Fabio/Dynu_Duckdns_ssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
aggiornamento ssl per DuckDNS e Dynu
2 commits 1 branch 0 tags 36 KiB
Shell 96.8%
Dockerfile 3.2%
Find a file
Fabio dfa835131e Aggiorna README.md
2025-02-19 21:30:46 +08:00
scripts first commit 2025-02-19 21:19:29 +08:00
.dockerignore first commit 2025-02-19 21:19:29 +08:00
.gitignore first commit 2025-02-19 21:19:29 +08:00
docker-compose.yml first commit 2025-02-19 21:19:29 +08:00
Dockerfile first commit 2025-02-19 21:19:29 +08:00
LICENSE first commit 2025-02-19 21:19:29 +08:00
README.md Aggiorna README.md 2025-02-19 21:30:46 +08:00

README.md

Let's Encrypt for DuckDNS e Dynu

compilare l'immagine

sudo docker build . -t duckdns_dynu/letsencrypt

settare tutti i parametri del docker-compose

services:
  letsencrypt:
    image: duckdns_dynu/letsencrypt
    container_name: duckdns_dynu_letsencrypt
    volumes:
      - /etc/letsencrypt:/etc/letsencrypt
    environment:
      - DUCKDNS_TOKEN=0f26cf40-9ded-48b6-8612-5830327aac90
      - DUCKDNS_DOMAIN=patachina.duckdns.org
      - DUCKDNS_DOMAIN2=patachina2.duckdns.org
      - DYNU_DOMAIN=patachina.casacam.net
      - DYNU_DOMAIN2=patachina2.casacam.net
      - DYNU_API_KEY=3465V4Va6732ZWf7b5V55gYg6ZU55W4Y
      - EMAIL=fabio.micheluz@gmail.com
      - LETSENCRYPT_DOMAIN= #optional
      - LETSENCRYPT_WILDCARD=true #optional
      - LETSENCRYPT_EMAIL= #optional
      - TESTING=false #optional
      - UID=0 #optional
      - GID=0 #optional
      - DUCKDNS_DELAY= #optional
    restart: unless-stopped

Let's Encrypt for Duck DNS

github originale (https://github.com/maksimstojkovic/docker-letsencrypt)

Automatically generates Let's Encrypt certificates using a lightweight Docker container without requiring any ports to be exposed for DNS challenges.

Environment Variables

  • DUCKDNS_TOKEN: Duck DNS account token (obtained from Duck DNS) (required)
  • DUCKDNS_DOMAIN: Full Duck DNS domain (e.g. test.duckdns.org) (required)
  • LETSENCRYPT_DOMAIN: Domain to generate SSL cert for. By default the SSL certificate is generated for DUCKDNS_DOMAIN (optional)
  • LETSENCRYPT_WILDCARD: true or false, indicating whether the SSL certificate should be for subdomains only of LETSENCRYPT_DOMAIN (i.e. *.test.duckdns.org), or for the main domain only (i.e. test.duckdns.org) (optional, default: false)
  • LETSENCRYPT_EMAIL: Email used for certificate renewal notifications (optional)
  • LETSENCRYPT_CHAIN: Preferred certificate chain (e.g. ISRG Root X1, see https://letsencrypt.org/certificates for more details) (optional)
  • TESTING: true or false, indicating whether a staging SSL certificate should be generated or not (optional, default: false)
  • UID: User ID to apply to Let's Encrypt files generated (optional, recommended, default: 0 - root)
  • GID: Group ID to apply to Let's Encrypt files generated (optional, recommended, default: 0 - root)

Notes

  • The DUCKDNS_DOMAIN should already be pointing to the server with a dynamic IP. The maksimstojkovic/duckdns image can be used to automatically update the IP address.
  • The format of DUCKDNS_DOMAIN should be <subdomain>.duckdns.org, regardless of the value of LETSENCRYPT_WILDCARD.
  • To use LETSENCRYPT_DOMAIN feature, the following DNS records need to be created for ACME authentication (records should not be proxied):
Type Name Value Condition
CNAME *.<LETSENCRYPT_DOMAIN> <DUCKDNS_DOMAIN> LETSENCRYPT_WILDCARD == true
CNAME <LETSENCRYPT_DOMAIN> <DUCKDNS_DOMAIN> LETSENCRYPT_WILDCARD == false
CNAME _acme-challenge.<LETSENCRYPT_DOMAIN> _acme-challenge.<DUCKDNS_DOMAIN>

Volumes

  • <certs>:/etc/letsencrypt: A named or host volume which allows SSL certificates to persist and be accessed by other containers

Note: To use the <certs> host volume in another container, mount it as read-only for those containers. The <certs> host volume should be read-write enabled for the Letsencrypt container.

Let's Encrypt for Dynu

git originale (https://github.com/aney1/certbot-domainvalidation-dynu)

This repository contains everything needed to create and renew LetsEncrypt certificates (incl. wildcard certificates) on Dynu (https://www.dynu.com/). This should work on every machine that can run docker (I'm using it on a QNAP NAS). If you already have certbot installed you can also just use the scripts in the scripts folder, without docker.

Usage with docker-compose:

You will need Docker and Docker-Compose:

https://docs.docker.com/install/ https://docs.docker.com/compose/install/

docker-compose -f <PATH_TO_FILES>/certbot/docker-compose.yml up

Cronjob to run it twice daily (like recomended by Certbot, certificates are only renewed when needed):

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && docker-compose -f <PATH_TO_FILES>/certbot/docker-compose.yml up