From fc4c4c6c8fe486aa07549568d150ec003ea32b40 Mon Sep 17 00:00:00 2001
From: Hayden Liu <hayden0828@gmail.com>
Date: Sun, 1 Feb 2026 06:47:05 +0800
Subject: [PATCH] LE Certificates Resolver

---
 traefik/docker-compose.yml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
index 7081d3e..472f336 100644
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@@ -21,13 +21,15 @@ services:
         protocol: tcp
         mode: ingress
 
+    environment:
+      - CF_API_EMAIL=${TRAEFIK_CF_API_EMAIL}
+      - CF_API_KEY=${TRAEFIK_CF_API_KEY}
+
     volumes:
       # Mount the Docker socket for the Swarm provider
       # This MUST be run from a manager node to access the Swarm API via the socket.
       - /var/run/docker.sock:/var/run/docker.sock:ro   # Swarm API socket
-      - /mnt/docker-storage/traefik/certs:/certs:ro
-      - /mnt/docker-storage/traefik/dynamic:/dynamic:ro
-
+      - /mnt/docker-storage/traefik/acme:/acme
     # Traefik Static configuration via command-line arguments
     command:
       # HTTP EntryPoint
@@ -42,8 +44,10 @@ services:
       - "--entrypoints.websecure.address=:443"
       - "--entrypoints.websecure.http.tls=true"
 
-      # Attach dynamic TLS file
-      - "--providers.file.filename=/dynamic/tls.yaml"
+      # Certificates Resolver
+      - "--certificatesResolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL}"
+      - "--certificatesResolvers.letsencrypt.acme.storage=/acme/acme.json"
+      - "--certificatesResolvers.letsencrypt.acme.dnsChallenge.provider=cloudflare"
 
       # Providers