Compare commits

..

1 Commits

Author SHA1 Message Date
fauno 8ccc3289c6 feat: anubis log levels
continuous-integration/drone/pr Build is failing
2026-06-12 17:10:18 -03:00
9 changed files with 39 additions and 48 deletions
+14 -16
View File
@@ -38,7 +38,7 @@ COMPOSE_FILE="compose.yml"
## Enable dns challenge (for wildcard domains)
## https://go-acme.github.io/lego/dns/#dns-providers
#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun, and cloudflare.
## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun.
## Uncomment the corresponding provider below to insert your secret token/key.
#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
@@ -47,25 +47,25 @@ COMPOSE_FILE="compose.yml"
#OVH_ENABLED=1
#OVH_APPLICATION_KEY=
#OVH_ENDPOINT=
#SECRET_OVH_APP_SECRET_VERSION=v1 # generate=false
#SECRET_OVH_CONSUMER_KEY=v1 # generate=false
#SECRET_OVH_APP_SECRET_VERSION=v1
#SECRET_OVH_CONSUMER_KEY=v1
## Gandi, https://gandi.net
## note(3wc): only "V5" (new) API is supported, so far
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"
#GANDI_API_KEY_ENABLED=1
#SECRET_GANDIV5_API_KEY_VERSION=v1 # generate=false
#SECRET_GANDIV5_API_KEY_VERSION=v1
## Gandi, https://gandi.net
## note: uses GandiV5 Personal Access Token
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"
#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1
#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1 # generate=false
#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1
## DigitalOcean, https://digitalocean.com
#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
#DIGITALOCEAN_ENABLED=1
#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1 # generate=false
#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
## Azure, https://azure.com
## To insert your Azure client secret:
@@ -76,26 +76,24 @@ COMPOSE_FILE="compose.yml"
#AZURE_CLIENT_ID=
#AZURE_SUBSCRIPTION_ID=
#AZURE_RESOURCE_GROUP=
#SECRET_AZURE_SECRET_VERSION=v1 # generate=false
#SECRET_AZURE_SECRET_VERSION=v1
## Porkbun, https://porkbun.com
## To insert your secrets:
## abra app secret insert 1312.net pb_api_key v1 pk1_413
## abra app secret insert 1312.net pb_s_api_key v1 sk1_612
#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
#SECRET_PORKBUN_API_KEY_VERSION=v1 # generate=false
#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1 # generate=false
#SECRET_PORKBUN_API_KEY_VERSION=v1
#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1
## Cloudflare, htps://cloudflare.com
## To insert your secrets:
## abra app secret insert {myapp.example.coop} cf_dns_token v1 "<CLOUDFLARE_DNS_API_TOKEN>"
## abra app secret insert {myapp.example.coop} cf_zone_token v1 "<CLOUDFLARE_ZONE_API_TOKEN>"
## These can be the same token or different tokens
## cf_dns_token needs DNS edit access, cf_zone_token needs zone edit access
## See LEGO docs for more info: https://go-acme.github.io/lego/dns/cloudflare/index.html
## abra app secret insert {myapp.example.coop} cf_email v1 "<CLOUDFLARE_EMAIL>"
## abra app secret insert {myapp.example.coop} cf_api_key v1 "<CLOUDFLARE_API_KEY>"
## cf_api_key is an account API key from Cloudflare that has DNS read + edit permission
#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
#SECRET_CLOUDFLARE_DNS_API_TOKEN_VERSION=v1 # generate=false
#SECRET_CLOUDFLARE_ZONE_API_TOKEN_VERSION=v1 # generate=false
#SECRET_CLOUDFLARE_EMAIL_VERSION=v1 # generate=false
#SECRET_CLOUDFLARE_API_KEY_VERSION=v1 # generate=false
#####################################################################
# Manual wildcard certificate insertion #
+4 -3
View File
@@ -7,9 +7,10 @@ certain quality and consistency, that others can rely on.
A recipe maintainer has the following responsibilities:
- Respond to pull requests / issues within two weeks
- Make image security updates within a week
- Make image major updates every three months
- Respond to pull requests / issues within a week
- Make image security updates within a day
- Make image patch / minor updates within a week
- Make image major updates within a month
In order to fullfill these responsibilities a recipe maintainer:
+9 -10
View File
@@ -5,7 +5,7 @@
> https://docs.traefik.io
<!-- metadata -->
* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se), [@javielico](https://git.coopcloud.tech/javielico), Local-IT: [@moritz](https://git.coopcloud.tech/moritz), [@msimon](https://git.coopcloud.tech/simon), [@carla](https://git.coopcloud.tech/carla)
* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se), [@javielico](https://git.coopcloud.tech/javielico), [@moritz](https://git.coopcloud.tech/moritz)
* **Status**: `stable`
* **Category**: Utilities
* **Features**: ?
@@ -32,19 +32,18 @@
3. Insert the secret: `abra app secret insert <domain> usersfile v1 -f usersfile
4. Redploy your app: `abra app deploy -f <domain>`
## Configuring SSL using DNS
## Configuring wildcard SSL using DNS
Automatic certificate generation will Just Work™ for most recipes which use a
fixed number of subdomains. If your server can't be reached from the Internet,
or if you're deploying a recipe that needs to work across arbitrary
Automatic certificate generation will Just Work™ for most recipes which use a fixed
number of subdomains. For some recipes which need to work across arbitrary
subdomains, like
[`federatedwiki`](https://git.coopcloud.tech/coop-cloud/federatedwiki/) and
[`go-ssb-room`](https://git.coopcloud.tech/coop-cloud/federatedwiki/) (requiring
the use of wildcard certificates,) you can give Traefik access to your DNS provider
so that it can carry out Letsencrypt DNS challenges.
[`go-ssb-room`](https://git.coopcloud.tech/coop-cloud/federatedwiki/), you'll
need to give Traefik access to your DNS provider so that it can carry out
Letsencrypt DNS challenges.
1. Use Gandi, OVH, DO, Azure, or PorkBun for DNS 🤡 (support for other providers
can be easily added, see
1. Use Gandi, OVH, DO, Azure, PorkBun, or Cloudflare for DNS 🤡 (support for
other providers can be easily added, see
[the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
2. Run `abra app config YOURAPPDOMAIN`
3. Uncomment e.g. `ENABLE_GANDI` and the related `SECRET_.._VERSION` line, e.g.
+1 -1
View File
@@ -1,3 +1,3 @@
export TRAEFIK_YML_VERSION=v31
export TRAEFIK_YML_VERSION=v30
export FILE_PROVIDER_YML_VERSION=v12
export ENTRYPOINT_VERSION=v5
-1
View File
@@ -5,7 +5,6 @@ services:
deploy:
labels:
- "traefik.http.middlewares.anubis.forwardauth.address=http://anubis:8080/.within.website/x/cmd/anubis/api/check"
- "traefik.http.middlewares.anubis.forwardauth.trustForwardHeader=true"
anubis:
image: "ghcr.io/techarohq/anubis:v1.25.0"
environment:
+9 -9
View File
@@ -3,16 +3,16 @@ version: "3.8"
services:
app:
environment:
- CLOUDFLARE_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_token
- CLOUDFLARE_ZONE_API_TOKEN_FILE=/run/secrets/cf_zone_token
- CLOUDFLARE_EMAIL_FILE=/run/secrets/cf_email
- CLOUDFLARE_API_KEY_FILE=/run/secrets/cf_api_key
secrets:
- cf_dns_token
- cf_zone_token
- cf_email
- cf_api_key
secrets:
cf_dns_token:
name: ${STACK_NAME}_cf_dns_token_${SECRET_CLOUDFLARE_DNS_API_TOKEN_VERSION}
cf_email:
name: ${STACK_NAME}_cf_email_${SECRET_CLOUDFLARE_EMAIL_VERSION}
external: true
cf_zone_token:
name: ${STACK_NAME}_cf_zone_token_${SECRET_CLOUDFLARE_ZONE_API_TOKEN_VERSION}
cf_api_key:
name: ${STACK_NAME}_cf_api_key_${SECRET_CLOUDFLARE_API_KEY_VERSION}
external: true
+2 -3
View File
@@ -3,7 +3,7 @@ version: "3.8"
services:
app:
image: "traefik:v3.7.5"
image: "traefik:v3.6.15"
# Note(decentral1se): *please do not* add any additional ports here.
# Doing so could break new installs with port conflicts. Please use
# the usual `compose.$app.yml` approach for any additional ports
@@ -60,7 +60,7 @@ services:
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
socket-proxy:
image: lscr.io/linuxserver/socket-proxy:3.4.0
image: lscr.io/linuxserver/socket-proxy:3.2.19
deploy:
endpoint_mode: dnsrr
environment:
@@ -91,7 +91,6 @@ services:
- TASKS=1 # Needs access
- VERSION=1 # Needs access
- VOLUMES=0
- LOG_LEVEL=warning
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
-1
View File
@@ -1 +0,0 @@
letsencrypt: Avoid HTTP-01 challenge if `LETS_ENCRYPT_DNS_CHALLENGE_ENABLED` is set, in order to rely on DNS-01 challenges for servers not exposed to the internet.
-4
View File
@@ -127,10 +127,8 @@ certificatesResolvers:
email: {{ env "LETS_ENCRYPT_EMAIL" }}
storage: /etc/letsencrypt/staging-acme.json
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
{{- if ne (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
httpChallenge:
entryPoint: web
{{- end }}
{{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
dnsChallenge:
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
@@ -142,10 +140,8 @@ certificatesResolvers:
acme:
email: {{ env "LETS_ENCRYPT_EMAIL" }}
storage: /etc/letsencrypt/production-acme.json
{{- if ne (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
httpChallenge:
entryPoint: web
{{- end }}
{{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
dnsChallenge:
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}