As documented in the README's "Configuring wildcard SSL using DNS"
section, the necessary pieces for DNS-01 ACME challenges to work are
already baked into Traefik's recipe, though they were originally
considered for provisioning wildcard certificates. Furthermore, in
environments where the server is not exposed to the internet, the
default HTTP-01 challenge mechanism doesn't work, so, taking advantage
of this alternative method makes complete sense.
This change causes ACME validations to be done always using DNS when
LETS_ENCRYPT_DNS_CHALLENGE_ENABLED is active. Without it, for standard
certificate requests Traefik uses the HTTP-01 challenge method, which
doesn't work in servers behind a firewall.
We should amend the related section in the [operators handbook](https://docs.coopcloud.tech/operators/handbook/#running-an-offline-coop-cloud-server)
to make a not about the possibility of using DNS challenges in those
scenarios as well.
* [x] I have deployed and tested my changes
I tested this with both a server "exposed" to the internet and one behind a firewall. The first one continued to use the HTTP-01 challenge because no DNS-related settings were added to it, and the second one was successfully able to provision certificates (even though it's only reachable within the LAN).
* [x] I have [updated relevant versions in `abra.sh`](https://docs.coopcloud.tech/maintainers/upgrade/#updating-versions-in-the-abrash)
* [x] I have added a [release note entry](https://docs.coopcloud.tech/maintainers/upgrade/#creating-new-release-notes)
Reviewed-on: coop-cloud/traefik#112
Co-authored-by: Luis Barrueco <yo@luisb.xyz>
Co-committed-by: Luis Barrueco <yo@luisb.xyz>
# Support P2P communication between P2Panda Apps
Apps built with the set of [P2Panda](https://p2panda.org/) libraries perform P2P communication over two UDP ports. The default ports for these are 2022 and 2023.
There aren't really a lot (any?) P2Panda web apps out there, most are desktop or mobile apps.
So, this change is being specifically request by the [LoRes Tech](https://lores.tech/) project in order to support our [LoRes Node](https://github.com/local-resilience-tech/lores-node/) app. We have a recipe drafted for this [here](https://codeberg.org/lores/lores-node-coop-cloud-recipe) and we will push that to the catalogue once this change is in.
It seems better to make this kiwix change as general as possible, which is why we called the flag `P2PANDA_ENABLED` rather than `LORES_NODE_ENABLED`. In practice if there was a larger ecosystem of such apps, we'd probably need to make the actual port numbers configurable.
Reviewed-on: coop-cloud/traefik#70
Reviewed-by: p4u1 <p4u1@noreply.git.coopcloud.tech>
Co-authored-by: Jade Ambrose <jade@noreply.git.coopcloud.tech>
Co-committed-by: Jade Ambrose <jade@noreply.git.coopcloud.tech>
This patch adds a METRICS_ENABLED configuration variables which,
when switched on, defines a metrics entrypoint and enables the
built-in prometheus metrics exporter. This allows the monitoring
stack to collect and show traefik metrics
luisb
dannygroenewegen
vvaznis
p4u1
jade
marlon
Raghav
3wordchant
Chris (wolcen) Thompson
philippr
decentral1se
javielico
mirsal
ahdinosaur
decentral1se
3wc