to nginx which serves the frontend SPA and proxies /api/ to Django # Routes to nginx which serves the frontend SPA and proxies /api/ to Django
subdomain-router: subdomain-router:
rule: 'HostRegexp(`{subdomain:[a-z0-9-]+}.smoothschedule.com`)' rule: 'HostRegexp(`{subdomain:[a-z0-9-]+}.smoothschedule.com`)'
@@ -96,7 +107,11 @@ http:
- csrf - csrf
service: nginx service: nginx
tls: tls:
certResolver: letsencrypt certResolver: letsencrypt-dns
domains:
- main: "smoothschedule.com"
sans:
- "*.smoothschedule.com"
flower-secure-router: flower-secure-router:
rule: 'Host(`smoothschedule.com`)' rule: 'Host(`smoothschedule.com`)'

4
smoothschedule/docker-compose.production.yml
View File

@@ -40,11 +40,13 @@ services:
- django - django
volumes: volumes:
- production_traefik:/etc/traefik/acme - production_traefik:/etc/traefik/acme
environment:
# DigitalOcean API token for DNS challenge (wildcard certs)
- DO_AUTH_TOKEN=${DO_AUTH_TOKEN}
ports: ports:
- '0.0.0.0:80:80' - '0.0.0.0:80:80'
- '0.0.0.0:443:443' - '0.0.0.0:443:443'
- '0.0.0.0:5555:5555' - '0.0.0.0:5555:5555'
- '0.0.0.0:5555:5555'
nginx: nginx:
build: build: