I am using vxcontrol/rancher-letsencrypt:v1.0.0
to provision SSL certificates and it is only working for a single domain. I would like to set up app.domain.com, other1.domain.com
etc but only app.domain.com
works
I cannot see anything in the github documentation and it is not obvious what to do.
My docker-compose.yml
version: '2'
services:
FrontFacingLB:
image: rancher/lb-service-haproxy:v0.7.9
ports:
- 80:80/tcp
labels:
io.rancher.container.agent.role: environmentAdmin
io.rancher.container.create_agent: 'true'
letsEncryptMyAppAcmeV2:
image: vxcontrol/rancher-letsencrypt:v1.0.0
environment:
API_VERSION: Production
AURORA_ENDPOINT: ''
AURORA_KEY: ''
AURORA_USER_ID: ''
AWS_ACCESS_KEY: ''
AWS_SECRET_KEY: ''
AZURE_CLIENT_ID: ''
AZURE_CLIENT_SECRET: ''
AZURE_RESOURCE_GROUP: ''
AZURE_SUBSCRIPTION_ID: ''
AZURE_TENANT_ID: ''
CERT_NAME: app.domain.com
CLOUDFLARE_EMAIL: ''
CLOUDFLARE_KEY: ''
DNSIMPLE_EMAIL: ''
DNSIMPLE_KEY: ''
DNS_RESOLVERS: 8.8.8.8:53,8.8.4.4:53
DOMAINS: app.domain.com
DO_ACCESS_TOKEN: ''
DYN_CUSTOMER_NAME: ''
DYN_PASSWORD: ''
DYN_USER_NAME: ''
EMAIL: myuser@domain.com
EULA: 'Yes'
GANDI_API_KEY: ''
NS1_API_KEY: ''
OVH_APPLICATION_KEY: ''
OVH_APPLICATION_SECRET: ''
OVH_CONSUMER_KEY: ''
PROVIDER: HTTP
PUBLIC_KEY_TYPE: RSA-2048
RENEWAL_PERIOD_DAYS: '20'
RENEWAL_TIME: '12'
RUN_ONCE: 'false'
VULTR_API_KEY: ''
volumes:
- /var/lib/rancher:/var/lib/rancher
- MyAppLetsEncrypt:/etc/letsencrypt
labels:
io.rancher.container.agent.role: environment
io.rancher.container.create_agent: 'true'
io.rancher.container.pull_image: always
My rancher-composer.yml
version: '2'
services:
FrontFacingLB:
scale: 1
start_on_create: true
lb_config:
certs: []
config: |-
frontend 80
acl lepath path_beg -i /.well-known/acme-challenge
redirect scheme https code 301 if !lepath !{ ssl_fc }
port_rules:
- hostname: app.domain.com
path: /.well-known/acme-challenge
priority: 1
protocol: http
service: letsEncryptMyAppAcmeV2
source_port: 80
target_port: 80
- hostname: other.domain.com
path: /.well-known/acme-challenge
priority: 2
protocol: http
service: letsEncryptMyAppAcmeV2
source_port: 80
target_port: 80
health_check:
healthy_threshold: 2
response_timeout: 2000
port: 42
unhealthy_threshold: 3
initializing_timeout: 60000
interval: 2000
reinitializing_timeout: 60000
letsencryptOldDisabled:
scale: 1
start_on_create: true
letsEncryptMyAppAcmeV2:
scale: 1
start_on_create: true
As shown above I can add multiple port rules but only the first one is executed from docker-compose. Also in the rancher-compose I see the DOMAINS
variable and i guess i can add more domains here such as app.domain.com,other.domain.com
but then what goes in CERT_NAME as I would like these certs stored in separate identifiable setups in the volume/folder.
If you have an example where your stack handles all the domains you have or their sub domains (no wildcard with dns challenge but only ACME) then please share your suggestions.