Add support for porkbun #91
12
.env.sample
12
.env.sample
@ -36,8 +36,10 @@ COMPOSE_FILE="compose.yml"
|
||||
#####################################################################
|
||||
|
||||
## Enable dns challenge (for wildcard domains)
|
||||
## https://doc.traefik.io/traefik/https/acme/#dnschallenge
|
||||
## https://go-acme.github.io/lego/dns/#dns-providers
|
||||
#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
|
||||
## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun.
|
||||
## Uncomment the corresponding provider below to insert your secret token/key.
|
||||
#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
|
||||
|
||||
## OVH, https://ovh.com
|
||||
@ -76,6 +78,14 @@ COMPOSE_FILE="compose.yml"
|
||||
#AZURE_RESOURCE_GROUP=
|
||||
#SECRET_AZURE_SECRET_VERSION=v1
|
||||
|
||||
|
decentral1se marked this conversation as resolved
Outdated
|
||||
## Porkbun, https://porkbun.com
|
||||
## To insert your secrets:
|
||||
## abra app secret insert 1312.net pb_api_key v1 pk1_413
|
||||
## abra app secret insert 1312.net pb_s_api_key v1 sk1_612
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
|
||||
#SECRET_PORKBUN_API_KEY_VERSION=v1
|
||||
#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1
|
||||
|
||||
#####################################################################
|
||||
# Manual wildcard certificate insertion #
|
||||
#####################################################################
|
||||
|
||||
@ -42,17 +42,20 @@ subdomains, like
|
||||
need to give Traefik access to your DNS provider so that it can carry out
|
||||
Letsencrypt DNS challenges.
|
||||
|
||||
1. Use Gandi or OVH for DNS 🤡 (support for other providers can be easily added,
|
||||
see [the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
|
||||
1. Use Gandi, OVH, DO, Azure, or PorkBun for DNS 🤡 (support for other providers
|
||||
can be easily added, see
|
||||
[the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
|
||||
2. Run `abra app config YOURAPPDOMAIN`
|
||||
3. Uncomment e.g. `ENABLE_GANDI` and the related `SECRET_.._VERSION` line, e.g.
|
||||
`SECRET_GANDIV5_API_KEY_VERSION`
|
||||
4. Generate an API key for your provider
|
||||
4. Set `LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER` to your provider, e.g. `gandi`
|
||||
4. Generate an API key for your provider, probably using their web interface.
|
||||
5. Run `abra app secret insert YOURAPPDOMAIN SECRETNAME v1 SECRETVALUE`, where
|
||||
`SECRETNAME` is from the compose file (e.g. `compose.gandi-api-key.yml`) e.g.
|
||||
`gandiv5_api_key` and `SECRETVALUE` is the API key.
|
||||
- For Gandi, you can use either the deprecated API Key or a GandiV5 Personal
|
||||
Access Token, in which case use compose.gandi-personal-access-token.yml.
|
||||
- See comments for each provider in your env file for specific instructions
|
||||
6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
|
||||
|
||||
## Blocking scrapers with [Anubis](https://anubis.techaro.lol/)
|
||||
|
||||
18
compose.porkbun.yml
Normal file
18
compose.porkbun.yml
Normal file
@ -0,0 +1,18 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- PORKBUN_API_KEY_FILE=/run/secrets/pb_api_key
|
||||
- PORKBUN_SECRET_API_KEY_FILE=/run/secrets/pb_s_api_key
|
||||
secrets:
|
||||
- pb_api_key
|
||||
|
decentral1se marked this conversation as resolved
Outdated
ammaratef45
commented
is this supposed to be ovh or something else? (when uncommented from the env file) is this supposed to be ovh or something else? (when uncommented from the env file)
moosemower
commented
Ah, I think the LETS_ENCRYPT_DNS_CHALLENGE_* env vars are not needed here actually. , yes, when using the .env.sample, the way to use porkbun is to
similar to ovh, azure, digitalocean etc. I copied Ah, I think the LETS_ENCRYPT_DNS_CHALLENGE_* env vars are not needed here actually.
, yes, when using the .env.sample, the way to use porkbun is to
1. uncomment these two env vars, and put in `porkbun` in the _PROVIDER var
2. fill in the porkbun api key, and include the compose.porkbun.yml file
similar to ovh, azure, digitalocean etc.
I copied `compose.porkbun.yml` from `compose.digitalocean.yml` which _does_ provide these env vars in the services.app.environment section, but I'm not sure what effect that has. So I'll remove them, to be consistent at least with the ovh compose file.
|
||||
- pb_s_api_key
|
||||
|
||||
secrets:
|
||||
pb_api_key:
|
||||
name: ${STACK_NAME}_pb_api_key_${SECRET_PORKBUN_API_KEY_VERSION}
|
||||
external: true
|
||||
pb_s_api_key:
|
||||
|
decentral1se marked this conversation as resolved
Outdated
decentral1se
commented
The only thing I'd worry about here is 👇
The only thing I'd worry about here is 👇
> https://docs.coopcloud.tech/maintainers/handbook/#r015-long-secret-names
moosemower
commented
ah, noted. Renamed secrets to be `pb_(s_)?_api tested, redeployed with the new secret names and letdebug.net shows green ah, noted. Renamed secrets to be `pb_(s_)?_api
tested, redeployed with the new secret names and letdebug.net shows green
|
||||
name: ${STACK_NAME}_pb_s_api_key_${SECRET_PORKBUN_SECRET_API_KEY_VERSION}
|
||||
external: true
|
||||
Reference in New Issue
Block a user
Can you add a section to the README.md about how to integrate porkbun.com? You could then document there how go insert the secrets
i opted to re-use the existing instructions for how to integrate with providers, and made it a bit clearer how setting LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER works, Hope that addresses the concern :)