Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

examples - add various certbot-dns examples

Browse Source
This commit is contained in:
bunkerity
2022-06-22 16:30:06 +02:00
parent a65606c369
commit ad091493c3
19 changed files with 442 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
examples/certbot-dns-cloudflare/README.md Normal file
View File

@@ -0,0 +1,7 @@
Please have a look at the [certbot-dns-cloudflare documentation](https://certbot-dns-cloudflare.readthedocs.io/en/stable/) first.
Procedure :
- Edit domains in the compose file
- Edit CloudFlare credentials in cloudflare.ini file (generate using https://dash.cloudflare.com/?to=/:account/profile/api-tokens)
- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
- When certificates are generated, run your services : `docker-compose up -d`

5
examples/certbot-dns-cloudflare/cloudflare.ini Normal file
View File

@@ -0,0 +1,5 @@
# Cloudflare API token used by Certbot (recommended)
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef012345671
# Cloudflare API credentials used by Certbot (not recommended)
#dns_cloudflare_email = cloudflare@example.com
#dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef012341

74
examples/certbot-dns-cloudflare/docker-compose.yml Normal file
View File

@@ -0,0 +1,74 @@
version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.1
ports:
- 80:8080
- 443:8443
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- certs:/certs
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- USE_CUSTOM_HTTPS=yes
- CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
networks:
- net_app1
- net_app2
- net_app3
mycertbot:
image: certbot/dns-cloudflare
environment:
- DOMAINS=*.example.com,example.com
- EMAIL=contact@example.com
volumes:
- certs:/etc/letsencrypt
- ./cloudflare.ini:/opt/cloudflare.ini
- ./entrypoint.sh:/opt/entrypoint.sh
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
networks:
- net_app1
app2:
image: tutum/hello-world
networks:
- net_app2
app3:
image: tutum/hello-world
networks:
- net_app3
volumes:
bw_data:
certs:
networks:
net_app1:
net_app2:
net_app3:

23
examples/certbot-dns-cloudflare/entrypoint.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/sh
echo "Certbot started, domains = $DOMAINS"
first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
if [ "$EMAIL" = "" ] ; then
EMAIL="contact@${first_domain}"
fi
if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
echo "Renewing certificates ..."
certbot renew
else
echo "Asking for certificates ..."
certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /opt/cloudflare.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
fi
echo "Fixing permissions ..."
chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
echo "Certbot ended, sleeping for 24 hours"
sleep 86400