muffintopking_
Configuring dnsChallenge using RFC2136 as a provider
As far as I can tell that did work, but it only seemed to apply to the two specific items (I'm not at my desk atm) and not to applications, but maybe I didn't test it thoroughly enough
56 replies
Configuring dnsChallenge using RFC2136 as a provider
Am I correct in my understanding that it's a simple matter of the labels being applied? It seems to me this would be more reliable than using self-signed certificates. I'm happy to submit patches configuring this as an option if someone might point me in the direction I should be looking. The dynamic compose was the only other location I could find that looked like it might be an app template. Again, looking at scrypted, it seems to inherit a predefined router vs eg. Home Assistant that has routes defined in its docker-compose
56 replies
Configuring dnsChallenge using RFC2136 as a provider
Hmm, it seems I would need to rebuild the worker package after editing
packages/worker/src/lib/docker/builders/traefik-labels-builder.ts and I'm not sure how to do that. Is it difficult?56 replies
Configuring dnsChallenge using RFC2136 as a provider
I see the router rules in
docker-compose.yml -- it seems easy enough to edit and change them to use the certresolver. Is this something I can do in user-config/tipi-compose.yml? Or does that only add statements and not overwrite them? Can I edit docker-compose.yml directly?56 replies
Configuring dnsChallenge using RFC2136 as a provider
Seems that does not work, it uses the self-signed cert unfortunately. I imagine there is some label selection rule or something I could add/change, but I'm not quite clever enough for that. Any ideas?
56 replies
Configuring dnsChallenge using RFC2136 as a provider
Right, I know you can't issue certs for .local, but with dnsChallenge I can issue certs for local use using my actual domain, which is what I want to do. I'm not actually exposing anything to the Internet. I just don't want to use runtipi.local, I want to use runtipi.example.com internally with real certs.
56 replies
Configuring dnsChallenge using RFC2136 as a provider
For example, Scrypted doesn't seem to be allowed to be exposed, so the only way to access it is https://scrypted.runtipi.local/ which uses the self-signed stuff. I want it to use my certresolver
56 replies
Configuring dnsChallenge using RFC2136 as a provider
Oh cool, that fixed it. It is working for both the main runtipi instance and the app's page. Sweet.
For reference:
In
user-config/tipi-compose.yml:
In traefik/traefik.yml:
Settings > Settings > Domain name: runtipi.example.com
Settings > Settings > Local domain: runtipi.local
My Apps > App > Settings > Domain name: app.runtipi.example.com
Thank you @Stavros!56 replies
Configuring dnsChallenge using RFC2136 as a provider
There are 3 places to set a domain name-- Settings > Settings, "Domain name" and "Local domain", and then in the App's settings after exposing it "Domain name". If I own example.com, what should the 3 values be?
56 replies
Configuring dnsChallenge using RFC2136 as a provider
I get that error when I .. "un expose" the app. When I re-expose it, looking at the logs, I think it see that it already has a certificate (self-signed) for *.mydomain.com so it doesn't need to make one for theapp.mydomain.com and never bothers to try.
56 replies