From 20697af735354b4e0e4ae1b7af342ca5362c15f3 Mon Sep 17 00:00:00 2001
From: Czechman <matthias@czechman.de>
Date: Sun, 27 Nov 2022 01:30:23 +0100
Subject: [PATCH] config file aktualisiert

---
 config/acme.json               |   0
 config/traefik.toml            | 116 ++++++++++++++++++++++++++++++++-
 docker-compose.traefik.v2x.yml |   4 ++
 3 files changed, 118 insertions(+), 2 deletions(-)
 create mode 100644 config/acme.json

diff --git a/config/acme.json b/config/acme.json
new file mode 100644
index 0000000..e69de29
diff --git a/config/traefik.toml b/config/traefik.toml
index 074bf39..954ea96 100644
--- a/config/traefik.toml
+++ b/config/traefik.toml
@@ -24,6 +24,11 @@
 [entryPoints]
   [entryPoints.web]
     address = ":80"
+  [entryPoints.web.http]
+    [entryPoints.web.http.redirections]
+      [entryPoints.web.http.redirections.entryPoint]
+        to = "websecure"
+        scheme = "https"
 
   [entryPoints.websecure]
     address = ":443"
@@ -44,7 +49,7 @@
   # Optional
   # Default: "ERROR"
   #
-  # level = "DEBUG"
+  level = "DEBUG"
 
   # Sets the filepath for the traefik log. If not specified, stdout will be used.
   # Intermediate directories are created if necessary.
@@ -100,7 +105,7 @@
   # Optional
   # Default: false
   #
-  # insecure = true
+  insecure = true
 
   # Enabled Dashboard
   #
@@ -156,3 +161,110 @@
       directory = "/path/to/config"
       watch = true
 
+# Enable ACME (Let's Encrypt): automatic SSL.
+[certificatesResolvers.myresolver.acme]
+
+  # Email address used for registration.
+  #
+  # Required
+  #
+  email = "ddns@mcseeno.de"
+
+  # File or key used for certificates storage.
+  #
+  # Required
+  #
+  storage = "acme.json"
+
+  # CA server to use.
+  # Uncomment the line to use Let's Encrypt's staging server,
+  # leave commented to go to prod.
+  #
+  # Optional
+  # Default: "https://acme-v02.api.letsencrypt.org/directory"
+  #
+  # caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
+
+  # The certificates' duration in hours.
+  # It defaults to 2160 (90 days) to follow Let's Encrypt certificates' duration.
+  #
+  # Optional
+  # Default: 2160
+  #
+  # certificatesDuration=2160
+
+  # Preferred chain to use.
+  #
+  # If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
+  # If no match, the default offered chain will be used.
+  #
+  # Optional
+  # Default: ""
+  #
+  # preferredChain = "ISRG Root X1"
+
+  # KeyType to use.
+  #
+  # Optional
+  # Default: "RSA4096"
+  #
+  # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
+  #
+  # keyType = "RSA4096"
+
+  # Use a TLS-ALPN-01 ACME challenge.
+  #
+  # Optional (but recommended)
+  #
+  [certificatesResolvers.myresolver.acme.tlsChallenge]
+
+  # Use a HTTP-01 ACME challenge.
+  #
+  # Optional
+  #
+  # [certificatesResolvers.myresolver.acme.httpChallenge]
+
+    # EntryPoint to use for the HTTP-01 challenges.
+    #
+    # Required
+    #
+    # entryPoint = "web"
+
+  # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
+  # Note: mandatory for wildcard certificate generation.
+  #
+  # Optional
+  #
+  # [certificatesResolvers.myresolver.acme.dnsChallenge]
+
+    # DNS provider used.
+    #
+    # Required
+    #
+    # provider = "digitalocean"
+
+    # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
+    # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
+    # Useful if internal networks block external DNS queries.
+    #
+    # Optional
+    # Default: 0
+    #
+    # delayBeforeCheck = 0
+
+    # Use following DNS servers to resolve the FQDN authority.
+    #
+    # Optional
+    # Default: empty
+    #
+    # resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
+
+    # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
+    #
+    # NOT RECOMMENDED:
+    # Increase the risk of reaching Let's Encrypt's rate limits.
+    #
+    # Optional
+    # Default: false
+    #
+    # disablePropagationCheck = true
diff --git a/docker-compose.traefik.v2x.yml b/docker-compose.traefik.v2x.yml
index cc484f8..3506b4d 100644
--- a/docker-compose.traefik.v2x.yml
+++ b/docker-compose.traefik.v2x.yml
@@ -9,9 +9,13 @@ services:
     ports:
       # The HTTP port
       - "80:80"
+      # The HTTPS Port
+      - "443:443"
       # The Web UI (enabled by --api.insecure=true)
       - "8080:8080"
     volumes:
       # So that Traefik can listen to the Docker events
       - /var/run/docker.sock:/var/run/docker.sock
+      - /docker/traefik_v2x/config/traefik.toml:/etc/traefik/traefik.toml
+      - /docker/traefik_v2x/config/acme.json:/acme.json
       
\ No newline at end of file