coop-cloud/traefik
6
1
Fork 13
Code Issues 9 Pull Requests Releases Wiki Activity

feat: add azure DNS-01 challenge support #56

Merged
decentral1se merged 5 commits from ripclap/traefik:master into master 2025-08-12 19:16:43 +00:00
Conversation 8 Commits 5 Files Changed 3 +32
ripclap commented 2025-08-12 00:21:44 +00:00
Owner
Copy Link

Added Azure DNS-01 Challenge support

Added Azure DNS-01 Challenge support
🚀 1
ripclap added 2 commits 2025-08-12 00:21:44 +00:00
Added Azure DNS 01-Challenge support f7087646b1
Added Azure DNS 01-Challenge support
Some checks failed
continuous-integration/drone/pr Build is failing
Details
c7e510fbad
ammaratef45 commented 2025-08-12 00:35:34 +00:00
Owner
Copy Link

Nice work! I'll test it locally and merge/release once I confirm it all works <3

Nice work! I'll test it locally and merge/release once I confirm it all works <3
🎉 1
ripclap added 1 commit 2025-08-12 00:38:10 +00:00
Updated TRAEFIK_YML_VERSION
Some checks failed
continuous-integration/drone/pr Build is failing
Details
2db1a03d94
ripclap added 1 commit 2025-08-12 03:28:20 +00:00
Re-trigger build
Some checks failed
continuous-integration/drone/pr Build is failing
Details
e095fa2e88
ripclap force-pushed master from e095fa2e88 to 2db1a03d94 2025-08-12 03:31:41 +00:00 Compare
decentral1se reviewed 2025-08-12 04:58:58 +00:00
decentral1se left a comment
Owner
Copy Link

Thanks for the work!

A few comments on this as I'm a bit confused on the usage of secrets/env vars and how they are being threaded through to the app. This seems to go a bit against our well established conventions. I'd invite you to check how other recipes are doing this so we can keep our approaches aligned.

Question: do AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_SUBSCRIPTION_ID and AZURE_RESOURCE_GROUP need to be secrets? They sound more like public env vars? I am not sure then you need to thread them through as secrets?

We normally use lowercase names for secrets. Also, we try to keep them short as possible to avoid secret length limits that are imposed by the runtime. So, e.g. AZURE_CLIENT_SECRET 👉 client_secret. I would also try to trim down the names below, so e.g. AZURE_SUBSCRIPTION_ID 👉 sub_id.

We normally don't put the path to the /run/secrets/... in the .env file but instead hardcode it in the compose.yml like so. This could reduce the amount of env vars you need to introduce?

compose.yml Line 50 in 2744684292
- PEERTUBE_DB_PASSWORD_FILE=/run/secrets/db_password

Thanks for the work! A few comments on this as I'm a bit confused on the usage of secrets/env vars and how they are being threaded through to the app. This seems to go a bit against our well established conventions. I'd invite you to check how other recipes are doing this so we can keep our approaches aligned. Question: do `AZURE_TENANT_ID`, `AZURE_CLIENT_ID`, `AZURE_SUBSCRIPTION_ID` and `AZURE_RESOURCE_GROUP` need to be secrets? They sound more like public env vars? I am not sure then you need to thread them through as secrets? We normally use lowercase names for secrets. Also, we try to keep them short as possible to avoid secret length limits that are imposed by the runtime. So, e.g. `AZURE_CLIENT_SECRET` 👉 `client_secret`. I would also try to trim down the names below, so e.g. `AZURE_SUBSCRIPTION_ID` 👉 `sub_id`. We normally don't put the path to the `/run/secrets/...` in the `.env` file but instead hardcode it in the `compose.yml` like so. This could reduce the amount of env vars you need to introduce? https://git.coopcloud.tech/coop-cloud/peertube/src/commit/2744684292d66053a9681ac57692b9f026863dde/compose.yml#L50
decentral1se changed title from master to feat: add azure DNS-01 challenge support 2025-08-12 05:00:29 +00:00
ripclap added 1 commit 2025-08-12 08:37:07 +00:00
azure: update code to align with established conventions
Some checks failed
continuous-integration/drone/pr Build is failing
Details
b8aa102a01
ripclap commented 2025-08-12 08:49:31 +00:00
Author
Owner
Copy Link

@decentral1se Thanks for the feedback! I’ve made the updates to match the conventions you mentioned -- the non-sensitive Azure values are now regular env vars, the /run/secrets/... path is set directly in compose.azure.yml, and the secret name is shorter and lowercase. I also added

I went with azure_secret for the client secret so it’s easier to spot when looking through secrets.

