saltydk
commented
1 year ago example of the override
traefik_docker_commands_default:
- "--global.sendanonymoususage=false"
- "--providers.file.directory=/etc/traefik"
- "--providers.file.watch={{ traefik_file_watch }}"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.internal.address=:8080"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.forwardedheaders.trustedIPs={{ traefik_cloudflare_ips_string }}"
- "--entrypoints.web.proxyprotocol.trustedIPs={{ traefik_cloudflare_ips_string }}"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.forwardedheaders.trustedIPs={{ traefik_cloudflare_ips_string }}"
- "--entrypoints.websecure.proxyprotocol.trustedIPs={{ traefik_cloudflare_ips_string }}"
- "--entrypoints.websecure.http.tls.certResolver={{ traefik_default_certresolver }}"
- "--api.dashboard=true"
- "--api=true"
- "--log={{ traefik_log }}"
- "--log.level={{ traefik_log_level }}"
- "--log.filepath=/etc/traefik/traefik.log"
- "--accesslog={{ traefik_access_log }}"
- "--accesslog.fields.names.StartUTC=drop"
- "--accesslog.fields.headers.names.User-Agent=keep"
- "--accesslog.fields.headers.names.Content-Type=keep"
- "--accesslog.filepath=/etc/traefik/access.log"
- "--accesslog.bufferingsize={{ traefik_access_buffer }}"
- "--certificatesresolvers.cfdns.acme.dnschallenge.provider={{ traefik_challenge_provider }}"
- "--certificatesresolvers.cfdns.acme.dnschallenge.delaybeforecheck=60s"
- "--certificatesresolvers.cfdns.acme.dnschallenge.disablepropagationcheck=true"
- "--certificatesresolvers.cfdns.acme.email={{ user.email }}"
- "--certificatesresolvers.cfdns.acme.storage=/etc/traefik/acme.json"
- "--certificatesresolvers.tlsresolver.acme.tlschallenge=true"
- "--certificatesresolvers.tlsresolver.acme.email={{ user.email }}"
- "--certificatesresolvers.tlsresolver.acme.storage=/etc/traefik/acme.json"
- "--certificatesresolvers.httpresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.httpresolver.acme.email={{ user.email }}"
- "--certificatesresolvers.httpresolver.acme.storage=/etc/traefik/acme.json"
- "--certificatesresolvers.zerossl.acme.dnschallenge.provider={{ traefik_challenge_provider }}"
- "--certificatesresolvers.zerossl.acme.dnschallenge.resolvers={{ traefik_dns_resolvers }}"
- "--certificatesresolvers.zerossl.acme.email={{ user.email }}"
- "--certificatesresolvers.zerossl.acme.caserver=https://acme.zerossl.com/v2/DV90"
- "--certificatesresolvers.zerossl.acme.eab.kid={{ traefik_zerossl_kid | default('') }}"
- "--certificatesresolvers.zerossl.acme.eab.hmacencoded={{ traefik_zerossl_hmacencoded | default('') }}"
- "--certificatesresolvers.zerossl.acme.storage=/etc/traefik/acme.json"
- "--certificatesresolvers.zerosslhttp.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.zerosslhttp.acme.email={{ user.email }}"
- "--certificatesresolvers.zerosslhttp.acme.caserver=https://acme.zerossl.com/v2/DV90"
- "--certificatesresolvers.zerosslhttp.acme.eab.kid={{ traefik_zerossl_kid | default('') }}"
- "--certificatesresolvers.zerosslhttp.acme.eab.hmacencoded={{ traefik_zerossl_hmacencoded | default('') }}"
- "--certificatesresolvers.zerosslhttp.acme.storage=/etc/traefik/acme.json"
A user had a problem where the TXT lookup would fail for seemingly no explainable reason and the fix was to just send the DNS challenge to LE after a set period of time instead.
We could add a toggle for this type of behavior so that this is more easily usable rather than a massive inventory edit.