feat: make DNS provider configurable
This commit is contained in:
parent
32b77dc113
commit
2d3ac3d4d9
@ -11,6 +11,7 @@ PIA_PASS=
|
|||||||
PIA_LOCAL_NETWORK="192.168.0.0/16"
|
PIA_LOCAL_NETWORK="192.168.0.0/16"
|
||||||
HOSTNAME=
|
HOSTNAME=
|
||||||
ADGUARD_HOSTNAME=
|
ADGUARD_HOSTNAME=
|
||||||
|
DNS_CHALLENGE_PROVIDER=cloudflare
|
||||||
LETS_ENCRYPT_EMAIL=
|
LETS_ENCRYPT_EMAIL=
|
||||||
CLOUDFLARE_EMAIL=
|
CLOUDFLARE_EMAIL=
|
||||||
CLOUDFLARE_DNS_API_TOKEN=
|
CLOUDFLARE_DNS_API_TOKEN=
|
||||||
|
43
README.md
43
README.md
@ -68,25 +68,26 @@ For the first time, run `./update-config.sh` to update the applications base URL
|
|||||||
|
|
||||||
## Environment Variables
|
## Environment Variables
|
||||||
|
|
||||||
| Variable | Description | Default |
|
| Variable | Description | Default |
|
||||||
|-----------------------------|------------------------------------------------------------------------------|-------------------------|
|
|-----------------------------|------------------------------------------------------------------------------------------------------|-------------------------|
|
||||||
| `COMPOSE_FILE` | Docker compose files to load | `docker-compose.yml` |
|
| `COMPOSE_FILE` | Docker compose files to load | `docker-compose.yml` |
|
||||||
| `COMPOSE_PATH_SEPARATOR` | Path separator between compose files to load | `:` |
|
| `COMPOSE_PATH_SEPARATOR` | Path separator between compose files to load | `:` |
|
||||||
| `USER_ID` | ID of the user to use in Docker containers | `1000` |
|
| `USER_ID` | ID of the user to use in Docker containers | `1000` |
|
||||||
| `GROUP_ID` | ID of the user group to use in Docker containers | `1000` |
|
| `GROUP_ID` | ID of the user group to use in Docker containers | `1000` |
|
||||||
| `TIMEZONE` | TimeZone used by the container. | `America/New_York` |
|
| `TIMEZONE` | TimeZone used by the container. | `America/New_York` |
|
||||||
| `DATA_ROOT` | Host location of the data files | `/mnt/data` |
|
| `DATA_ROOT` | Host location of the data files | `/mnt/data` |
|
||||||
| `DOWNLOAD_ROOT` | Host download location for qBittorrent, should be a subfolder of `DATA_ROOT` | `/mnt/data/torrents` |
|
| `DOWNLOAD_ROOT` | Host download location for qBittorrent, should be a subfolder of `DATA_ROOT` | `/mnt/data/torrents` |
|
||||||
| `PIA_LOCATION` | Servers to use for PIA | `ca` (Montreal, Canada) |
|
| `PIA_LOCATION` | Servers to use for PIA | `ca` (Montreal, Canada) |
|
||||||
| `PIA_USER` | PIA username | |
|
| `PIA_USER` | PIA username | |
|
||||||
| `PIA_PASS` | PIA password | |
|
| `PIA_PASS` | PIA password | |
|
||||||
| `PIA_LOCAL_NETWORK` | PIA local network | `192.168.0.0/16` |
|
| `PIA_LOCAL_NETWORK` | PIA local network | `192.168.0.0/16` |
|
||||||
| `HOSTNAME` | Hostname of the NAS, could be a local IP or a domain name | |
|
| `HOSTNAME` | Hostname of the NAS, could be a local IP or a domain name | |
|
||||||
| `ADGUARD_HOSTNAME` | AdGuard Home hostname used, if enabled | |
|
| `ADGUARD_HOSTNAME` | AdGuard Home hostname used, if enabled | |
|
||||||
| `LETS_ENCRYPT_EMAIL` | E-mail address used to send expiration notifications | |
|
| `DNS_CHALLENGE_PROVIDER` | Provider for DNS01 challenge, [see list here](https://doc.traefik.io/traefik/https/acme/#providers). | `cloudflare` |
|
||||||
| `CLOUDFLARE_EMAIL` | CloudFlare Account email | |
|
| `LETS_ENCRYPT_EMAIL` | E-mail address used to send expiration notifications | |
|
||||||
| `CLOUDFLARE_DNS_API_TOKEN` | API token with `DNS:Edit` permission | |
|
| `CLOUDFLARE_EMAIL` | CloudFlare Account email | |
|
||||||
| `CLOUDFLARE_ZONE_API_TOKEN` | API token with `Zone:Read` permission | |
|
| `CLOUDFLARE_DNS_API_TOKEN` | API token with `DNS:Edit` permission | |
|
||||||
|
| `CLOUDFLARE_ZONE_API_TOKEN` | API token with `Zone:Read` permission | |
|
||||||
|
|
||||||
## PIA Wireguard VPN
|
## PIA Wireguard VPN
|
||||||
|
|
||||||
@ -199,6 +200,10 @@ If you want to test your configuration first, use the Let's Encrypt staging serv
|
|||||||
If it worked, you will see the staging certificate at https://nas.domain.com.
|
If it worked, you will see the staging certificate at https://nas.domain.com.
|
||||||
You may remove the `./letsencrypt/acme.json` file and restart the services to issue the real certificate.
|
You may remove the `./letsencrypt/acme.json` file and restart the services to issue the real certificate.
|
||||||
|
|
||||||
|
You are free to use any DNS01 provider. Simply replace `DNS_CHALLENGE_PROVIDER` with your own provider,
|
||||||
|
[see complete list here](https://doc.traefik.io/traefik/https/acme/#providers).
|
||||||
|
You will also need to inject the environments variables specific to your provider.
|
||||||
|
|
||||||
### Accessing from the outside with Tailscale
|
### Accessing from the outside with Tailscale
|
||||||
|
|
||||||
If we want to make it reachable from outside the network without opening ports or exposing it to the internet, I found
|
If we want to make it reachable from outside the network without opening ports or exposing it to the internet, I found
|
||||||
|
@ -18,7 +18,7 @@ services:
|
|||||||
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
||||||
- --entrypoints.web.http.redirections.entrypoint.permanent=true
|
- --entrypoints.web.http.redirections.entrypoint.permanent=true
|
||||||
- --certificatesresolvers.myresolver.acme.dnschallenge=true
|
- --certificatesresolvers.myresolver.acme.dnschallenge=true
|
||||||
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare
|
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_CHALLENGE_PROVIDER}
|
||||||
# Uncomment to test your configuration by using Let's Encrypt staging certificates
|
# Uncomment to test your configuration by using Let's Encrypt staging certificates
|
||||||
#- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
|
#- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
- --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL}
|
- --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL}
|
||||||
|
Loading…
Reference in New Issue
Block a user