poduck/smoothschedule
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(traefik): Add TLS store for wildcard subdomain routing

Browse Source 
- Add default TLS store with wildcard certificate for unknown SNIs
- Add priority=1 to subdomain-router for catch-all behavior
- Use proper Traefik v3 HostRegexp syntax with anchors

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
poduck
2025-12-03 17:14:36 -05:00
parent 13441d88fc
commit a723d784cd
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
smoothschedule/compose/production/traefik/traefik.yml
View File

@@ -43,6 +43,16 @@ certificatesResolvers:
- "1.1.1.1:53" - "1.1.1.1:53"
- "8.8.8.8:53" - "8.8.8.8:53"
tls:
stores:
default:
defaultGeneratedCert:
resolver: letsencrypt-dns
domain:
main: "smoothschedule.com"
sans:
- "*.smoothschedule.com"
http: http:
routers: routers:
# Main domain and www # Main domain and www
@@ -103,8 +113,10 @@ http:
# Wildcard subdomain router for tenant subdomains # Wildcard subdomain router for tenant subdomains
# Uses DNS challenge for wildcard certificate (*.smoothschedule.com) # Uses DNS challenge for wildcard certificate (*.smoothschedule.com)
# Routes to nginx which serves the frontend SPA and proxies /api/ to Django # Routes to nginx which serves the frontend SPA and proxies /api/ to Django
# Low priority (1) ensures specific domain routers match first
subdomain-router: subdomain-router:
rule: 'HostRegexp(`[a-z0-9-]+\\.smoothschedule\\.com`)' rule: 'HostRegexp(`^[a-z0-9-]+\\.smoothschedule\\.com$`)'
priority: 1
entryPoints: entryPoints:
- web-secure - web-secure
middlewares: middlewares: