slightly improve DNS provider integration docs

Add support for porkbun
2026-02-16 15:35:17 -08:00 · 2026-02-16 14:46:54 -08:00
13 changed files with 22 additions and 67 deletions
--- a/.env.sample
+++ b/.env.sample
@ -86,15 +86,6 @@ COMPOSE_FILE="compose.yml"
 #SECRET_PORKBUN_API_KEY_VERSION=v1
 #SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1

-## Cloudflare, htps://cloudflare.com
-## To insert your secrets:
-## abra app secret insert {myapp.example.coop} cf_email v1 "<CLOUDFLARE_EMAIL>"
-## abra app secret insert {myapp.example.coop} cf_api_key v1 "<CLOUDFLARE_API_KEY>"
-## cf_api_key is an account API key from Cloudflare that has DNS read + edit permission
-#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
-#SECRET_CLOUDFLARE_EMAIL_VERSION=v1 # generate=false
-#SECRET_CLOUDFLARE_API_KEY_VERSION=v1 # generate=false
-
 #####################################################################
 # Manual wildcard certificate insertion                             #
 #####################################################################
@ -131,10 +122,8 @@ COMPOSE_FILE="compose.yml"

 ## Enable prometheus metrics collection
 ## used used by the coop-cloud monitoring stack
-## BASIC_AUTH should also be enabled
 #COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
 #METRICS_ENABLED=1
-#METRICS_FQDN=metrics.traefik.example.com

 #####################################################################
 # File provider directory configuration                             #
--- a/README.md
+++ b/README.md
@ -5,7 +5,7 @@
 > https://docs.traefik.io

 <!-- metadata -->
-* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se), [@javielico](https://git.coopcloud.tech/javielico), [@moritz](https://git.coopcloud.tech/moritz)
+* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se), [@javielico](https://git.coopcloud.tech/javielico)
 * **Status**: `stable`
 * **Category**: Utilities
 * **Features**: ?
@ -42,8 +42,8 @@ subdomains, like
 need to give Traefik access to your DNS provider so that it can carry out
 Letsencrypt DNS challenges.

-1. Use Gandi, OVH, DO, Azure, PorkBun, or Cloudflare for DNS 🤡 (support for
-   other providers can be easily added, see
+1. Use Gandi, OVH, DO, Azure, or PorkBun for DNS 🤡 (support for other providers
+   can be easily added, see
   [the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
 2. Run `abra app config YOURAPPDOMAIN`
 3. Uncomment e.g. `ENABLE_GANDI` and the related `SECRET_.._VERSION` line, e.g.
--- a/abra.sh
+++ b/abra.sh
@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v30
-export FILE_PROVIDER_YML_VERSION=v12
+export TRAEFIK_YML_VERSION=v29
+export FILE_PROVIDER_YML_VERSION=v11
 export ENTRYPOINT_VERSION=v5
--- a/compose.anubis.yml
+++ b/compose.anubis.yml
@ -6,7 +6,7 @@ services:
      labels:
      - "traefik.http.middlewares.anubis.forwardauth.address=http://anubis:8080/.within.website/x/cmd/anubis/api/check"
  anubis:
-    image: "ghcr.io/techarohq/anubis:v1.25.0"
+    image: "ghcr.io/techarohq/anubis:v1.24.0"
    environment:
      BIND: ":8080"
      TARGET: " "
--- a/compose.cloudflare.yml
+++ b/compose.cloudflare.yml
@ -1,18 +0,0 @@
-version: "3.8"
-
-services:
-  app:
-    environment:
-      - CLOUDFLARE_EMAIL_FILE=/run/secrets/cf_email
-      - CLOUDFLARE_API_KEY_FILE=/run/secrets/cf_api_key
-    secrets:
-      - cf_email
-      - cf_api_key
-  
-secrets:
-  cf_email:
-    name: ${STACK_NAME}_cf_email_${SECRET_CLOUDFLARE_EMAIL_VERSION}
-    external: true
-  cf_api_key:
-    name: ${STACK_NAME}_cf_api_key_${SECRET_CLOUDFLARE_API_KEY_VERSION}
-    external: true
--- a/compose.garage.yml
+++ b/compose.garage.yml
@ -4,7 +4,4 @@ services:
    environment:
      - GARAGE_RPC_ENABLED
    ports:
-      - target: 3901
-        published: 3901
-        protocol: tcp
-        mode: host
+      - "3901:3901"
--- a/compose.metrics.yml
+++ b/compose.metrics.yml
@ -3,3 +3,7 @@ services:
  app:
    environment:
      - METRICS_ENABLED
+    ports:
+      - target: 8082
+        published: 8082
+        mode: host
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: "traefik:v3.6.15"
+    image: "traefik:v3.6.8"
    # Note(decentral1se): *please do not* add any additional ports here.
    # Doing so could break new installs with port conflicts. Please use
    # the usual `compose.$app.yml` approach for any additional ports
@ -55,12 +55,12 @@ services:
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.service=api@internal"
        - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=5.1.1+v3.6.15"
+        - "coop-cloud.${STACK_NAME}.version=3.10.0+v3.6.7"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"

  socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:3.2.19
+    image: lscr.io/linuxserver/socket-proxy:3.2.10-r0-ls65
    deploy:
      endpoint_mode: dnsrr
    environment:
--- a/file-provider.yml.tmpl
+++ b/file-provider.yml.tmpl
@ -30,18 +30,6 @@ http:
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: "31536000"
-  {{ if eq (env "METRICS_ENABLED") "1" }}
-  routers:
-    traefik-metrics:
-      rule: "Host(`{{ env "METRICS_FQDN" }}`)"
-      entrypoints:
-        - web-secure
-      tls:
-        certResolver: {{ env "LETS_ENCRYPT_ENV" }}
-      middlewares:
-        - basicauth@file
-      service: prometheus@internal
-  {{ end }}

 tls:
  options:
--- a/release/5.0.0+v3.6.10
+++ b/release/5.0.0+v3.6.10
@ -1,10 +0,0 @@
-/!\ BREAKING CHANGE: Change metrics endpoint to use https instead of http 8082
-                     to prevent sending BASIC_AUTH in plaintext
-
-The metrics endpoint changed from http on port 8082 to the web-secure
-endpoint to prevent sending BASIC_AUTH credentials plaintext. If metrics is
-enabled you need to configure a FQDN for it by setting METRICS_FQDN in your
-.env. You should also update the scrape config files in prometheus for
-Traefik metrics from port 8082 to the new FQDN.
-
-All changes: https://git.coopcloud.tech/coop-cloud/traefik/compare/5.0.0+v3.6.10...4.0.0+v3.6.10
--- a/release/5.1.0+v3.6.11
+++ b/release/5.1.0+v3.6.11
@ -1 +0,0 @@
-Patched CVES: CVE-2026-32595 and CVE-2026-32305
--- a/release/4.0.0+v3.6.10
+++ b/release/4.0.0+v3.6.10
--- a/traefik.yml.tmpl
+++ b/traefik.yml.tmpl
@ -94,6 +94,13 @@ entrypoints:
  irc:
    address: ":6697"
  {{- end }}
+  {{- if eq (env "METRICS_ENABLED") "1" }}
+  metrics:
+    address: ":8082"
+    http:
+      middlewares:
+        - basicauth@file
+  {{- end }}
  {{- if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
  matrix-federation:
    address: ":9001"
@ -115,8 +122,7 @@ ping:
 {{- if eq (env "METRICS_ENABLED") "1" }}
 metrics:
  prometheus:
-    entryPoint: web-secure
-    manualRouting: true
+    entryPoint: metrics
    addRoutersLabels: true
    addServicesLabels: true
 {{- end }}
Author	SHA1	Message	Date
Patrick Melanson	4e7ed0fcee	slightly improve DNS provider integration docs Some checks failed continuous-integration/drone/pr Build is failing Details	2026-02-16 15:35:17 -08:00
Patrick Melanson	c6bfe41c94	Add support for porkbun Some checks failed continuous-integration/drone/pr Build is failing Details	2026-02-16 14:46:54 -08:00
				`@ -1 +0,0 @@`
				`Patched CVES: CVE-2026-32595 and CVE-2026-32305`