added DNS resolvers for SSL DNS challenge

(see https://docs.docker.com/compose/compose-file/#version-top-level-element)

.gitignore

@@ -1,2 +1,2 @@
-.env
+/.env*
-le-certs.json
+/certs.json

docker-compose.yml

@@ -1,5 +1,4 @@
-version: "3"
+---
-
 services:
   traefik:
     image: traefik:${TRAEFIK_VERSION}
@@ -11,11 +10,12 @@ services:
       # enable Træfik dashboard
       - --api.dashboard=true
       # configure Let's Encrypt automatic certificates
-      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.dnschallenge=true
-      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=hetzner
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.dnschallenge.provider=${TRAEFIK_DNSPROVIDER}
-      - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.dnschallenge.resolvers=${TRAEFIK_DNSRESOLVERS}
-      - --certificatesresolvers.letsencrypt.acme.keytype=RSA4096
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.email=${LETSENCRYPT_EMAIL}
-      - --certificatesresolvers.letsencrypt.acme.storage=/le-certs.json
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.keytype=RSA4096
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.storage=/certs.json
       # we listen on both HTTP and HTTPS
       - --entrypoints.http.address=:80
       - --entrypoints.https.address=:443
@@ -31,11 +31,11 @@ services:
       # should not need, but just in case, a folder for dynamic config files is also configured
       - --providers.file.directory=/config
       - --providers.file.watch=true
-    environment:
+    env_file:
-      - HETZNER_API_KEY=${HETZNER_API_KEY}
+      - ${TRAEFIK_DNSPROVIDER_ENVFILE}
     labels:
       # expose Træfik using Træfik (dashboard)
-      - traefik.enable=true
+      - traefik.enable=${TRAEFIK_ENABLED}
       # configure a global whitelist for my home
       - traefik.http.middlewares.dashboard-whitelist.ipwhitelist.sourcerange=${TRAEFIK_DASHBOARD_WHITELIST}
       # configure the global redirect middleware
@@ -57,8 +57,8 @@ services:
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.service=api@internal
       # of course, enable TLS and it's certificate provider
-      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=true
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=${TRAEFIK_TLSENABLED}
-      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=letsencrypt
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=${TRAEFIK_CERTRESOLVER}
     networks:
       - traefik
     ports:
@@ -67,7 +67,7 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./config:/config:ro
-      - ./le-certs.json:/le-certs.json
+      - ./certs.json:/certs.json
 
 networks:
   traefik:

env.dnsprovider.example

@@ -0,0 +1 @@
+HETZNER_API_KEY=

env.example

@@ -1,13 +1,19 @@
+# General environment
 TRAEFIK_VERSION=2.4
+TRAEFIK_CERTRESOLVER=letsencrypt
 TRAEFIK_CONTAINER_NAME=traefik.mydomain.com
+TRAEFIK_DASHBOARD_WHITELIST=1.2.3.4/24
+TRAEFIK_ENABLED=true
+TRAEFIK_NETWORK=traefik
 TRAEFIK_MATCHRULE=traefik.mydomain.com
 TRAEFIK_ROUTER=traefik_mydomain_com
-TRAEFIK_NETWORK=traefik-proxy
 TRAEFIK_PILOT_TOKEN=
-TRAEFIK_DASHBOARD_WHITELIST=1.2.3.4/24
+TRAEFIK_TLSENABLED=true
 
 # Certificate provider
-HETZNER_API_KEY=
+TRAEFIK_DNSPROVIDER=hetzner
+TRAEFIK_DNSPROVIDER_ENVFILE=./.env.dnsprovider
+TRAEFIK_DNSRESOLVERS=1.1.1.1:53,1.0.0.1:53
 LETSENCRYPT_EMAIL=admin@mydomain.com
 
 # Debugging