Feat: Add SAN configurarion support for traefik's letsEncrypt cert
Right now there is only one domain
param for cert generation in the config.yaml. For example, when using DNS cert generation for domain mydomain.com
, the traefik config is like this:
---
# traefik.yml
options: default
certResolver: dns
domains:
- main: "mydomain.com"
sans:
- "*.mydomain.com"
---
...
However, if I want to use subdomain like {service_name}.hlos.mydomain.com
, the traefik config would be like this:
---
# traefik.yml
options: default
certResolver: dns
domains:
- main: "hlos.mydomain.com" # Wrong! Should always be mydomain.com
sans:
- "*.hlos.mydomain.com"
---
...
As you can see, the domain of the wildcard cert is incorrect now.
My proposal is to add a seperate param domain_san
for SAN value of the cert, where user could specific SAN value if needed. If domain_san
is not set, hlos will fallback to use domain
as SAN value, like this:
See first comment for improved design
Case 1
# config.yml
domain: mydomain.com
domain_san: hlos.mydomain.com
to
---
# traefik.yml
options: default
certResolver: dns
domains:
- main: "mydomain.com"
sans:
- "*.hlos.mydomain.com"
---
...
Case 2
# config.yml
domain: mydomain.com
# domain_san: hlos.mydomain.com # commented
to
---
# traefik.yml
options: default
certResolver: dns
domains:
- main: "mydomain.com"
sans:
- "*.mydomain.com"
---
...
Edited by Wang Jiaxiang