# This is an example how to pass acme challenges to a backend of a particular domain while
# all other acme challenges are solved by traefik
# Tested with traefik 1.7.7

# How it works:
# - an entry point listens at 81 which is used for traefik's acme. This port is not exposed
# - a default rule for /.well-known/acme-challenge/ is added for the http entry point. It has a priority of 1000
#   and forwards acme requests to localhost:81 where traefik accepts acme challenges
# - for a particular domain, a rule with higher priority is added, so this domain's acme challenges are not sent to
#   traefik

# Note: to make traefik issue certs automatically (via onHostRule), it is necessary that the rule is bound to the "acme"
#       entrypoint (see https://github.com/containous/traefik/issues/3918)

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.acme]
  address = ":81"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[acme]

email = "test@traefik.io"
storage = "acme.json"
entryPoint = "https"

[acme.httpChallenge]
  entryPoint = "acme"

[file]

[backends]

  [backends.acme]

    [backends.acme.servers]
      [backends.acme.servers.server0]
        url = "http://127.0.0.1:81/"

  [backends.backend1]

    [backends.backend1.servers]
      [backends.backend1.servers.server0]
        url = "https://ifconfig.io/"


[frontends]

  [frontends.acme]
    entryPoints = ["http"]
    backend = "acme"
    passHostHeader = true
    priority = 1000

    [frontends.acme.routes]
      [frontends.acme.routes.route0]
        rule = "PathPrefix:/.well-known/acme-challenge/"

  [frontends.frontend1]
    entryPoints = ["http"]
    backend = "backend1"
    passHostHeader = false
    priority = 1001

    [frontends.frontend1.routes]
      [frontends.frontend1.routes.route0]
        rule = "Host:127.0.0.1.xip.io"
        priority = 1001