From c9fed73d51112b2174143d5f0880227696d04af4 Mon Sep 17 00:00:00 2001
From: whitney <whitney.server@gmail.com>
Date: Tue, 11 Apr 2023 22:25:49 +0000
Subject: [PATCH] Fix traefik issues with certs and update notes.

---
 traefik/README.md            | 19 +++++++++++++++++++
 traefik/docker-compose.yml   | 26 +++++++++++++-------------
 traefik/traefik-BLANKED.toml |  2 +-
 3 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/traefik/README.md b/traefik/README.md
index 8e6bad4..679cd25 100644
--- a/traefik/README.md
+++ b/traefik/README.md
@@ -8,6 +8,25 @@ For setup I followed this official Traefik tutorial: https://doc.traefik.io/trae
 
 GENERAL NOTE: Don't restart the container that often because it issues Let'sEncrypt challenges that can get you rate limited quickly. (1hr cooldown)
 
+## GENERAL REMINDERS
+
+There is some funkiness with Traefik's acme.json file. The container is supposed to create it and manage it but due to docker linking of files and folders this gets mixed up.
+
+Reading the logs can help you understand, need to look backward from the cert resolver that i've called lets-encrypt.
+
+To make Traefik correctly populate the acme.json do the following:
+
+1. create acme.json yourself.
+
+2. Make sure the mount in docker works with the definition of the certresolver in traefik.toml.
+
+I found that we needed to have a full path (or at least a path that contained a folder, so that traefik didn't get confused and think that acme.json was a folder.
+
+3. Give the acme.json file specific permissions (600) e.g. `chmod 600 acme.json`
+
+4. Run docker-compose, does not require you to be root.
+
+
 ### Baby Steps Setup
 
 ##### Step 1
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
index 46cefa3..0528c4c 100644
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@@ -1,4 +1,4 @@
-version: "3.3"
+version: "3"
 
 networks:
   traefik-network:
@@ -6,24 +6,24 @@ networks:
 services:
 
   traefik:
-    image: "traefik:v2.9"
-    container_name: "traefik"
-    restart: always
+    image: traefik:v2.9
+    container_name: traefik
+    #restart: always
     networks:
       - traefik-network
     ports:
-      - "80:80"
-      - "8080:8080"
-      - "443:443"
+      - 80:80
+      - 8080:8080
+      - 443:443
     volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
-      - "./traefik.toml:/etc/traefik/traefik.toml"
-      - "./traefik-dynamic.toml:/etc/traefik/dynamic/traefik-dynamic.toml"
-      - "./acme.json:/acme.json"
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik.toml:/etc/traefik/traefik.toml
+      - ./traefik-dynamic.toml:/etc/traefik/dynamic/traefik-dynamic.toml
+      - ./acme.json:/etc/acme.json
 
   whoami:
-    image: "traefik/whoami"
-    container_name: "whoami_traefik"
+    image: traefik/whoami
+    container_name: whoami_traefik
     networks:
       - traefik-network
     labels:
diff --git a/traefik/traefik-BLANKED.toml b/traefik/traefik-BLANKED.toml
index 96b55c6..3013517 100644
--- a/traefik/traefik-BLANKED.toml
+++ b/traefik/traefik-BLANKED.toml
@@ -20,7 +20,7 @@
 
 [certificatesResolvers.lets-encrypt.acme]
   email = "runyanjake@gmail.com"
-  storage = "acme.json"
+  storage = "/etc/acme.json"
   [certificatesResolvers.lets-encrypt.acme.tlsChallenge]
 
 [providers]