From ea7a373bc49123c668563b2df4e7b7f085033583 Mon Sep 17 00:00:00 2001
From: John <john.allisonwin@outlook.com>
Date: Mon, 10 Nov 2025 11:32:49 +0000
Subject: [PATCH] Fix Traefik SSL certificate issues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Fixed volume mount syntax for Swarm (use long-form bind mount syntax)
- Fixed Portainer TLS label syntax (tls.certresolver instead of tls.certificatesResolvers)
- These changes resolve SSL errors and certificate mounting issues

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 stacks/core/portainer/stack.yml |  4 +++-
 stacks/core/traefik/stack.yml   | 18 ++++++++++++++----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/stacks/core/portainer/stack.yml b/stacks/core/portainer/stack.yml
index 734bf16..42e7cfe 100644
--- a/stacks/core/portainer/stack.yml
+++ b/stacks/core/portainer/stack.yml
@@ -14,9 +14,11 @@ services:
       labels:
       - "traefik.enable=true"
       - "traefik.swarm.network=homelab"
+      # Public-facing domain with Let's Encrypt certificate
       - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
       - "traefik.http.routers.portainer.entrypoints=websecure"
-      - "traefik.http.routers.portainer.tls.certificatesResolvers=cloudflare"
+      - "traefik.http.routers.portainer.tls=true"
+      - "traefik.http.routers.portainer.tls.certresolver=cloudflare"
       - "traefik.http.services.portainer.loadbalancer.server.port=9000"
 
   agent:
diff --git a/stacks/core/traefik/stack.yml b/stacks/core/traefik/stack.yml
index f1f2b28..1f0e4fa 100644
--- a/stacks/core/traefik/stack.yml
+++ b/stacks/core/traefik/stack.yml
@@ -9,10 +9,20 @@ services:
     environment:
     - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
     volumes:
-    - /var/run/docker.sock:/var/run/docker.sock:ro
-    - /home/doc/projects/swarm/conf/traefik-conf/static.yml:/etc/traefik/traefik.yml:ro
-    - /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:rw
-    - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
+    - type: bind
+      source: /var/run/docker.sock
+      target: /var/run/docker.sock
+      read_only: true
+    - type: bind
+      source: /home/doc/projects/swarm/conf/traefik-conf/static.yml
+      target: /etc/traefik/traefik.yml
+      read_only: true
+    - type: bind
+      source: /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml
+      target: /etc/traefik/dynamic/dynamic.yml
+    - type: bind
+      source: /home/doc/projects/swarm-data/appdata/traefik/certificates
+      target: /certificates
     secrets:
     - cloudflare_api_token
     networks: