complete the TLS configuration

config/deploy.yml

@@ -10,9 +10,9 @@ servers:
     hosts:
       - 174.138.51.62
     labels:
-      traefik.http.routers.my_awesome_app.entrypoints: websecure
-      traefik.http.routers.my_awesome_app.rule: Host(`beta2.locomotive.works`) || Host(`beta.locomotive.works`) || Host(`demo.locomotivecms.com`) || Host(`recaptcha.nocoffee.fr`)
-      traefik.http.routers.my_awesome_app.tls.certresolver: letsencrypt
+      traefik.http.routers.staging-app.entrypoints: websecure
+      traefik.http.routers.staging-app.rule: Host(`beta2.locomotive.works`)
+      traefik.http.routers.staging-app.tls.certresolver: letsencrypt
     options:
       network: "private"
 
@@ -105,6 +105,24 @@ env:
 #     accesslog: true
 #     accesslog.format: json
 
+traefik:
+  options:
+    publish:
+      - "443:443"
+    volume:
+      - "/letsencrypt/acme.json:/letsencrypt/acme.json" # To save the configuration file.
+    network: "private"
+  args:
+    entryPoints.web.address: ":80"
+    entryPoints.websecure.address: ":443"
+    entryPoints.web.http.redirections.entryPoint.to: websecure # We want to force https
+    entryPoints.web.http.redirections.entryPoint.scheme: https
+    entryPoints.web.http.redirections.entrypoint.permanent: true
+    certificatesResolvers.letsencrypt.acme.email: "[email protected]"
+    certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" # Must match the path in `volume`
+    certificatesResolvers.letsencrypt.acme.httpchallenge: true
+    certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web
+
 # Configure a custom healthcheck (default is /up on port 3000)
 healthcheck:
   # path: /healthz