diff --git a/server/config.ts b/server/config.ts index d7c0c694..228072fb 100644 --- a/server/config.ts +++ b/server/config.ts @@ -29,6 +29,7 @@ const environmentSchema = z.object({ http_entrypoint: z.string(), https_entrypoint: z.string().optional(), cert_resolver: z.string().optional(), + prefer_wildcard_cert: z.boolean().optional(), }), gerbil: z.object({ start_port: portSchema, diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts index 81e1a9ba..221af24f 100644 --- a/server/routers/traefik/getTraefikConfig.ts +++ b/server/routers/traefik/getTraefikConfig.ts @@ -34,10 +34,6 @@ export async function traefikConfigProvider( // const baseDomain = new URL(config.app.base_url).hostname; - const tls = { - certResolver: config.traefik.cert_resolver, - }; - const http: any = { routers: {}, services: {}, @@ -68,6 +64,31 @@ export async function traefikConfigProvider( const routerName = `${target.targetId}-router`; const serviceName = `${target.targetId}-service`; + if (!resource.fullDomain) { + continue; + } + + const domainParts = resource.fullDomain.split("."); + let wildCard; + if (domainParts.length <= 2) { + wildCard = `*.${domainParts.join(".")}`; + } else { + wildCard = `*.${domainParts.slice(1).join(".")}`; + } + + const tls = { + certResolver: config.traefik.cert_resolver, + ...(config.traefik.prefer_wildcard_cert + ? { + domains: [ + { + main: wildCard + }, + ], + } + : {}), + }; + http.routers![routerName] = { entryPoints: [ target.ssl