search

pullpreview / action

A GitHub Action that starts preview deployments for your pull requests and branches. It can work with any application that has a valid Docker Compose file.
https://pullpreview.com
Other
161 stars 13 forks source link

Problem with Wildward Certificats #80

Open Akecel opened 4 months ago

Akecel commented 4 months ago

We currently use pullpreview for our preview environments and it works perfectly. We've set up our Https (as well as a loadbalencer) using traefik to manage our multiple sub-domains.

However, the limitations of LetsEncrypt can be problematic so we've chosen to upgrade to a Wildcard certificate, but I seem to be getting an error with my.pullpreview.com and I can't work out where this is coming from. Here is the error in question when Traefik tries to generate the certs:

level=error msg="[.......] error: one or more domains had a problem: [*.customdomain.com] propagation: time limit exceeded: last error: dial udp: lookup ns-0.my.pullpreview.com. on 127.0.0.11:53: no such host

We use traefik and route35 as providers for the DNS Challenge : 

            # Entrypoints configuration
            - "--entrypoints.web.address=:80"
            - "--entrypoints.websecure.address=:443"

            # Let's Encrypt configuration
            - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
            - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53"
            - "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0"
            - "--certificatesresolvers.myresolver.acme.email=devs@email.fr"
            - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"

            # Set up the TLS configuration for our websecure listener
            - "--entrypoints.websecure.http.tls=true"
            - "--entrypoints.websecure.http.tls.certResolver=myresolver"
            - "--entrypoints.websecure.http.tls.domains[0].main=${PULLPREVIEW_PUBLIC_DNS}"
            - "--entrypoints.websecure.http.tls.domains[0].sans=*.${PULLPREVIEW_PUBLIC_DNS}"

And for each service (or for each sub-domain on certain services) of the docker-compose, I have this configuration :

            - "traefik.enable=true"
            - "traefik.http.routers.js-app.tls=true"
            - "traefik.http.routers.js-app.rule=Host(`app.${PULLPREVIEW_PUBLIC_DNS}`)"
            - "traefik.http.routers.js-app.entrypoints=websecure"
            - "traefik.http.routers.js-app.tls.certresolver=myresolver"
            - "traefik.http.services.js-app.loadbalancer.server.port=3000"

At first I thought it was more to do with traefik or my configuration (which is possible) but given that the error mentions my.pullpreview.com even though we're using a custom domain, it seems strange to me and I'm wondering if the pullpreview system isn't involved in this problem.

Any idea of what's going wrong here ? (or what I am doing wrong ?)

Thank you in advance if any help can be provided :D

crohr commented 4 months ago

Hi @Akecel, not sure what's going on here. It looks like something is trying to resolve the nameserver (ns-0) of my.pullpreview.com, but I don't see why, since you say you are using custom domain for your instances. Any chance to increase the Traefik logger level to see what's happening?

Akecel commented 4 months ago

Hi @crohr !

Unfortunately I'm already in debug mode:

- "--log.level=DEBUG"

Here is my complete log file if it helps to understand : traefik.log

crohr commented 2 weeks ago

@Akecel were you able to find a solution?