Question 84865 in Docker Question posted in
The official documentation can be found here.

Traefik yml acme email value from environment variables – Docker

I use a compose file with two services (Python app & Traefik), in the docker file I load all the environment variables.

For Traefik I use a YML file to define the services, In that YML file I have a node for certificateResolvers, that node looks like this:

certificatesResolvers:
  letsencrypt:
    acme:
      email: "[email protected]"
      storage: /etc/traefik/acme/acme.json
      httpChallenge:
        entryPoint: web

I want to set the email from a environment variable so the YML file should looks like this:

certificatesResolvers:
  letsencrypt:
    acme:
      email: '{{env "USER_EMAIL"}}'
      storage: /etc/traefik/acme/acme.json
      httpChallenge:
        entryPoint: web

Having the YML in this way I got this in the Logs:

level=info msg="Starting provider *acme.Provider {"email":"{{env \"USER_EMAIL\"}}","caServer":"https://acme-v02.api.letsencrypt.org/directory","storage":"/etc/traefik/acme/acme.json","keyType":"RSA4096","httpChallenge":{"entryPoint":"web"},"ResolverName":"letsencrypt","store":{},"ChallengeStore":{}}"

level=error msg="Unable to obtain ACME certificate for domains "domain.com": cannot get ACME client acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "{{env \"USER_EMAIL\"}}" is not a valid e-mail address, url: " providerName=letsencrypt.acme routerName=web-secure-router@file rule="Host(`domain.com`)"

I tried with:

email: '{{env "USER_EMAIL"}}'
email: '`{{env "USER_EMAIL"}}`'
email: "{{env 'USER_EMAIL'}}"
email: "{{env USER_EMAIL}}"

But none of those worked.

In the same YML file I have a node that looks like this:

http:
  routers:
    web-secure-router:
      rule: 'Host(`{{env "PROJECT_HOSTNAME"}}`)'

      entryPoints:
        - web-secure
      service: fastapi
      tls:
        certResolver: letsencrypt

In that section, I get the right value of the PROJECT_HOSTNAME variable, in this case domain.com as you can see in the Logs above

Tags:

2

Answers


  1. 0

    this may not be the solution, but it is a different way of doing things, you can try with:

    instead of using traefik yml, use commands in the docker compose yml;

    Example

    https://github.com/nasatome/docker-network-utils/blob/389324b6795d07684dac9bfe7dc5315bcd7eef7c/reverse-proxy/traefik/docker-compose.yml

    Another thing to try would be to use:

    ${USER_EMAIL}

    instead of

    {{env "USER_EMAIL"}}
    Login or Signup to reply.
  2. 0

    To clarify on why you cannot use your own user defined environment variable for certificatesResolvers is because this is part of the static configuration, whereas the http is part of the dynamic configuration (where you can use your own like PROJECT_HOSTNAME)

    You can still use TRAEFIK Environment variables to set the email for your certificate resolver with the variable TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EMAIL.

    I haven’t tested this myself, but I think the following should do the trick:

    services:
  traefik:
    environment:
       TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: ${USER_EMAIL}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search