examples - add certbot-dns-ovh
This commit is contained in:
parent
cd0d70b8f6
commit
a65606c369
|
@ -5,6 +5,7 @@
|
|||
- Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
|
||||
- Fix config files overwrite when using Docker autoconf
|
||||
- Add log_default() plugin hook
|
||||
- Add certbot-dns-ovh example
|
||||
- Force NGINX version dependencies in Linux packages DEB/RPM
|
||||
- Add Discord to supported plugins
|
||||
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
Please have a look at the [certbot-dns-ovh documentation](https://certbot-dns-ovh.readthedocs.io/en/stable/) first.
|
||||
|
||||
Procedure :
|
||||
- Edit domains in the compose file
|
||||
- Edit OVH infos (use https://eu.api.ovh.com/createToken/)
|
||||
- Run certbot only and wait for certificate to be generated : `docker-compose up -d mycertbot`
|
||||
- When certificates are generated, run your services : `docker-compose up -d`
|
|
@ -0,0 +1,74 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# ⚠️ read this if you use local folders for volumes ⚠️
|
||||
# bunkerweb runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
|
||||
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- certs:/certs
|
||||
environment:
|
||||
- MULTISITE=yes
|
||||
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- USE_CUSTOM_HTTPS=yes
|
||||
- CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
|
||||
- CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
|
||||
- app1.example.com_REVERSE_PROXY_URL=/
|
||||
- app1.example.com_REVERSE_PROXY_HOST=http://app1
|
||||
- app2.example.com_REVERSE_PROXY_URL=/
|
||||
- app2.example.com_REVERSE_PROXY_HOST=http://app2
|
||||
- app3.example.com_REVERSE_PROXY_URL=/
|
||||
- app3.example.com_REVERSE_PROXY_HOST=http://app3
|
||||
networks:
|
||||
- net_app1
|
||||
- net_app2
|
||||
- net_app3
|
||||
|
||||
mycertbot:
|
||||
image: certbot/dns-ovh
|
||||
environment:
|
||||
- DOMAINS=*.example.com,example.com
|
||||
- EMAIL=contact@example.com
|
||||
volumes:
|
||||
- certs:/etc/letsencrypt
|
||||
- ./ovh.ini:/opt/ovh.ini
|
||||
- ./entrypoint.sh:/opt/entrypoint.sh
|
||||
entrypoint: /bin/sh /opt/entrypoint.sh
|
||||
|
||||
app1:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- net_app1
|
||||
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- net_app2
|
||||
|
||||
app3:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- net_app3
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
certs:
|
||||
|
||||
networks:
|
||||
net_app1:
|
||||
net_app2:
|
||||
net_app3:
|
|
@ -0,0 +1,23 @@
|
|||
#!/bin/sh
|
||||
|
||||
echo "Certbot started, domains = $DOMAINS"
|
||||
|
||||
first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
|
||||
if [ "$EMAIL" = "" ] ; then
|
||||
EMAIL="contact@${first_domain}"
|
||||
fi
|
||||
|
||||
if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
|
||||
echo "Renewing certificates ..."
|
||||
certbot renew
|
||||
else
|
||||
echo "Asking for certificates ..."
|
||||
certbot certonly --dns-ovh --dns-ovh-credentials /opt/ovh.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
|
||||
fi
|
||||
|
||||
echo "Fixing permissions ..."
|
||||
chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
|
||||
|
||||
echo "Certbot ended, sleeping for 24 hours"
|
||||
|
||||
sleep 86400
|
|
@ -0,0 +1,5 @@
|
|||
# OVH API credentials used by Certbot
|
||||
dns_ovh_endpoint = ovh-eu
|
||||
dns_ovh_application_key = MDAwMDAwMDAwMDAw
|
||||
dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
|
||||
dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
|
Loading…
Reference in New Issue