search

coollabsio / coolify

An open-source & self-hostable Heroku / Netlify / Vercel alternative.
https://coolify.io
Apache License 2.0
34.62k stars 1.89k forks source link

[Bug]: Wildcard certificate not working #4360

Open geovanygameros opened 15 hours ago

geovanygameros commented 15 hours ago

Error Message and Logs

I've been following this documentation to set up a wildcard domain for one application with no success.

What I want to achieve is the following setup for a SaaS application:

Image

I have several projects with a defined domain and they are working fine. However, I want all the rest subdomains to be sent to App 3

Steps to Reproduce

I set up a wildcard A DNS record in Cloudflare pointing to my server's IP address (*.mydomain.com)

Based on your documentation, I ended up with a proxy file like this:

networks:
  coolify:
    external: true
services:
  traefik:
    container_name: coolify-proxy
    image: 'traefik:v3.1'
    restart: unless-stopped
    environment:
      - CLOUDFLARE_API_KEY=xxx
      - CLOUDFLARE_DNS_API_TOKEN=xxx
      - CLOUDFLARE_EMAIL=xxx
      - CLOUDFLARE_ZONE_API_TOKEN=xxx
    extra_hosts:
      - 'host.docker.internal:host-gateway'
    networks:
      - coolify
    ports:
      - '80:80'
      - '443:443'
      - '443:443/udp'
      - '8080:8080'
    healthcheck:
      test: 'wget -qO- http://localhost:80/ping || exit 1'
      interval: 4s
      timeout: 2s
      retries: 5
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - '/data/coolify/proxy:/traefik'
    command:
      - '--ping=true'
      - '--ping.entrypoint=http'
      - '--api.dashboard=true'
      - '--api.insecure=false'
      - '--entrypoints.http.address=:80'
      - '--entrypoints.https.address=:443'
      - '--entrypoints.http.http.encodequerysemicolons=true'
      - '--entryPoints.http.http2.maxConcurrentStreams=50'
      - '--entrypoints.https.http.encodequerysemicolons=true'
      - '--entryPoints.https.http2.maxConcurrentStreams=50'
      - '--entrypoints.https.http3'
      - '--providers.docker.exposedbydefault=false'
      - '--providers.file.directory=/traefik/dynamic/'
      - '--providers.file.watch=true'
      - '--certificatesresolvers.letsencrypt.acme.httpchallenge=true'
      - '--certificatesresolvers.letsencrypt.acme.dnschallenge=true'
      - '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json'
      - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http'
      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare'
      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0'
      - '--providers.docker=true'
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=http
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.services.traefik.loadbalancer.server.port=8080
      - traefik.http.routers.traefik.tls.domains[0].main=mydomain.com
      - traefik.http.routers.traefik.tls.domains[0].sans=*.mydomain.com
      - coolify.managed=true
      - coolify.proxy=true

Then in my application's container labels, I'm following the "SaaS" instructions. So I have something like this:

traefik.enable=true
traefik.http.routers.my-app-3-router.rule=HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.mydomain.com`)
traefik.http.routers.my-app-3-router.entryPoints=https
traefik.http.routers.my-app-3-router.middlewares=gzip
traefik.http.routers.my-app-3-router.service=my-app-3-service
traefik.http.services.my-app-3-service.loadbalancer.server.port=3000
traefik.http.routers.my-app-3-router.tls=true
traefik.http.routers.my-app-3-router.tls.certresolver=letsencrypt
traefik.http.routers.my-app-3-router.rule=HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.mydomain.com`)
traefik.http.routers.my-app-3-router.entryPoints=http
traefik.http.routers.my-app-3-router.middlewares=redirect-to-https

Then after restarting the proxy and my app, I get the following error when I go to any subdomain. E.g. customer1.mydomain.com (for the subdomains that are explicitly defined like "App 1" "App 2", they work fine)

Image

Am I missing something?

Example Repository URL

No response

Coolify Version

v4.0.0-beta.370

Are you using Coolify Cloud?

No (self-hosted)

Operating System and Version (self-hosted)

Ubuntu 24.04.1 LTS

Additional Information

I saw these similar discussions but none of them have a clear answer:

djsisson commented 3 hours ago

@geovanygameros that syntax for regexp is for version 2 of traefik

for v3, you can replace with either:

HostRegexp(`.+`)

or

HostRegexp(`^.+\.domain\.com$`)
geovanygameros commented 37 minutes ago

Hey @djsisson, thanks for the answer. I updated my app's container labels with:

HostRegexp(`.+`)

also with:

HostRegexp(`^.+\.mydomain\.com$`)

And restarted the app and proxy, but I still have the same issue.

Also, I'm doing all these updates on the Coolify UI. I don't know if this has any influence

djsisson commented 21 minutes ago

@geovanygameros can you paste your proxy logs:

docxker logs coolify-proxy