-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
traefik DNS-01 challenge support #6423
Comments
There is a plugin trigger named That said, do you have a proposal for an alternative method for setting challenge config? |
thank you for clarify
to
also need command to add to environment to compose template for example if dns-provider set to Cloudflare environment should contains these tow keys
the user should be able to add any key to environment see: https://github.com/dokku/dokku-letsencrypt#dns-01-challenge |
Is this something you'd be willing to sponsor development on? |
I've been thinking a bit more about this. The traefik implementation isn't so great because some folks might want to use different providers depending on the app, yet you need to reconfigure traefik to add more labels for each provider. The naive approach of using one provider might be fine, but seems fairly limiting. That said, this is a good candidate for someone wanting to contribute to Dokku (or sponsor the work). I don't use traefik for load balancing (openresty/nginx are the proxies I use) so I won't be working on this actively unless sponsored, but if someone wants to work on it, feel free to ping me on slack/discord and I'll be happy to walk you through it. |
High Level Plan
challenge-mode
property to the traefik plugin. The default should betls
, and it should be a global property. Folks can set it todns
to switch to dns-based challenges.dns-provider-*
properties. Example from the letsencrypt plugin heredns-provider
property. This should be exposed in thedokku traefik:report
output.PropertyGetAllByPrefix
(needs to be implemented in bash since there is only a golang wrapper)Description of feature
i was using dns-challenge with nginx proxy via dokku-letsencrypt
when i moved my app to traefik it did't work, because wildcard certificate generation require DNS-01 challenge
i think traefik-vhosts template can be edited to support DNS-01 challenge
https://doc.traefik.io/traefik/https/acme/#dnschallenge
The text was updated successfully, but these errors were encountered: