From d97b522162dde842fbc163d53fcb1dd89233f31a Mon Sep 17 00:00:00 2001
From: syoul <syoul@librezo.fr>
Date: Tue, 17 Mar 2026 21:21:30 +0100
Subject: [PATCH] feat: cert TLS automatique via acme-companion + route HTTPS
 Fabio

- Ajout label LETSENCRYPT_HOST sur le container prestashop :
  sonic-acme-1 (acme-companion) emet le cert et le copie dans /host/certs/
  Fabio le detecte par SNI sans redemarrage
- Route Fabio KV mise a jour : HTTP et HTTPS (domain:443) en une seule cle

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .woodpecker.yml    | 7 ++++---
 docker-compose.yml | 3 +++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 5d65e1e..e36e841 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -79,9 +79,10 @@ steps:
         docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul services register \
           -address "$CONTAINER_IP" -port 80 -name prestashop -tag "urlprefix-$DOMAIN/"
         echo "Consul: prestashop -> $CONTAINER_IP:80 urlprefix-$DOMAIN/"
-        docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul kv put fabio/config \
-          "route add prestashop $DOMAIN/ http://$CONTAINER_IP:80/"
-        echo "Fabio KV: route add prestashop $DOMAIN/ -> $CONTAINER_IP:80"
+        ROUTES="route add prestashop $DOMAIN/ http://$CONTAINER_IP:80/
+route add prestashop $DOMAIN:443/ http://$CONTAINER_IP:80/"
+        docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul kv put fabio/config "$ROUTES"
+        echo "Fabio KV: routes HTTP+HTTPS $DOMAIN -> $CONTAINER_IP:80"
 
   # Etape 4 : Healthcheck post-deploiement
   - name: healthcheck
diff --git a/docker-compose.yml b/docker-compose.yml
index 9a2d54d..03ed4d6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,6 +28,9 @@ services:
       SERVICE_NAME: "prestashop"
       SERVICE_80_NAME: "prestashop"
       SERVICE_80_TAGS: "urlprefix-${PS_DOMAIN}/"
+      # sonic-acme-1 (acme-companion) emet le cert TLS et le copie dans /host/certs/
+      # Fabio le detecte automatiquement par SNI pour HTTPS
+      LETSENCRYPT_HOST: "${PS_DOMAIN}"
     networks:
       - prestashop-net
       # Reseau "sonic" requis pour que Registrator trouve l'IP du conteneur