examples - add certbot-dns-ovh

CHANGELOG.md

@@ -5,6 +5,7 @@
 - Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
 - Fix config files overwrite when using Docker autoconf
 - Add log_default() plugin hook
+- Add certbot-dns-ovh example
 - Force NGINX version dependencies in Linux packages DEB/RPM
 - Add Discord to supported plugins
 

examples/certbot-dns-ovh/README.md

@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-ovh documentation](https://certbot-dns-ovh.readthedocs.io/en/stable/) first.
+
+Procedure :
+- Edit domains in the compose file
+- Edit OVH infos (use https://eu.api.ovh.com/createToken/)
+- Run certbot only and wait for certificate to be generated : `docker-compose up -d mycertbot`
+- When certificates are generated, run your services : `docker-compose up -d`

examples/certbot-dns-ovh/docker-compose.yml

@@ -0,0 +1,74 @@
+version: '3'
+
+services:
+
+  mybunker:
+    image: bunkerity/bunkerweb:1.4.1
+    ports:
+      - 80:8080
+      - 443:8443
+    # ⚠️ read this if you use local folders for volumes ⚠️
+    # bunkerweb runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
+    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
+    # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
+    # more info at https://docs.bunkerweb.io
+    volumes:
+      - bw_data:/data
+      - certs:/certs
+    environment:
+      - MULTISITE=yes
+      - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
+      - SERVE_FILES=no
+      - DISABLE_DEFAULT_SERVER=yes
+      - USE_CLIENT_CACHE=yes
+      - USE_GZIP=yes
+      - USE_REVERSE_PROXY=yes
+      - USE_CUSTOM_HTTPS=yes
+      - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
+      - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
+      - app1.example.com_REVERSE_PROXY_URL=/
+      - app1.example.com_REVERSE_PROXY_HOST=http://app1
+      - app2.example.com_REVERSE_PROXY_URL=/
+      - app2.example.com_REVERSE_PROXY_HOST=http://app2
+      - app3.example.com_REVERSE_PROXY_URL=/
+      - app3.example.com_REVERSE_PROXY_HOST=http://app3
+    networks:
+      - net_app1
+      - net_app2
+      - net_app3
+
+  mycertbot:
+    image: certbot/dns-ovh
+    environment:
+      - DOMAINS=*.example.com,example.com
+      - EMAIL=contact@example.com
+    volumes:
+      - certs:/etc/letsencrypt
+      - ./ovh.ini:/opt/ovh.ini
+      - ./entrypoint.sh:/opt/entrypoint.sh
+    entrypoint: /bin/sh /opt/entrypoint.sh    
+
+  app1:
+    image: tutum/hello-world
+    networks:
+      - net_app1
+
+  app2:
+    image: tutum/hello-world
+    networks:
+      - net_app2
+
+  app3:
+    image: tutum/hello-world
+    networks:
+      - net_app3
+
+volumes:
+  bw_data:
+  certs:
+
+networks:
+  net_app1:
+  net_app2:
+  net_app3:

examples/certbot-dns-ovh/entrypoint.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+echo "Certbot started, domains = $DOMAINS"
+
+first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
+if [ "$EMAIL" = "" ] ; then
+	EMAIL="contact@${first_domain}"
+fi
+
+if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
+	echo "Renewing certificates ..."
+	certbot renew
+else
+	echo "Asking for certificates ..."
+	certbot certonly --dns-ovh --dns-ovh-credentials /opt/ovh.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
+fi
+
+echo "Fixing permissions ..."
+chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
+
+echo "Certbot ended, sleeping for 24 hours"
+
+sleep 86400

examples/certbot-dns-ovh/ovh.ini

@@ -0,0 +1,5 @@
+# OVH API credentials used by Certbot
+dns_ovh_endpoint = ovh-eu
+dns_ovh_application_key = MDAwMDAwMDAwMDAw
+dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
+dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw