Browse Source

Move Let's Encrypt service to overrides entirely.

This allows you to select and configure the service without
touching the main compose file, making updating a lot easier.

Also add overrides for MyDNSHost and HTTP.
master
Chris Smith 6 years ago
parent
commit
a106c24597

+ 21
- 7
README.md View File

@@ -9,13 +9,27 @@ is described in [this blog post](https://www.chameth.com/2016/05/21/docker-autom
9 9
 
10 10
 ## Getting started
11 11
 
12
-The out-of-the-box setup uses [Lexicon](https://github.com/AnalogJ/lexicon)
13
-to perform DNS updates. This will work if you use one DNS provider for all
14
-the domains you wish to use, and Lexicon supports that provider. If that
15
-is the case, then getting started is very easy:
16
-
17
- 1. Copy docker-compose.override.example.yml to docker-compose.override.yml
18
- 2. Change the e-mail address, provider, and provider auth details
12
+This repository contains configuration for four different methods of obtaining
13
+Let's Encrypt certificates:
14
+
15
+ * **`docker-compose.override.generic.yml`** - a generic solution for obtaining
16
+   certificates using DNS entries. You must supply a
17
+   [Dehydrated](https://github.com/lukas2511/dehydrated) hook that will add and
18
+   remove DNS entries as needed.
19
+ * **`docker-compose.override.lexicon.yml`** - uses the
20
+   [Lexicon](https://github.com/AnalogJ/lexicon) library to perform DNS updates
21
+   for major cloud DNS providers.
22
+ * **`docker-compose.override.mydnshost.yml`** - uses the
23
+   [MyDNSHost](https://mydnshost.co.uk) API to perform DNS updates for domains
24
+   hosted there
25
+ * **`docker-compose.override.http.yml`** - performs a HTTP challenge instead of
26
+   using DNS, saving the response to disk so it can be served by Nginx.
27
+
28
+To get started:
29
+
30
+ 1. Copy the relevant docker-compose.override.\*.yml file to
31
+    docker-compose.override.yml
32
+ 2. Change any settings (auth token, staging environment, etc)
19 33
  3. Run `docker-compose up -d`
20 34
 
21 35
 If you have existing containers with the appropriate labels, the certificates

+ 25
- 0
docker-compose.override.generic.yml View File

@@ -0,0 +1,25 @@
1
+---
2
+version: '2'
3
+
4
+services:
5
+
6
+  # letsencrypt-generic uses a user-defined hook to update DNS entries.
7
+  # You need to supply your own hook, available at /dns/hook. See the
8
+  # letsencrypt.sh repo for details about hook arguments.
9
+  letsencrypt-generic:
10
+    image: csmith/letsencrypt-generic:latest
11
+    container_name: autoproxy_letsencrypt-generic
12
+    restart: always
13
+    volumes:
14
+      - letsencrypt-data:/letsencrypt
15
+      - /my/hook/script:/dns/hook
16
+    environment:
17
+      # For testing purposes, use the Let's Encrypt staging server.
18
+      # Remove this for production use!
19
+      - STAGING=yes
20
+      # To accept Let's Encrypt's temrs of service automatically:
21
+      #- ACCEPT_CA_TERMS=yes
22
+      # The e-mail address to provide to Let's Encrypt.
23
+      - EMAIL=your@email.addr
24
+      # Any environment variables your hook needs
25
+      - MY_SECRET=1234567890123456789012345678901234567890

+ 23
- 0
docker-compose.override.http.yml View File

@@ -0,0 +1,23 @@
1
+---
2
+version: '2'
3
+
4
+services:
5
+
6
+  # letsencrypt-http uses the HTTP-01 challenge to verify ownership. The
7
+  # well-known files must be served by a webserver.
8
+  letsencrypt-http:
9
+    image: csmith/letsencrypt-http-01:latest
10
+    container_name: autoproxy_letsencrypt-http
11
+    restart: always
12
+    volumes:
13
+      - letsencrypt-data:/letsencrypt
14
+    environment:
15
+      # For testing purposes, use the Let's Encrypt staging server.
16
+      # Remove this for production use!
17
+      - STAGING=yes
18
+      # To accept Let's Encrypt's temrs of service automatically:
19
+      #- ACCEPT_CA_TERMS=yes
20
+      # The e-mail address to provide to Let's Encrypt.
21
+      - EMAIL=your@email.addr
22
+      # Any environment variables your hook needs
23
+      - MY_SECRET=1234567890123456789012345678901234567890

docker-compose.override.example.yml → docker-compose.override.lexicon.yml View File

