Merge pull request #467 from autonomys/update_traefik

vedhavyas · web-flow · commit c21deb251fdf · 2025-09-08T10:29:19.000+05:30
update traefik docker to use dns challenge instead of tls challenge
diff --git a/modules/network-primitives/domain_rpc_node_provisioner.tf b/modules/network-primitives/domain_rpc_node_provisioner.tf
@@ -98,7 +98,8 @@ resource "null_resource" "start_domain_rpc_nodes" {
           --node-prefix ${var.domain-rpc-node-config.rpc-nodes[count.index].domain-name} \
           --domain-id ${var.domain-rpc-node-config.rpc-nodes[count.index].domain-id} \
           --enable-reverse-proxy ${var.domain-rpc-node-config.enable-reverse-proxy} \
-		  --enable-load-balancer ${var.domain-rpc-node-config.enable-load-balancer} \
+          --enable-load-balancer ${var.domain-rpc-node-config.enable-load-balancer} \
+          --cloudflare-dns-api-token ${var.cloudflare_api_token} \
           --sync-mode ${var.domain-rpc-node-config.rpc-nodes[count.index].sync-mode} \
           --eth-cache ${var.domain-rpc-node-config.rpc-nodes[count.index].eth-cache} \
           --is-reserved ${var.domain-rpc-node-config.rpc-nodes[count.index].reserved-only}
diff --git a/modules/network-primitives/rpc_node_provisioner.tf b/modules/network-primitives/rpc_node_provisioner.tf
@@ -94,7 +94,8 @@ resource "null_resource" "start_consensus_rpc_nodes" {
           --external-ip-v6 ${aws_instance.consensus_rpc_nodes[count.index].ipv6_addresses[0]} \
           --node-prefix ${var.consensus-rpc-node-config.dns-prefix} \
           --enable-reverse-proxy ${var.consensus-rpc-node-config.enable-reverse-proxy} \
-		  --enable-load-balancer ${var.consensus-rpc-node-config.enable-load-balancer} \
+          --enable-load-balancer ${var.consensus-rpc-node-config.enable-load-balancer} \
+          --cloudflare-dns-api-token ${var.cloudflare_api_token} \
           --sync-mode ${var.consensus-rpc-node-config.rpc-nodes[count.index].sync-mode} \
           --is-reserved ${var.consensus-rpc-node-config.rpc-nodes[count.index].reserved-only}
 
diff --git a/modules/node-utils/src/cli.rs b/modules/node-utils/src/cli.rs
@@ -100,6 +100,8 @@ pub struct RpcParams {
     pub common: CommonParams,
     #[arg(long, required = true)]
     pub node_prefix: String,
+    #[arg(long, required = true)]
+    pub cloudflare_dns_api_token: String,
     #[arg(
         long,
         required = true,
@@ -136,6 +138,8 @@ pub struct DomainCommonParams {
 pub struct DomainRpcParams {
     #[clap(flatten)]
     pub common: DomainCommonParams,
+    #[arg(long, required = true)]
+    pub cloudflare_dns_api_token: String,
     #[arg(
         long,
         required = true,
diff --git a/modules/node-utils/src/templates/docker-compose.hbs b/modules/node-utils/src/templates/docker-compose.hbs
@@ -63,10 +63,12 @@ services:
             - --providers.docker.exposedbydefault=false
             - --certificatesresolvers.le.acme.email=alerts@subspace.network
             - --certificatesresolvers.le.acme.storage=/acme.json
-            - --certificatesresolvers.le.acme.tlschallenge=true
-            - "traefik.docker.network=node"
+            - --certificatesresolvers.le.acme.dnschallenge=true
+            - --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
         networks:
             - node
+        environment:
+            CF_DNS_API_TOKEN: "{{rpc_node.cloudflare_dns_api_token}}"
         ports:
             - 80:80
             - 443:443
@@ -182,7 +184,6 @@ services:
             - "traefik.http.routers.node.middlewares=redirect-https,rate-limit"
             - "traefik.http.middlewares.redirect-https.redirectscheme.scheme=https"
             - "traefik.http.middlewares.redirect-https.redirectscheme.permanent=true"
-            - "traefik.docker.network=node"
             - "traefik.http.middlewares.rate-limit.ratelimit.average=200"
             - "traefik.http.middlewares.rate-limit.ratelimit.burst=300"
             - "traefik.http.middlewares.rate-limit.ratelimit.period=1s"
diff --git a/modules/node-utils/src/types.rs b/modules/node-utils/src/types.rs
@@ -65,6 +65,7 @@ pub struct RpcNode {
     pub is_domain: bool,
     pub enable_reverse_proxy: bool,
     pub enable_load_balancer: bool,
+    pub cloudflare_dns_api_token: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
@@ -231,6 +232,7 @@ impl ComposeTemplateData {
             is_domain: false,
             enable_reverse_proxy: node_params.enable_reverse_proxy,
             enable_load_balancer: node_params.enable_load_balancer,
+            cloudflare_dns_api_token: node_params.cloudflare_dns_api_token,
         });
         data
     }
@@ -302,6 +304,7 @@ impl ComposeTemplateData {
             is_domain: true,
             enable_reverse_proxy: node_params.enable_reverse_proxy,
             enable_load_balancer: node_params.enable_load_balancer,
+            cloudflare_dns_api_token: node_params.cloudflare_dns_api_token,
         });
         let mut domain_data = data.domain_node.take().unwrap();
         domain_data.eth_cache = node_params.eth_cache;
