From 917b91cddf44bb744c1b2a94cb0a769f6d9418df Mon Sep 17 00:00:00 2001
From: Riku Rouvila <riku.rouvila@gmail.com>
Date: Wed, 24 Jan 2024 14:41:38 +0200
Subject: [PATCH] use LE dns challenge in development

---
 .github/workflows/deploy-prod.yml             |  1 +
 .github/workflows/deploy.yml                  |  1 +
 .../docker-compose.development-deploy.yml     | 27 +++++++++++++++++++
 3 files changed, 29 insertions(+)

diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index f38564aef..95b5aca07 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -125,6 +125,7 @@ jobs:
           SUPER_USER_PASSWORD: ${{ secrets.SUPER_USER_PASSWORD }}
           CONTENT_SECURITY_POLICY_WILDCARD: ${{ vars.CONTENT_SECURITY_POLICY_WILDCARD }}
           SSH_ARGS: ${{ vars.SSH_ARGS }}
+          GOOGLE_DOMAINS_ACCESS_TOKEN: ${{ secrets.GOOGLE_DOMAINS_ACCESS_TOKEN }}
         run: |
           cd ./${{ github.event.repository.name }}
           yarn deploy \
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index a1c3df56e..fa4d8f113 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -130,6 +130,7 @@ jobs:
           SUPER_USER_PASSWORD: ${{ secrets.SUPER_USER_PASSWORD }}
           SSH_ARGS: ${{ vars.SSH_ARGS }}
           CONTENT_SECURITY_POLICY_WILDCARD: ${{ vars.CONTENT_SECURITY_POLICY_WILDCARD }}
+          GOOGLE_DOMAINS_ACCESS_TOKEN: ${{ secrets.GOOGLE_DOMAINS_ACCESS_TOKEN }}
         run: |
           cd ./${{ github.event.repository.name }}
           yarn deploy \
diff --git a/infrastructure/docker-compose.development-deploy.yml b/infrastructure/docker-compose.development-deploy.yml
index 58cb19ef6..8b01432bd 100644
--- a/infrastructure/docker-compose.development-deploy.yml
+++ b/infrastructure/docker-compose.development-deploy.yml
@@ -99,3 +99,30 @@ services:
     environment:
       - QA_ENV=true
       - NODE_ENV=production
+
+  traefik:
+    image: 'traefik:v2.9'
+    environment:
+      - GOOGLE_DOMAINS_ACCESS_TOKEN=${GOOGLE_DOMAINS_ACCESS_TOKEN}
+    command:
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --providers.docker
+      - --providers.docker.swarmMode=true
+      - --api.dashboard=true
+      - --api.insecure=true
+      - --log.level=WARNING
+
+      - --certificatesresolvers.certResolver.acme.dnschallenge=true
+      - --certificatesresolvers.certResolver.acme.dnschallenge.provider=googledomains
+      - --certificatesresolvers.certResolver.acme.email=riku@opencrvs.org
+      - --certificatesresolvers.certResolver.acme.storage=acme.json
+
+      - --entrypoints.web.http.redirections.entryPoint.to=websecure
+      - --entrypoints.web.http.redirections.entryPoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --serverstransport.insecureskipverify=true
+      - --entrypoints.websecure.address=:443
+      - --accesslog=true
+      - --accesslog.format=json
+      - --ping=true