Parameterize sensitive settings

README.md

@@ -29,6 +29,7 @@ Configuration files is customized for Gbanyan personal usage.
 ## Configuration
 
 - **.env**: Cloudflare E-mail and API Token for SSL DNS Challenge
+  - Also defines `ACME_EMAIL` (Let’s Encrypt contact) and `CROWDSEC_LAPI_KEY`
 - **Traefik Configuration**: Modify `traefik.yml`, `dynamic.yml` to customize Traefik's behavior.
 - **Docker Compose**: Use `docker-compose.yml` to define services and networks.
 

docker-compose.yaml

@@ -13,6 +13,8 @@ services:
     environment:
       - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
       - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
+      - TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL=${ACME_EMAIL}
+      - CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./certs:/letsencrypt
@@ -47,4 +49,3 @@ networks:
       config:
         - subnet: 172.19.0.0/16
           gateway: 172.19.0.1
-

dynamic.d/middlewares/crowdsec.yml.tmpl

@@ -6,4 +6,4 @@ http:
           enabled: true
           crowdsecMode: stream
           crowdsecLapiHost: "localhost:8080"
-          crowdsecLapiKey: gFJjSzdbB0GCe/1Y9HcxMPP1vQmoa4psZOFyleJZJVQ
+          crowdsecLapiKey: "{{ env "CROWDSEC_LAPI_KEY" }}"

traefik.yml

@@ -112,7 +112,6 @@ providers:
 certificatesResolvers:
   letsencrypt:
     acme:
-      email: gbanyan.huang@gmail.com
       storage: /letsencrypt/acme.json
       dnsChallenge:
         provider: cloudflare