iosifnicolae2 · July 31, 2023 17:33
diff --git a/deploy-rancher-with-letsencrypt-cloudconfig.yaml b/deploy-rancher-with-letsencrypt-cloudconfig.yaml
 #cloud-config
 "apt":
  "sources":
    "docker.list":
      "keyid": "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
      "source": "deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE
        stable"
 "package_update": true
 "packages":
  - qemu-guest-agent
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg-agent
  - software-properties-common
  - docker-ce
  - docker-ce-cli
  - containerd.io
  - docker-compose
 "runcmd":
  - systemctl enable --now qemu-guest-agent.service
  - cd /root/ && docker-compose up -d
 "ssh_authorized_keys":
  - >
    YOUR_PUBLIC_KEY_HERE
 "system_info":
  "default_user":
    "groups":
      - "docker"
 "write_files":
  - "content": "net.ipv4.conf.all.forwarding=1"
    "path": "/etc/sysctl.d/enabled_ipv4_forwarding.conf"
  - "content": |
      ROOT_DOMAIN_NAME=XXXXXX
      DOMAIN_NAME=main-rancher.XXXXXXX
      LETSENCRYPT_EMAIL=XXXX@XXXX
      CF_DNS_API_TOKEN=XXXXXXXXXX
    "path": "/root/.env"
  - "content": |
      "services":
        "rancher":
          "command": "--no-cacerts"
          "container_name": "rancher"
          "hostname": "rancher"
          "image": "rancher/rancher:stable"
          "labels":
          - "traefik.enable=true"
          - "traefik.http.routers.rancher.rule=Host(`$DOMAIN_NAME`)"
          - "traefik.http.middlewares.rancher-behind-proxy.headers.customrequestheaders.X-Forwarded-Proto=https"
          - "traefik.http.routers.rancher.entrypoints=https"
          - "traefik.http.routers.rancher.service=rancher"
          - "traefik.http.routers.rancher.tls=true"
          - "traefik.http.routers.rancher.tls.certresolver=letsencrypt"
          - "traefik.http.routers.rancher.tls.domains[0].main=${ROOT_DOMAIN_NAME}"
          - "traefik.http.routers.rancher.tls.domains[0].sans=*.${ROOT_DOMAIN_NAME}"
          - "traefik.http.routers.rancher.middlewares=rancher-behind-proxy"
          - "traefik.http.services.rancher.loadbalancer.server.port=80"
          "privileged": true
          "restart": "always"
          "volumes":
          - "/opt/rancher:/var/lib/rancher"
        "traefik":
          "command":
          - "--entrypoints.http.address=:80"
          - "--entrypoints.https.address=:443"
          - "--providers.docker=true"
          - "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
          - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
          - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
          - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
          - "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0"
          - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
          "container_name": "traefik"
          "env_file":
          - ".env"
          "hostname": "traefik"
          "image": "traefik:latest"
          "ports":
          - "80:80"
          - "443:443"
          "restart": "unless-stopped"
          "volumes":
          - "/var/run/docker.sock:/var/run/docker.sock:ro"
          - "/opt/letsencrypt:/letsencrypt"
      "version": "3"
    "path": "/root/docker-compose.yml"
	#cloud-config
	"apt":
	"sources":
	"docker.list":
	"keyid": "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
	"source": "deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE
	stable"
	"package_update": true
	"packages":
	- qemu-guest-agent
	- apt-transport-https
	- ca-certificates
	- curl
	- gnupg-agent
	- software-properties-common
	- docker-ce
	- docker-ce-cli
	- containerd.io
	- docker-compose
	"runcmd":
	- systemctl enable --now qemu-guest-agent.service
	- cd /root/ && docker-compose up -d
	"ssh_authorized_keys":
	- >
	YOUR_PUBLIC_KEY_HERE
	"system_info":
	"default_user":
	"groups":
	- "docker"
	"write_files":
	- "content": "net.ipv4.conf.all.forwarding=1"
	"path": "/etc/sysctl.d/enabled_ipv4_forwarding.conf"
	- "content": \|
	ROOT_DOMAIN_NAME=XXXXXX
	DOMAIN_NAME=main-rancher.XXXXXXX
	LETSENCRYPT_EMAIL=XXXX@XXXX
	CF_DNS_API_TOKEN=XXXXXXXXXX
	"path": "/root/.env"
	- "content": \|
	"services":
	"rancher":
	"command": "--no-cacerts"
	"container_name": "rancher"
	"hostname": "rancher"
	"image": "rancher/rancher:stable"
	"labels":
	- "traefik.enable=true"
	- "traefik.http.routers.rancher.rule=Host(`$DOMAIN_NAME`)"
	- "traefik.http.middlewares.rancher-behind-proxy.headers.customrequestheaders.X-Forwarded-Proto=https"
	- "traefik.http.routers.rancher.entrypoints=https"
	- "traefik.http.routers.rancher.service=rancher"
	- "traefik.http.routers.rancher.tls=true"
	- "traefik.http.routers.rancher.tls.certresolver=letsencrypt"
	- "traefik.http.routers.rancher.tls.domains[0].main=${ROOT_DOMAIN_NAME}"
	- "traefik.http.routers.rancher.tls.domains[0].sans=*.${ROOT_DOMAIN_NAME}"
	- "traefik.http.routers.rancher.middlewares=rancher-behind-proxy"
	- "traefik.http.services.rancher.loadbalancer.server.port=80"
	"privileged": true
	"restart": "always"
	"volumes":
	- "/opt/rancher:/var/lib/rancher"
	"traefik":
	"command":
	- "--entrypoints.http.address=:80"
	- "--entrypoints.https.address=:443"
	- "--providers.docker=true"
	- "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
	- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
	- "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
	- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
	- "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0"
	- "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
	"container_name": "traefik"
	"env_file":
	- ".env"
	"hostname": "traefik"
	"image": "traefik:latest"
	"ports":
	- "80:80"
	- "443:443"
	"restart": "unless-stopped"
	"volumes":
	- "/var/run/docker.sock:/var/run/docker.sock:ro"
	- "/opt/letsencrypt:/letsencrypt"
	"version": "3"
	"path": "/root/docker-compose.yml"