@decentral1se Thanks for the feedback! I’ve made the updates to match the conventions you mentioned -- the non-sensitive Azure values are now regular env vars, the `/run/secrets/...` path is set directly in `compose.azure.yml,` and the secret name is shorter and lowercase. I also added I went with `azure_secret` for the client secret so it’s easier to spot when looking through secrets.
❤️ 2
3wordchant commented 2025-08-12 10:20:00 +00:00
Owner
Copy Link

Amazing contribution @ripclap 👏 Thank you!

My only comment is that bumping TRAEFIK_YML_VERSION probably shouldn't be necessary, if there's no change to traefik.yml.tmpl. But I don't think it harms anything having it there.

Amazing contribution @ripclap 👏 Thank you! My only comment is that bumping `TRAEFIK_YML_VERSION` probably shouldn't be necessary, if there's no change to `traefik.yml.tmpl`. But I don't think it harms anything having it there.
👍 2
decentral1se reviewed 2025-08-12 10:44:40 +00:00
decentral1se left a comment
Owner
Copy Link

Amazing, thanks @ripclap! Pending 3wcs point on #56 (comment) this LGTM!

Amazing, thanks @ripclap! Pending 3wcs point on https://git.coopcloud.tech/coop-cloud/traefik/pulls/56#issuecomment-25614 this LGTM!
ripclap added 1 commit 2025-08-12 16:45:26 +00:00
Revert "Updated TRAEFIK_YML_VERSION"
Some checks failed
continuous-integration/drone/pr Build is failing
Details
445feab87c 
This reverts commit 2db1a03d94.
decentral1se approved these changes 2025-08-12 19:16:36 +00:00
decentral1se merged commit b8303290de into master 2025-08-12 19:16:43 +00:00
decentral1se commented 2025-08-12 19:18:39 +00:00
Owner
Copy Link

Oh sorry @ammaratef45, forgot to hold off on clicking the button as you mentioned you would sort it in #56 (comment). Thanks again @ripclap 👏 If you're interested in getting more involved and holding the commit bit (read/write on coop-cloud repos), come find us in the matrix chat!

Oh sorry @ammaratef45, forgot to hold off on clicking the button as you mentioned you would sort it in https://git.coopcloud.tech/coop-cloud/traefik/pulls/56#issuecomment-25590. Thanks again @ripclap 👏 If you're interested in getting more involved and holding the commit bit (read/write on coop-cloud repos), come find us in the matrix chat!
ripclap commented 2025-08-12 20:09:07 +00:00
Author
Owner
Copy Link

Oh sorry @ammaratef45, forgot to hold off on clicking the button as you mentioned you would sort it in #56 (comment). Thanks again @ripclap 👏 If you're interested in getting more involved and holding the commit bit (read/write on coop-cloud repos), come find us in the matrix chat!

Just joined!

> Oh sorry @ammaratef45, forgot to hold off on clicking the button as you mentioned you would sort it in https://git.coopcloud.tech/coop-cloud/traefik/pulls/56#issuecomment-25590. Thanks again @ripclap 👏 If you're interested in getting more involved and holding the commit bit (read/write on coop-cloud repos), come find us in the matrix chat! Just joined!
Sign in to join this conversation.
Reviewers
No Reviewers
decentral1se
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud decentral1se fauno flancian Frando iexos javielico jmakdah2 kawaiipunk knoflook lambdabundesverband mac-chaffee marlon mayel mirsal moritz nicksellen notplants p4u1 pau renovate-bot ripclap rix sef simon sixsmith stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/traefik#56
No description provided.
Delete Branch "ripclap/traefik:master"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?