mirror of
https://github.com/linuxserver/docker-swag.git
synced 2024-10-01 01:35:49 -04:00
Switch to certbot-dns-duckdns
This commit is contained in:
parent
3fb6e3f54d
commit
53db9755b2
@ -116,6 +116,7 @@ RUN \
|
||||
certbot-dns-dnspod \
|
||||
certbot-dns-do \
|
||||
certbot-dns-domeneshop \
|
||||
certbot-dns-duckdns \
|
||||
certbot-dns-dynu \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-godaddy \
|
||||
|
@ -116,6 +116,7 @@ RUN \
|
||||
certbot-dns-dnspod \
|
||||
certbot-dns-do \
|
||||
certbot-dns-domeneshop \
|
||||
certbot-dns-duckdns \
|
||||
certbot-dns-dynu \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-godaddy \
|
||||
|
@ -116,6 +116,7 @@ RUN \
|
||||
certbot-dns-dnspod \
|
||||
certbot-dns-do \
|
||||
certbot-dns-domeneshop \
|
||||
certbot-dns-duckdns \
|
||||
certbot-dns-dynu \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-godaddy \
|
||||
|
@ -336,7 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
||||
|
||||
## Versions
|
||||
|
||||
* **06.10.22:** - Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
|
||||
* **06.10.22:** - Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
|
||||
* **05.10.22:** - Use certbot file hooks instead of command line hooks
|
||||
* **04.10.22:** - Add godaddy and porkbun dns plugins.
|
||||
* **03.10.22:** - Add default_server back to default site conf's https listen.
|
||||
|
@ -156,7 +156,7 @@ app_setup_nginx_reverse_proxy_block: ""
|
||||
|
||||
# changelog
|
||||
changelogs:
|
||||
- { date: "06.10.22:", desc: "Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." }
|
||||
- { date: "06.10.22:", desc: "Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." }
|
||||
- { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" }
|
||||
- { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." }
|
||||
- { date: "03.10.22:", desc: "Add default_server back to default site conf's https listen." }
|
||||
|
@ -1,8 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
. /config/.donoteditthisfile.conf
|
||||
|
||||
curl https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN}\&token=${ORIGDUCKDNSTOKEN}\&txt=${CERTBOT_VALIDATION}
|
||||
|
||||
echo "sleeping 60"
|
||||
sleep 60
|
3
root/defaults/dns-conf/duckdns.ini
Normal file
3
root/defaults/dns-conf/duckdns.ini
Normal file
@ -0,0 +1,3 @@
|
||||
# Instructions: https://github.com/infinityofspace/certbot_dns_duckdns#credentials-file-or-cli-parameters
|
||||
# Replace with your API token from your duckdns account.
|
||||
dns_duckdns_token=<your-duckdns-token>
|
@ -23,7 +23,7 @@ for i in "${SANED_VARS[@]}"; do
|
||||
done
|
||||
|
||||
# check to make sure DNSPLUGIN is selected if dns validation is used
|
||||
if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
|
||||
if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
|
||||
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
|
||||
sleep infinity
|
||||
fi
|
||||
@ -50,7 +50,7 @@ if [ -f "/config/donoteditthisfile.conf" ]; then
|
||||
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
|
||||
fi
|
||||
if [ ! -f "/config/.donoteditthisfile.conf" ]; then
|
||||
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGDUCKDNSTOKEN=\"$DUCKDNSTOKEN\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
|
||||
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
|
||||
echo "Created .donoteditthisfile.conf"
|
||||
fi
|
||||
|
||||
@ -64,6 +64,25 @@ if [ -z "$VALIDATION" ]; then
|
||||
echo "VALIDATION parameter not set; setting it to http"
|
||||
fi
|
||||
|
||||
# set duckdns validation to dns
|
||||
if [ "$VALIDATION" = "duckdns" ]; then
|
||||
VALIDATION="dns"
|
||||
DNSPLUGIN="duckdns"
|
||||
if [ -n "$DUCKDNSTOKEN" ] && ! grep -q "dns_duckdns_token=${DUCKDNSTOKEN}$" /config/dns-conf/duckdns.ini;then
|
||||
sed -i "s|^dns_duckdns_token=.*|dns_duckdns_token=${DUCKDNSTOKEN}|g" /config/dns-conf/duckdns.ini
|
||||
fi
|
||||
fi
|
||||
if [ "$VALIDATION" = "dns" ] && [ "$DNSPLUGIN" = "duckdns" ]; then
|
||||
if [ "$SUBDOMAINS" = "wildcard" ]; then
|
||||
echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
|
||||
export ONLY_SUBDOMAINS=true
|
||||
else
|
||||
echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
|
||||
export SUBDOMAINS=""
|
||||
fi
|
||||
export EXTRA_DOMAINS=""
|
||||
fi
|
||||
|
||||
# if zerossl is selected or staging is set to true, use the relevant server
|
||||
if [ "$CERTPROVIDER" = "zerossl" ] && [ "$STAGING" = "true" ]; then
|
||||
echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
|
||||
@ -142,7 +161,7 @@ if [ "$VALIDATION" = "dns" ]; then
|
||||
elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
|
||||
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
|
||||
elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
|
||||
elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|duckdns|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
|
||||
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
|
||||
elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then
|
||||
@ -159,17 +178,6 @@ if [ "$VALIDATION" = "dns" ]; then
|
||||
elif [ "$VALIDATION" = "tls-sni" ]; then
|
||||
PREFCHAL="--standalone --preferred-challenges http"
|
||||
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
|
||||
elif [ "$VALIDATION" = "duckdns" ]; then
|
||||
PREFCHAL="--manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt"
|
||||
chmod +x /app/duckdns-txt
|
||||
echo "duckdns validation is selected"
|
||||
if [ "$SUBDOMAINS" = "wildcard" ]; then
|
||||
echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
|
||||
export URL_REAL="-d *.${URL}"
|
||||
else
|
||||
echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
|
||||
export URL_REAL="-d ${URL}"
|
||||
fi
|
||||
else
|
||||
PREFCHAL="--standalone --preferred-challenges http"
|
||||
echo "http validation is selected"
|
||||
@ -189,7 +197,7 @@ rm -rf /config/keys/cert.key
|
||||
ln -s ./letsencrypt/privkey.pem /config/keys/cert.key
|
||||
|
||||
# checking for changes in cert variables, revoking certs if necessary
|
||||
if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$DUCKDNSTOKEN" = "$ORIGDUCKDNSTOKEN" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then
|
||||
if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then
|
||||
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
|
||||
if [ "$ORIGONLY_SUBDOMAINS" = "true" ] && [ ! "$ORIGSUBDOMAINS" = "wildcard" ]; then
|
||||
ORIGDOMAIN="$(echo "$ORIGSUBDOMAINS" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
|
||||
@ -217,7 +225,7 @@ if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "
|
||||
fi
|
||||
|
||||
# saving new variables
|
||||
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGDUCKDNSTOKEN=\"$DUCKDNSTOKEN\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
|
||||
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
|
||||
|
||||
# alter extension for error message
|
||||
if [ "$DNSPLUGIN" = "google" ]; then
|
||||
@ -255,8 +263,6 @@ if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
|
||||
if [ ! -d /config/keys/letsencrypt ]; then
|
||||
if [ "$VALIDATION" = "dns" ]; then
|
||||
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
|
||||
elif [ "$VALIDATION" = "duckdns" ]; then
|
||||
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure your DUCKDNSTOKEN is correct."
|
||||
else
|
||||
echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user