use LE dns challenge in development

opencrvs · Jan 24, 2024 · 917b91c · 917b91c
1 parent 3dd2fc4
commit 917b91c
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
@@ -125,6 +125,7 @@ jobs:
           SUPER_USER_PASSWORD: ${{ secrets.SUPER_USER_PASSWORD }}
           CONTENT_SECURITY_POLICY_WILDCARD: ${{ vars.CONTENT_SECURITY_POLICY_WILDCARD }}
           SSH_ARGS: ${{ vars.SSH_ARGS }}
+          GOOGLE_DOMAINS_ACCESS_TOKEN: ${{ secrets.GOOGLE_DOMAINS_ACCESS_TOKEN }}
         run: |
           cd ./${{ github.event.repository.name }}
           yarn deploy \

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -130,6 +130,7 @@ jobs:
           SUPER_USER_PASSWORD: ${{ secrets.SUPER_USER_PASSWORD }}
           SSH_ARGS: ${{ vars.SSH_ARGS }}
           CONTENT_SECURITY_POLICY_WILDCARD: ${{ vars.CONTENT_SECURITY_POLICY_WILDCARD }}
+          GOOGLE_DOMAINS_ACCESS_TOKEN: ${{ secrets.GOOGLE_DOMAINS_ACCESS_TOKEN }}
         run: |
           cd ./${{ github.event.repository.name }}
           yarn deploy \

diff --git a/infrastructure/docker-compose.development-deploy.yml b/infrastructure/docker-compose.development-deploy.yml
@@ -99,3 +99,30 @@ services:
     environment:
       - QA_ENV=true
       - NODE_ENV=production
+
+  traefik:
+    image: 'traefik:v2.9'
+    environment:
+      - GOOGLE_DOMAINS_ACCESS_TOKEN=${GOOGLE_DOMAINS_ACCESS_TOKEN}
+    command:
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --providers.docker
+      - --providers.docker.swarmMode=true
+      - --api.dashboard=true
+      - --api.insecure=true
+      - --log.level=WARNING
+
+      - --certificatesresolvers.certResolver.acme.dnschallenge=true
+      - --certificatesresolvers.certResolver.acme.dnschallenge.provider=googledomains
+      - --certificatesresolvers.certResolver.acme.email=riku@opencrvs.org
+      - --certificatesresolvers.certResolver.acme.storage=acme.json
+
+      - --entrypoints.web.http.redirections.entryPoint.to=websecure
+      - --entrypoints.web.http.redirections.entryPoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --serverstransport.insecureskipverify=true
+      - --entrypoints.websecure.address=:443
+      - --accesslog=true
+      - --accesslog.format=json
+      - --ping=true