@@ -3,11 +3,20 @@ version: '2'
3 3
 
4 4
 services:
5 5
 
6
+  # letsencrypt-lexicon obtains Let's Encrypt certificates by modifying
7
+  # DNS records. It supports several major cloud DNS providers.
6 8
   letsencrypt-lexicon:
9
+    image: csmith/letsencrypt-lexicon:latest
10
+    container_name: autoproxy_letsencrypt-lexicon
11
+    restart: always
12
+    volumes:
13
+      - letsencrypt-data:/letsencrypt
7 14
     environment:
8 15
       # For testing purposes, use the Let's Encrypt staging server.
9 16
       # Remove this for production use!
10 17
       - STAGING=yes
18
+      # To accept Let's Encrypt's temrs of service automatically:
19
+      #- ACCEPT_CA_TERMS=yes
11 20
       # The e-mail address to provide to Let's Encrypt.
12 21
       - EMAIL=your@email.addr
13 22
       # The Lexicon provider to use
@@ -15,4 +24,3 @@ services:
15 24
       # Provider-specific authentication details
16 25
       - LEXICON_CLOUDFLARE_USERNAME=your@email.addr
17 26
       - LEXICON_CLOUDFLARE_TOKEN=1234567890123456789012345678901234567890
18
-

+ 24
- 0
docker-compose.override.mydnshost.yml View File

@@ -0,0 +1,24 @@
1
+---
2
+version: '2'
3
+
4
+services:
5
+
6
+  # letsencrypt-mydnshost obtains Let's Encrypt certificates by modifying
7
+  # DNS records for domains hosted at mydnshost.co.uk.
8
+  letsencrypt-mydnshost:
9
+    image: csmith/letsencrypt-mydnshost:latest
10
+    container_name: autoproxy_letsencrypt-mydnshost
11
+    restart: always
12
+    volumes:
13
+      - letsencrypt-data:/letsencrypt
14
+    environment:
15
+      # For testing purposes, use the Let's Encrypt staging server.
16
+      # Remove this for production use!
17
+      - STAGING=yes
18
+      # To accept Let's Encrypt's temrs of service automatically:
19
+      #- ACCEPT_CA_TERMS=yes
20
+      # The e-mail address to provide to Let's Encrypt.
21
+      - EMAIL=your@email.addr
22
+      # The account and API key to use for MyDNSHost
23
+      - MYDNSHOST_AUTH_USER=your@email.addr
24
+      - MYDNSHOST_AUTH_KEY=1234567890123456789012345678901234567890

+ 0
- 20
docker-compose.yml View File

@@ -67,26 +67,6 @@ services:
67 67
     depends_on:
68 68
       - etcd
69 69
 
70
-  # letsencrypt-lexicon obtains Let's Encrypt certificates by modifying
71
-  # DNS records. It supports several major cloud DNS providers.
72
-  letsencrypt-lexicon:
73
-    image: csmith/letsencrypt-lexicon:latest
74
-    container_name: autoproxy_letsencrypt-lexicon
75
-    restart: always
76
-    volumes:
77
-      - letsencrypt-data:/letsencrypt
78
-
79
-  # letsencrypt-generic uses a user-defined hook to update DNS entries.
80
-  # You need to supply your own hook, available at /dns/hook. See the
81
-  # letsencrypt.sh repo for details about hook arguments.
82
-  #letsencrypt-generic:
83
-  #  image: csmith/letsencrypt-generic:latest
84
-  #  container_name: autoproxy_letsencrypt-generic
85
-  #  restart: always
86
-  #  volumes:
87
-  #    - letsencrypt-data:/letsencrypt
88
-  #    - /my/hook/script:/dns/hook
89
-
90 70
   # service-nginx reads proxy information and vhosts from etcd and
91 71
   # creates an nginx vhost config to enable SSL-terminated reverse
92 72
   # proxying to the containers.

Loading…
Cancel
Save