From f520e4f25f8225ee468eead398b29de8dc65aa78 Mon Sep 17 00:00:00 2001
From: Richard Attermeyer <richard.attermeyer@gmail.com>
Date: Mon, 27 Nov 2023 20:04:27 +0000
Subject: [PATCH] WIP: with original letsencrypt

---
 infrastructure/docker-compose.yml  |  9 +++++++--
 infrastructure/traefik/traefik.yml | 13 +++++++++++--
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/infrastructure/docker-compose.yml b/infrastructure/docker-compose.yml
index 35e9e24..9bc0423 100644
--- a/infrastructure/docker-compose.yml
+++ b/infrastructure/docker-compose.yml
@@ -29,6 +29,9 @@ services:
     # using network mode host allows traefik access to all "docker networks"
     # otherwise traefik needs to be part of any network defined
     network_mode: host
+    command:
+      - "--certificatesresolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.letsencrypt.acme.email=richard.attermeyer@gmail.com"
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "./traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
@@ -38,6 +41,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOST}`)"
       - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
       - "traefik.http.routers.dashboard.entrypoints=https"
       - "traefik.http.routers.dashboard.service=api@internal"
       - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
@@ -48,7 +52,6 @@ services:
     networks:
       - proxy
     ports:
-      - "1080:1080"
       - "1025:1025"
     labels:
       - "traefik.enable=true"
@@ -95,6 +98,7 @@ services:
       - "traefik.http.routers.forgejo.rule=Host(`${FORGEJO_HOST}`)"
       - "traefik.http.routers.forgejo.entrypoints=https"
       - "traefik.http.routers.forgejo.tls=true"
+      - "traefik.http.routers.forgejo.tls.certresolver=letsencrypt"
       - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
       - "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)"
       - "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh"
@@ -140,6 +144,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.woodpecker.rule=Host(`${WOODPECKER_HOST}`)"
       - "traefik.http.routers.woodpecker.tls=true"
+      - "traefik.http.routers.woodpecker.tls.certresolver=letsencrypt"
       - "traefik.http.routers.woodpecker.entrypoints=https"
       - "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
 
@@ -192,7 +197,7 @@ services:
       - "traefik.http.routers.regui.entrypoints=https"
       - "traefik.http.services.regui.loadbalancer.passhostheader=true"
   mvn-registry:
-    image: ghcr.io/dzikoysk/reposilite:3.4.10
+    image: ghcr.io/dzikoysk/reposilite:3.5.0
     container_name: reposilite
     deploy:
       resources:
diff --git a/infrastructure/traefik/traefik.yml b/infrastructure/traefik/traefik.yml
index 63ea88e..512f982 100644
--- a/infrastructure/traefik/traefik.yml
+++ b/infrastructure/traefik/traefik.yml
@@ -6,8 +6,7 @@ api:
   dashboard: true
 
 log:
-  level: INFO
-  filePath: /var/log/traefik/traefik.log
+  level: DEBUG
 
 accessLog:
   filePath: /var/log/traefik/access.log
@@ -26,3 +25,13 @@ entryPoints:
     address: ":443"
   ssh:
     address: ":2222"
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: "richard.attermeyer@gmail.com"
+#     for Testing purposes
+#      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      storage: "acme.json"
+      httpChallenge:
+        entrypoint: http