From c6bfe41c943caf02d17cb33b761aa45617381729 Mon Sep 17 00:00:00 2001
From: Patrick Melanson <patrick.j.melanson@gmail.com>
Date: Tue, 10 Feb 2026 22:35:00 -0800
Subject: [PATCH 1/2] Add support for porkbun

---
 .env.sample         |  8 ++++++++
 compose.porkbun.yml | 18 ++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 compose.porkbun.yml

diff --git a/.env.sample b/.env.sample
index af8e523..65bd3cf 100644
--- a/.env.sample
+++ b/.env.sample
@@ -76,6 +76,14 @@ COMPOSE_FILE="compose.yml"
 #AZURE_RESOURCE_GROUP=
 #SECRET_AZURE_SECRET_VERSION=v1
 
+## Porkbun, https://porkbun.com
+## To insert your secrets:
+## abra app secret insert 1312.net pb_api_key v1 pk1_413
+## abra app secret insert 1312.net pb_s_api_key v1 sk1_612
+#SECRET_PORKBUN_API_KEY_VERSION=v1
+#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1
+#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
+
 #####################################################################
 # Manual wildcard certificate insertion                             #
 #####################################################################
diff --git a/compose.porkbun.yml b/compose.porkbun.yml
new file mode 100644
index 0000000..aef41fa
--- /dev/null
+++ b/compose.porkbun.yml
@@ -0,0 +1,18 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - PORKBUN_API_KEY_FILE=/run/secrets/pb_api_key
+      - PORKBUN_SECRET_API_KEY_FILE=/run/secrets/pb_s_api_key
+    secrets:
+      - pb_api_key
+      - pb_s_api_key
+
+secrets:
+  pb_api_key:
+    name: ${STACK_NAME}_pb_api_key_${SECRET_PORKBUN_API_KEY_VERSION}
+    external: true
+  pb_s_api_key:
+    name: ${STACK_NAME}_pb_s_api_key_${SECRET_PORKBUN_SECRET_API_KEY_VERSION}
+    external: true
-- 
2.49.0


From 4e7ed0fcee314439998b44bfa70a69f5edb2a966 Mon Sep 17 00:00:00 2001
From: Patrick Melanson <patrick.j.melanson@gmail.com>
Date: Mon, 16 Feb 2026 15:35:17 -0800
Subject: [PATCH 2/2] slightly improve DNS provider integration docs

---
 .env.sample | 6 ++++--
 README.md   | 9 ++++++---
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/.env.sample b/.env.sample
index 65bd3cf..e4398f3 100644
--- a/.env.sample
+++ b/.env.sample
@@ -36,8 +36,10 @@ COMPOSE_FILE="compose.yml"
 #####################################################################
 
 ## Enable dns challenge (for wildcard domains)
-##   https://doc.traefik.io/traefik/https/acme/#dnschallenge
+##   https://go-acme.github.io/lego/dns/#dns-providers
 #LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
+## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun.
+## Uncomment the corresponding provider below to insert your secret token/key.
 #LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
 
 ## OVH, https://ovh.com
@@ -80,9 +82,9 @@ COMPOSE_FILE="compose.yml"
 ## To insert your secrets:
 ## abra app secret insert 1312.net pb_api_key v1 pk1_413
 ## abra app secret insert 1312.net pb_s_api_key v1 sk1_612
+#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
 #SECRET_PORKBUN_API_KEY_VERSION=v1
 #SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1
-#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
 
 #####################################################################
 # Manual wildcard certificate insertion                             #
diff --git a/README.md b/README.md
index dd7cc0e..77b187b 100644
--- a/README.md
+++ b/README.md
@@ -42,17 +42,20 @@ subdomains, like
 need to give Traefik access to your DNS provider so that it can carry out
 Letsencrypt DNS challenges.
 
-1. Use Gandi or OVH for DNS 🤡 (support for other providers can be easily added,
-   see [the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
+1. Use Gandi, OVH, DO, Azure, or PorkBun for DNS 🤡 (support for other providers
+   can be easily added, see
+   [the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
 2. Run `abra app config YOURAPPDOMAIN`
 3. Uncomment e.g. `ENABLE_GANDI` and the related `SECRET_.._VERSION` line, e.g.
    `SECRET_GANDIV5_API_KEY_VERSION`
-4. Generate an API key for your provider
+4. Set `LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER` to your provider, e.g. `gandi`
+4. Generate an API key for your provider, probably using their web interface.
 5. Run `abra app secret insert YOURAPPDOMAIN SECRETNAME v1 SECRETVALUE`, where
    `SECRETNAME` is from the compose file (e.g. `compose.gandi-api-key.yml`) e.g.
    `gandiv5_api_key` and `SECRETVALUE` is the API key.
    - For Gandi, you can use either the deprecated API Key or a GandiV5 Personal
      Access Token, in which case use compose.gandi-personal-access-token.yml.
+   - See comments for each provider in your env file for specific instructions
 6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
 
 ## Blocking scrapers with [Anubis](https://anubis.techaro.lol/)
-- 
2.49.0