From 9ff5a1ccfbabd1085418a3a89ffda6ed64c3b70c Mon Sep 17 00:00:00 2001
From: Revant Nandgaonkar <revant.one@gmail.com>
Date: Tue, 31 Jan 2023 15:53:33 +0530
Subject: [PATCH] fix: traefik router for acme certs

---
 docs/setup-options.md        | 4 ++++
 example.env                  | 5 +++++
 overrides/compose.https.yaml | 2 +-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/docs/setup-options.md b/docs/setup-options.md
index 41693e4c..1d2dd72f 100644
--- a/docs/setup-options.md
+++ b/docs/setup-options.md
@@ -68,6 +68,8 @@ docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -
 
 ### Setup Frappe using containerized MariaDB and Redis with Letsencrypt certificates.
 
+In this case make sure you've set `LETSENCRYPT_EMAIL` and `SITES` environment variables are set or certificates won't work.
+
 ```sh
 # Generate YAML
 docker compose -f compose.yaml \
@@ -82,6 +84,8 @@ docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -
 
 ### Setup ERPNext using containerized MariaDB and Redis with Letsencrypt certificates.
 
+In this case make sure you've set `LETSENCRYPT_EMAIL` and `SITES` environment variables are set or certificates won't work.
+
 ```sh
 # Generate YAML
 docker compose -f compose.yaml \
diff --git a/example.env b/example.env
index 4fc1675d..743d43a8 100644
--- a/example.env
+++ b/example.env
@@ -43,3 +43,8 @@ PROXY_READ_TIMOUT=
 # All Values allowed by nginx client_max_body_size are allowed, default value is 50m
 # Necessary if the upload limit in the frappe application is increased
 CLIENT_MAX_BODY_SIZE=
+
+# List of sites for letsencrypt certificates quoted with backtick (`) and separated by comma (,)
+# More https://doc.traefik.io/traefik/routing/routers/#rule
+# About acme https://doc.traefik.io/traefik/https/acme/#domain-definition
+SITES=
diff --git a/overrides/compose.https.yaml b/overrides/compose.https.yaml
index d71ff9b2..a34e2d3c 100644
--- a/overrides/compose.https.yaml
+++ b/overrides/compose.https.yaml
@@ -5,7 +5,7 @@ services:
       - traefik.http.services.frontend.loadbalancer.server.port=8080
       - traefik.http.routers.frontend-http.entrypoints=websecure
       - traefik.http.routers.frontend-http.tls.certresolver=main-resolver
-      - traefik.http.routers.frontend-http.rule=HostRegexp(`{any:.+}`)
+      - traefik.http.routers.frontend-http.rule=Host(${SITES:?List of sites not set})
 
   proxy:
     image: traefik:2.5