From a723d784cdac6160d5a56b3623afb6baf53c4476 Mon Sep 17 00:00:00 2001 From: poduck Date: Wed, 3 Dec 2025 17:14:36 -0500 Subject: [PATCH] fix(traefik): Add TLS store for wildcard subdomain routing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add default TLS store with wildcard certificate for unknown SNIs - Add priority=1 to subdomain-router for catch-all behavior - Use proper Traefik v3 HostRegexp syntax with anchors 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .../compose/production/traefik/traefik.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/smoothschedule/compose/production/traefik/traefik.yml b/smoothschedule/compose/production/traefik/traefik.yml index 4564d19..71f96c4 100644 --- a/smoothschedule/compose/production/traefik/traefik.yml +++ b/smoothschedule/compose/production/traefik/traefik.yml @@ -43,6 +43,16 @@ certificatesResolvers: - "1.1.1.1:53" - "8.8.8.8:53" +tls: + stores: + default: + defaultGeneratedCert: + resolver: letsencrypt-dns + domain: + main: "smoothschedule.com" + sans: + - "*.smoothschedule.com" + http: routers: # Main domain and www @@ -103,8 +113,10 @@ http: # Wildcard subdomain router for tenant subdomains # Uses DNS challenge for wildcard certificate (*.smoothschedule.com) # Routes to nginx which serves the frontend SPA and proxies /api/ to Django + # Low priority (1) ensures specific domain routers match first subdomain-router: - rule: 'HostRegexp(`[a-z0-9-]+\\.smoothschedule\\.com`)' + rule: 'HostRegexp(`^[a-z0-9-]+\\.smoothschedule\\.com$`)' + priority: 1 entryPoints: - web-secure middlewares: