Pulumi code for my server setup
Use wildcard TLS certificate only
+3
-5
+3
-4
src/index.ts
+3
-4
src/index.ts
···
57
57
"--entrypoints.http.address=:80",
58
58
"--entrypoints.https.address=:443",
59
59
"--entrypoints.https.http.tls=true",
60
+
"--entrypoints.https.http.tls.certresolver=cloudflare",
61
+
"--entrypoints.https.http.tls.domains[0].main=bas.sh",
62
+
"--entrypoints.https.http.tls.domains[0].sans=*.bas.sh",
60
63
"--certificatesresolvers.cloudflare.acme.dnschallenge=true",
61
64
"--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare",
62
65
"--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53",
···
65
68
"--experimental.plugins.cloudflarewarp.modulename=github.com/BetterCorp/cloudflarewarp",
66
69
"--experimental.plugins.cloudflarewarp.version=v1.3.3",
67
70
],
68
-
69
71
labels: {
70
72
"traefik.http.middlewares.httpsredirect.redirectscheme.scheme": "https",
71
73
"traefik.http.middlewares.cloudflarewarp.plugin.cloudflarewarp.disableDefault":
···
109
111
webPort: 32400,
110
112
envs: ["VERSION=latest"],
111
113
mounts: [dockerConfMount("plex"), dataMount, gitMount],
112
-
labels: {
113
-
"traefik.http.routers.plex.tls.certresolver": "cloudflare",
114
-
},
115
114
extraContainerOptions: {
116
115
networkMode: pulumi.interpolate`container:${wireguardService.container.id}`,
117
116
},
-1
src/service.ts
-1
src/service.ts
···
179
179
args.webPort.toString(),
180
180
[`traefik.http.routers.${name}.rule`]: `Host(\`${host}\`)`,
181
181
[`traefik.http.routers.${name}.entrypoints`]: "https",
182
-
[`traefik.http.routers.${name}.tls`]: "true",
183
182
[`traefik.http.routers.${name}.middlewares`]: [
184
183
"cloudflarewarp",
185
184
...(args.middlewares || []),