feat: make DNS provider configurable

This commit is contained in:
Adrien Poupa 2023-03-26 17:26:15 -04:00
parent 32b77dc113
commit 2d3ac3d4d9
3 changed files with 26 additions and 20 deletions

View File

@ -11,6 +11,7 @@ PIA_PASS=
PIA_LOCAL_NETWORK="192.168.0.0/16" PIA_LOCAL_NETWORK="192.168.0.0/16"
HOSTNAME= HOSTNAME=
ADGUARD_HOSTNAME= ADGUARD_HOSTNAME=
DNS_CHALLENGE_PROVIDER=cloudflare
LETS_ENCRYPT_EMAIL= LETS_ENCRYPT_EMAIL=
CLOUDFLARE_EMAIL= CLOUDFLARE_EMAIL=
CLOUDFLARE_DNS_API_TOKEN= CLOUDFLARE_DNS_API_TOKEN=

View File

@ -68,25 +68,26 @@ For the first time, run `./update-config.sh` to update the applications base URL
## Environment Variables ## Environment Variables
| Variable | Description | Default | | Variable | Description | Default |
|-----------------------------|------------------------------------------------------------------------------|-------------------------| |-----------------------------|------------------------------------------------------------------------------------------------------|-------------------------|
| `COMPOSE_FILE` | Docker compose files to load | `docker-compose.yml` | | `COMPOSE_FILE` | Docker compose files to load | `docker-compose.yml` |
| `COMPOSE_PATH_SEPARATOR` | Path separator between compose files to load | `:` | | `COMPOSE_PATH_SEPARATOR` | Path separator between compose files to load | `:` |
| `USER_ID` | ID of the user to use in Docker containers | `1000` | | `USER_ID` | ID of the user to use in Docker containers | `1000` |
| `GROUP_ID` | ID of the user group to use in Docker containers | `1000` | | `GROUP_ID` | ID of the user group to use in Docker containers | `1000` |
| `TIMEZONE` | TimeZone used by the container. | `America/New_York` | | `TIMEZONE` | TimeZone used by the container. | `America/New_York` |
| `DATA_ROOT` | Host location of the data files | `/mnt/data` | | `DATA_ROOT` | Host location of the data files | `/mnt/data` |
| `DOWNLOAD_ROOT` | Host download location for qBittorrent, should be a subfolder of `DATA_ROOT` | `/mnt/data/torrents` | | `DOWNLOAD_ROOT` | Host download location for qBittorrent, should be a subfolder of `DATA_ROOT` | `/mnt/data/torrents` |
| `PIA_LOCATION` | Servers to use for PIA | `ca` (Montreal, Canada) | | `PIA_LOCATION` | Servers to use for PIA | `ca` (Montreal, Canada) |
| `PIA_USER` | PIA username | | | `PIA_USER` | PIA username | |
| `PIA_PASS` | PIA password | | | `PIA_PASS` | PIA password | |
| `PIA_LOCAL_NETWORK` | PIA local network | `192.168.0.0/16` | | `PIA_LOCAL_NETWORK` | PIA local network | `192.168.0.0/16` |
| `HOSTNAME` | Hostname of the NAS, could be a local IP or a domain name | | | `HOSTNAME` | Hostname of the NAS, could be a local IP or a domain name | |
| `ADGUARD_HOSTNAME` | AdGuard Home hostname used, if enabled | | | `ADGUARD_HOSTNAME` | AdGuard Home hostname used, if enabled | |
| `LETS_ENCRYPT_EMAIL` | E-mail address used to send expiration notifications | | | `DNS_CHALLENGE_PROVIDER` | Provider for DNS01 challenge, [see list here](https://doc.traefik.io/traefik/https/acme/#providers). | `cloudflare` |
| `CLOUDFLARE_EMAIL` | CloudFlare Account email | | | `LETS_ENCRYPT_EMAIL` | E-mail address used to send expiration notifications | |
| `CLOUDFLARE_DNS_API_TOKEN` | API token with `DNS:Edit` permission | | | `CLOUDFLARE_EMAIL` | CloudFlare Account email | |
| `CLOUDFLARE_ZONE_API_TOKEN` | API token with `Zone:Read` permission | | | `CLOUDFLARE_DNS_API_TOKEN` | API token with `DNS:Edit` permission | |
| `CLOUDFLARE_ZONE_API_TOKEN` | API token with `Zone:Read` permission | |
## PIA Wireguard VPN ## PIA Wireguard VPN
@ -199,6 +200,10 @@ If you want to test your configuration first, use the Let's Encrypt staging serv
If it worked, you will see the staging certificate at https://nas.domain.com. If it worked, you will see the staging certificate at https://nas.domain.com.
You may remove the `./letsencrypt/acme.json` file and restart the services to issue the real certificate. You may remove the `./letsencrypt/acme.json` file and restart the services to issue the real certificate.
You are free to use any DNS01 provider. Simply replace `DNS_CHALLENGE_PROVIDER` with your own provider,
[see complete list here](https://doc.traefik.io/traefik/https/acme/#providers).
You will also need to inject the environments variables specific to your provider.
### Accessing from the outside with Tailscale ### Accessing from the outside with Tailscale
If we want to make it reachable from outside the network without opening ports or exposing it to the internet, I found If we want to make it reachable from outside the network without opening ports or exposing it to the internet, I found

View File

@ -18,7 +18,7 @@ services:
- --entrypoints.web.http.redirections.entryPoint.scheme=https - --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true - --entrypoints.web.http.redirections.entrypoint.permanent=true
- --certificatesresolvers.myresolver.acme.dnschallenge=true - --certificatesresolvers.myresolver.acme.dnschallenge=true
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare - --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_CHALLENGE_PROVIDER}
# Uncomment to test your configuration by using Let's Encrypt staging certificates # Uncomment to test your configuration by using Let's Encrypt staging certificates
#- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory #- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL} - --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL}