fix: traefik router for acme certs (#1068)

* fix: traefik router for acme certs

* fix: set default for sites

* test: use .localhost site names

docs/setup-options.md

@@ -68,6 +68,8 @@ docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -
 
 ### Setup Frappe using containerized MariaDB and Redis with Letsencrypt certificates.
 
+In this case make sure you've set `LETSENCRYPT_EMAIL` and `SITES` environment variables are set or certificates won't work.
+
 ```sh
 # Generate YAML
 docker compose -f compose.yaml \
@@ -82,6 +84,8 @@ docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -
 
 ### Setup ERPNext using containerized MariaDB and Redis with Letsencrypt certificates.
 
+In this case make sure you've set `LETSENCRYPT_EMAIL` and `SITES` environment variables are set or certificates won't work.
+
 ```sh
 # Generate YAML
 docker compose -f compose.yaml \

example.env

@@ -43,3 +43,8 @@ PROXY_READ_TIMOUT=
 # All Values allowed by nginx client_max_body_size are allowed, default value is 50m
 # Necessary if the upload limit in the frappe application is increased
 CLIENT_MAX_BODY_SIZE=
+
+# List of sites for letsencrypt certificates quoted with backtick (`) and separated by comma (,)
+# More https://doc.traefik.io/traefik/routing/routers/#rule
+# About acme https://doc.traefik.io/traefik/https/acme/#domain-definition
+SITES=`erp.example.com`

overrides/compose.https.yaml

@@ -5,7 +5,7 @@ services:
       - traefik.http.services.frontend.loadbalancer.server.port=8080
       - traefik.http.routers.frontend-http.entrypoints=websecure
       - traefik.http.routers.frontend-http.tls.certresolver=main-resolver
-      - traefik.http.routers.frontend-http.rule=HostRegexp(`{any:.+}`)
+      - traefik.http.routers.frontend-http.rule=Host(${SITES:?List of sites not set})
 
   proxy:
     image: traefik:2.5

tests/_ping_frappe_connections.py

@@ -16,7 +16,7 @@ def check_cache():
 
 
 def main() -> int:
-    frappe.connect(site="tests")
+    frappe.connect(site="tests.localhost")
     check_db()
     check_cache()
     return 0

tests/conftest.py

@@ -1,4 +1,5 @@
 import os
+import re
 import shutil
 import subprocess
 from dataclasses import dataclass
@@ -22,12 +23,27 @@ def _add_version_var(name: str, env_path: Path):
         f.write(f"\n{name}={os.environ[name]}")
 
 
+def _add_sites_var(env_path: Path):
+    with open(env_path, "r+") as f:
+        content = f.read()
+        content = re.sub(
+            rf"SITES=.*",
+            f"SITES=`tests.localhost`,`test-erpnext-site.localhost`,`test-pg-site.localhost`",
+            content,
+        )
+        f.seek(0)
+        f.truncate()
+        f.write(content)
+
+
 @pytest.fixture(scope="session")
 def env_file(tmp_path_factory: pytest.TempPathFactory):
     tmp_path = tmp_path_factory.mktemp("frappe-docker")
     file_path = tmp_path / ".env"
     shutil.copy("example.env", file_path)
 
+    _add_sites_var(file_path)
+
     for var in ("FRAPPE_VERSION", "ERPNEXT_VERSION"):
         _add_version_var(name=var, env_path=file_path)
 
@@ -52,7 +68,7 @@ def frappe_setup(compose: Compose):
 
 @pytest.fixture(scope="session")
 def frappe_site(compose: Compose):
-    site_name = "tests"
+    site_name = "tests.localhost"
     compose.bench(
         "new-site",
         "--no-mariadb-socket",
@@ -77,7 +93,7 @@ def erpnext_setup(compose: Compose):
 
 @pytest.fixture(scope="class")
 def erpnext_site(compose: Compose):
-    site_name = "test_erpnext_site"
+    site_name = "test-erpnext-site.localhost"
     args = [
         "new-site",
         "--no-mariadb-socket",

tests/test_frappe_docker.py

@@ -144,7 +144,7 @@ class TestPostgres:
     def test_site_creation(self, compose: Compose):
         compose.bench(
             "new-site",
-            "test_pg_site",
+            "test-pg-site.localhost",
             "--db-type",
             "postgres",
             "--admin-password",