examples - add various certbot-dns examples

examples/certbot-dns-google/README.md

@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-google documentation](https://certbot-dns-google.readthedocs.io/en/stable/) first.
+
+Procedure :
+- Edit domains in the compose file
+- Edit Google credentials in google.json file (generate using https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount)
+- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
+- When certificates are generated, run your services : `docker-compose up -d`

examples/certbot-dns-google/docker-compose.yml

@@ -0,0 +1,74 @@
+version: '3'
+
+services:
+
+  mybunker:
+    image: bunkerity/bunkerweb:1.4.1
+    ports:
+      - 80:8080
+      - 443:8443
+    # ⚠️ read this if you use local folders for volumes ⚠️
+    # bunkerweb runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
+    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
+    # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
+    # more info at https://docs.bunkerweb.io
+    volumes:
+      - bw_data:/data
+      - certs:/certs
+    environment:
+      - MULTISITE=yes
+      - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
+      - SERVE_FILES=no
+      - DISABLE_DEFAULT_SERVER=yes
+      - USE_CLIENT_CACHE=yes
+      - USE_GZIP=yes
+      - USE_REVERSE_PROXY=yes
+      - USE_CUSTOM_HTTPS=yes
+      - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
+      - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
+      - app1.example.com_REVERSE_PROXY_URL=/
+      - app1.example.com_REVERSE_PROXY_HOST=http://app1
+      - app2.example.com_REVERSE_PROXY_URL=/
+      - app2.example.com_REVERSE_PROXY_HOST=http://app2
+      - app3.example.com_REVERSE_PROXY_URL=/
+      - app3.example.com_REVERSE_PROXY_HOST=http://app3
+    networks:
+      - net_app1
+      - net_app2
+      - net_app3
+
+  mycertbot:
+    image: certbot/dns-google
+    environment:
+      - DOMAINS=*.example.com,example.com
+      - EMAIL=contact@example.com
+    volumes:
+      - certs:/etc/letsencrypt
+      - ./google.json:/opt/google.json
+      - ./entrypoint.sh:/opt/entrypoint.sh
+    entrypoint: /bin/sh /opt/entrypoint.sh    
+
+  app1:
+    image: tutum/hello-world
+    networks:
+      - net_app1
+
+  app2:
+    image: tutum/hello-world
+    networks:
+      - net_app2
+
+  app3:
+    image: tutum/hello-world
+    networks:
+      - net_app3
+
+volumes:
+  bw_data:
+  certs:
+
+networks:
+  net_app1:
+  net_app2:
+  net_app3:

examples/certbot-dns-google/entrypoint.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+echo "Certbot started, domains = $DOMAINS"
+
+first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
+if [ "$EMAIL" = "" ] ; then
+	EMAIL="contact@${first_domain}"
+fi
+
+if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
+	echo "Renewing certificates ..."
+	certbot renew
+else
+	echo "Asking for certificates ..."
+	certbot certonly -n --dns-google --dns-google-credentials /opt/google.json --email "$EMAIL" --agree-tos -d "$DOMAINS"
+fi
+
+echo "Fixing permissions ..."
+chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
+
+echo "Certbot ended, sleeping for 24 hours"
+
+sleep 86400

examples/certbot-dns-google/google.json

@@ -0,0 +1,12 @@
+{
+   "type": "service_account",
+   "project_id": "...",
+   "private_key_id": "...",
+   "private_key": "...",
+   "client_email": "...",
+   "client_id": "...",
+   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+   "token_uri": "https://accounts.google.com/o/oauth2/token",
+   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+   "client_x509_cert_url": "..."
+}