DNS ACME resolution

services/reverse-proxy/configs/dynamic/tls.yml

@@ -1,6 +1,6 @@
 tls:
   stores:
     default:
-      defaultCertificate:
-        certFile: /run/secrets/traefik_tls_cert
-        keyFile: /run/secrets/traefik_tls_key
+      defaultGeneratedCert:
+        resolver: defaultResolver
+        domain:

services/reverse-proxy/configs/traefik.yml

@@ -13,6 +13,15 @@ serverstransport:
 api: {}
 accessLog: {}
 
+certificatesResolvers:
+  defaultResolver:
+    acme:
+      email: {{ env `NASCOMPOSE_TRAEFIK_ADMIN_EMAIL` }}
+      storage: acme.json
+      dnsChallenge:
+        provider: cloudflare
+      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
+
 entryPoints:
   web:
     address: :80

services/reverse-proxy/docker-compose.yml

@@ -6,15 +6,18 @@ services:
     image: traefik
     environment:
       NASCOMPOSE_TRAEFIK_DOMAINS: ${NASCOMPOSE_TRAEFIK_DOMAINS?}
+      NASCOMPOSE_TRAEFIK_ADMIN_EMAIL: ${NASCOMPOSE_TRAEFIK_ADMIN_EMAIL?}
+      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_dns_token
     networks:
       - reverse-proxy
       - docker
     volumes:
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_acme:/etc/traefik/acme
       # Config
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/:/etc/traefik:ro
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/traefik.yml:/etc/traefik/traefik.yml:ro
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic:/etc/traefik/dynamic:ro
       # Secrets
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/traefik.cert:/run/secrets/traefik_tls_cert:ro
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/traefik.key:/run/secrets/traefik_tls_key:ro
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/cf_dns_token:/run/secrets/cf_dns_token:ro
     restart: unless-stopped
     labels:
       traefik.enable: true