muffintopking_ Posts - Answer Overflow

muffintopking_

•Created by muffintopking_ on 10/22/2024 in #🙋🏼・help

Configuring dnsChallenge using RFC2136 as a provider

I followed the steps here https://runtipi.io/docs/guides/dns-challenge-cloudflare and https://runtipi.io/docs/guides/customize-compose-and-traefik to make modifications to the docker compose & traefik configs. I deleted traefik/tls/* and traefik/shared/acme.json, then restarted runtipi, and the files were regenerated. However, it regenerated a self-signed certificate and in the UI I saw an error about trying to request a certificate from Let's Encrypt for the internal private IP address instead of the domain name. I added this to user-data/tipi-compose.yml:

services:
  runtipi-reverse-proxy:
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=rfc2136"
      - "--certificatesresolvers.myresolver.acme.email=my_email"
      - "--certificatesresolvers.myresolver.acme.storage=/shared/acme.json"
    environment:
      - "RFC2136_TSIG_KEY=mykey_name"
      - "RFC2136_TSIG_SECRET=mykey_data"
      - "RFC2136_TSIG_ALGORITHM=hmac-sha512."
      - "RFC2136_NAMESERVER=my_ns"

services:
  runtipi-reverse-proxy:
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=rfc2136"
      - "--certificatesresolvers.myresolver.acme.email=my_email"
      - "--certificatesresolvers.myresolver.acme.storage=/shared/acme.json"
    environment:
      - "RFC2136_TSIG_KEY=mykey_name"
      - "RFC2136_TSIG_SECRET=mykey_data"
      - "RFC2136_TSIG_ALGORITHM=hmac-sha512."
      - "RFC2136_NAMESERVER=my_ns"

and this to traefik/traefik.yml:

certificatesResolvers:
  myresolver:
    acme:
      email: my_email
      storage: /shared/acme.json
      dnsChallenge:
        provider: rfc2136
        resolvers:
          - "my_resolver:53"

certificatesResolvers:
  myresolver:
    acme:
      email: my_email
      storage: /shared/acme.json
      dnsChallenge:
        provider: rfc2136
        resolvers:
          - "my_resolver:53"

(I also set persistTraefikConfig to true in state/settings.json)

56 replies

Gaming

Programming