diff --git a/CHANGELOG.md b/CHANGELOG.md index 315be68..72c7afe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s - Fix config files overwrite when using Docker autoconf - Add log_default() plugin hook +- Add certbot-dns-ovh example - Force NGINX version dependencies in Linux packages DEB/RPM - Add Discord to supported plugins diff --git a/examples/certbot-dns-ovh/README.md b/examples/certbot-dns-ovh/README.md new file mode 100644 index 0000000..931b494 --- /dev/null +++ b/examples/certbot-dns-ovh/README.md @@ -0,0 +1,7 @@ +Please have a look at the [certbot-dns-ovh documentation](https://certbot-dns-ovh.readthedocs.io/en/stable/) first. + +Procedure : +- Edit domains in the compose file +- Edit OVH infos (use https://eu.api.ovh.com/createToken/) +- Run certbot only and wait for certificate to be generated : `docker-compose up -d mycertbot` +- When certificates are generated, run your services : `docker-compose up -d` diff --git a/examples/certbot-dns-ovh/docker-compose.yml b/examples/certbot-dns-ovh/docker-compose.yml new file mode 100644 index 0000000..5980a76 --- /dev/null +++ b/examples/certbot-dns-ovh/docker-compose.yml @@ -0,0 +1,74 @@ +version: '3' + +services: + + mybunker: + image: bunkerity/bunkerweb:1.4.1 + ports: + - 80:8080 + - 443:8443 + # ⚠️ read this if you use local folders for volumes ⚠️ + # bunkerweb runs as an unprivileged user with UID/GID 101 + # don't forget to edit the permissions of the files and folders accordingly + # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder + # or for an existing one : chown -R root:101 folder && chmod -R 770 folder + # more info at https://docs.bunkerweb.io + volumes: + - bw_data:/data + - certs:/certs + environment: + - MULTISITE=yes + - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains + - SERVE_FILES=no + - DISABLE_DEFAULT_SERVER=yes + - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_REVERSE_PROXY=yes + - USE_CUSTOM_HTTPS=yes + - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem + - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem + - app1.example.com_REVERSE_PROXY_URL=/ + - app1.example.com_REVERSE_PROXY_HOST=http://app1 + - app2.example.com_REVERSE_PROXY_URL=/ + - app2.example.com_REVERSE_PROXY_HOST=http://app2 + - app3.example.com_REVERSE_PROXY_URL=/ + - app3.example.com_REVERSE_PROXY_HOST=http://app3 + networks: + - net_app1 + - net_app2 + - net_app3 + + mycertbot: + image: certbot/dns-ovh + environment: + - DOMAINS=*.example.com,example.com + - EMAIL=contact@example.com + volumes: + - certs:/etc/letsencrypt + - ./ovh.ini:/opt/ovh.ini + - ./entrypoint.sh:/opt/entrypoint.sh + entrypoint: /bin/sh /opt/entrypoint.sh + + app1: + image: tutum/hello-world + networks: + - net_app1 + + app2: + image: tutum/hello-world + networks: + - net_app2 + + app3: + image: tutum/hello-world + networks: + - net_app3 + +volumes: + bw_data: + certs: + +networks: + net_app1: + net_app2: + net_app3: diff --git a/examples/certbot-dns-ovh/entrypoint.sh b/examples/certbot-dns-ovh/entrypoint.sh new file mode 100644 index 0000000..ec13dc1 --- /dev/null +++ b/examples/certbot-dns-ovh/entrypoint.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +echo "Certbot started, domains = $DOMAINS" + +first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')" +if [ "$EMAIL" = "" ] ; then + EMAIL="contact@${first_domain}" +fi + +if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then + echo "Renewing certificates ..." + certbot renew +else + echo "Asking for certificates ..." + certbot certonly --dns-ovh --dns-ovh-credentials /opt/ovh.ini --email "$EMAIL" --agree-tos -d "$DOMAINS" +fi + +echo "Fixing permissions ..." +chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt + +echo "Certbot ended, sleeping for 24 hours" + +sleep 86400 \ No newline at end of file diff --git a/examples/certbot-dns-ovh/ovh.ini b/examples/certbot-dns-ovh/ovh.ini new file mode 100644 index 0000000..4b280e3 --- /dev/null +++ b/examples/certbot-dns-ovh/ovh.ini @@ -0,0 +1,5 @@ +# OVH API credentials used by Certbot +dns_ovh_endpoint = ovh-eu +dns_ovh_application_key = MDAwMDAwMDAwMDAw +dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw +dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw