Fix Cloudlfare DNS #104
30
.env.sample
30
.env.sample
@ -38,7 +38,7 @@ COMPOSE_FILE="compose.yml"
|
||||
## Enable dns challenge (for wildcard domains)
|
||||
## https://go-acme.github.io/lego/dns/#dns-providers
|
||||
#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
|
||||
## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun.
|
||||
## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun, and cloudflare.
|
||||
## Uncomment the corresponding provider below to insert your secret token/key.
|
||||
#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
|
||||
|
||||
@ -47,25 +47,25 @@ COMPOSE_FILE="compose.yml"
|
||||
#OVH_ENABLED=1
|
||||
#OVH_APPLICATION_KEY=
|
||||
#OVH_ENDPOINT=
|
||||
#SECRET_OVH_APP_SECRET_VERSION=v1
|
||||
#SECRET_OVH_CONSUMER_KEY=v1
|
||||
#SECRET_OVH_APP_SECRET_VERSION=v1 # generate=false
|
||||
#SECRET_OVH_CONSUMER_KEY=v1 # generate=false
|
||||
|
||||
## Gandi, https://gandi.net
|
||||
## note(3wc): only "V5" (new) API is supported, so far
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"
|
||||
#GANDI_API_KEY_ENABLED=1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1 # generate=false
|
||||
|
||||
## Gandi, https://gandi.net
|
||||
## note: uses GandiV5 Personal Access Token
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"
|
||||
#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1
|
||||
#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1
|
||||
#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1 # generate=false
|
||||
|
||||
## DigitalOcean, https://digitalocean.com
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
|
||||
#DIGITALOCEAN_ENABLED=1
|
||||
#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
|
||||
#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1 # generate=false
|
||||
|
||||
## Azure, https://azure.com
|
||||
## To insert your Azure client secret:
|
||||
@ -76,24 +76,26 @@ COMPOSE_FILE="compose.yml"
|
||||
#AZURE_CLIENT_ID=
|
||||
#AZURE_SUBSCRIPTION_ID=
|
||||
#AZURE_RESOURCE_GROUP=
|
||||
#SECRET_AZURE_SECRET_VERSION=v1
|
||||
#SECRET_AZURE_SECRET_VERSION=v1 # generate=false
|
||||
|
||||
## Porkbun, https://porkbun.com
|
||||
## To insert your secrets:
|
||||
## abra app secret insert 1312.net pb_api_key v1 pk1_413
|
||||
## abra app secret insert 1312.net pb_s_api_key v1 sk1_612
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
|
||||
#SECRET_PORKBUN_API_KEY_VERSION=v1
|
||||
#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1
|
||||
#SECRET_PORKBUN_API_KEY_VERSION=v1 # generate=false
|
||||
#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1 # generate=false
|
||||
|
||||
## Cloudflare, htps://cloudflare.com
|
||||
## To insert your secrets:
|
||||
## abra app secret insert {myapp.example.coop} cf_email v1 "<CLOUDFLARE_EMAIL>"
|
||||
## abra app secret insert {myapp.example.coop} cf_api_key v1 "<CLOUDFLARE_API_KEY>"
|
||||
## cf_api_key is an account API key from Cloudflare that has DNS read + edit permission
|
||||
## abra app secret insert {myapp.example.coop} cf_dns_token v1 "<CLOUDFLARE_DNS_API_TOKEN>"
|
||||
## abra app secret insert {myapp.example.coop} cf_zone_token v1 "<CLOUDFLARE_ZONE_API_TOKEN>"
|
||||
## These can be the same token or different tokens
|
||||
## cf_dns_token needs DNS edit access, cf_zone_token needs zone edit access
|
||||
## See LEGO docs for more info: https://go-acme.github.io/lego/dns/cloudflare/index.html
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
|
||||
#SECRET_CLOUDFLARE_EMAIL_VERSION=v1 # generate=false
|
||||
#SECRET_CLOUDFLARE_API_KEY_VERSION=v1 # generate=false
|
||||
#SECRET_CLOUDFLARE_DNS_API_TOKEN_VERSION=v1 # generate=false
|
||||
#SECRET_CLOUDFLARE_ZONE_API_TOKEN_VERSION=v1 # generate=false
|
||||
|
||||
#####################################################################
|
||||
# Manual wildcard certificate insertion #
|
||||
|
||||
@ -3,16 +3,16 @@ version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- CLOUDFLARE_EMAIL_FILE=/run/secrets/cf_email
|
||||
- CLOUDFLARE_API_KEY_FILE=/run/secrets/cf_api_key
|
||||
- CLOUDFLARE_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_token
|
||||
- CLOUDFLARE_ZONE_API_TOKEN_FILE=/run/secrets/cf_zone_token
|
||||
secrets:
|
||||
- cf_email
|
||||
- cf_api_key
|
||||
|
||||
- cf_dns_token
|
||||
|
|
||||
- cf_zone_token
|
||||
|
||||
secrets:
|
||||
cf_email:
|
||||
name: ${STACK_NAME}_cf_email_${SECRET_CLOUDFLARE_EMAIL_VERSION}
|
||||
cf_dns_token:
|
||||
name: ${STACK_NAME}_cf_dns_token_${SECRET_CLOUDFLARE_DNS_API_TOKEN_VERSION}
|
||||
external: true
|
||||
cf_api_key:
|
||||
name: ${STACK_NAME}_cf_api_key_${SECRET_CLOUDFLARE_API_KEY_VERSION}
|
||||
cf_zone_token:
|
||||
name: ${STACK_NAME}_cf_zone_token_${SECRET_CLOUDFLARE_ZONE_API_TOKEN_VERSION}
|
||||
external: true
|
||||
|
||||
Reference in New Issue
Block a user
I would go for something shorter in the naming, e.g.
cf_dns_token/cf_zone_token, because of this really annoying limitation.Fixed! Maybe someday we'll have computers that can handle strings with more than 64 characters /s