Enable Gandi DNS challenge for Letsencrypt

2021-06-19 02:47:25 +02:00 · 2021-06-19 02:47:25 +02:00 · 46010aeb95
parent 0421dd4747
commit 46010aeb95
5 changed files with 40 additions and 6 deletions
--- a/.env.sample
+++ b/.env.sample
@ -21,6 +21,11 @@ LOG_LEVEL=WARN
 # SECRET_OVH_APP_SECRET_VERSION=v1
 # SECRET_OVH_CONSUMER_KEY=v1

+## Gandi configuration
+# COMPOSE_FILE="compose.yml:compose.gandi.yml"
+# GANDI_ENABLED=1
+# SECRET_GANDIV5_API_KEY_VERSION=v1
+
 ## Enable Keycloak
 #COMPOSE_FILE="compose.yml:compose.keycloak.yml"
 #KEYCLOAK_MIDDLEWARE_ENABLED=1
--- a/abra.sh
+++ b/abra.sh
@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v9
+export TRAEFIK_YML_VERSION=v10
 export FILE_PROVIDER_YML_VERSION=v2
-export ENTRYPOINT_VERSION=v1
+export ENTRYPOINT_VERSION=v2
--- a/compose.gandi.yml
+++ b/compose.gandi.yml
@ -0,0 +1,15 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - GANDIV5_API_KEY_FILE=/run/secrets/gandiv5_api_key
+      - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
+      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
+    secrets:
+      - gandiv5_api_key
+
+secrets:
+  gandiv5_api_key:
+    name: ${STACK_NAME}_gandiv5_api_key_${SECRET_GANDIV5_API_KEY_VERSION}
+    external: true
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -7,4 +7,8 @@ export OVH_CONSUMER_KEY=$(cat "$OVH_CONSUMER_KEY_FILE")
 export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
 {{ end }}

+{{ if eq (env "GANDI_ENABLED") "1" }}
+export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
+{{ end }}
+
 /entrypoint.sh "$@"
--- a/traefik.yml.tmpl
+++ b/traefik.yml.tmpl
@ -60,13 +60,23 @@ certificatesResolvers:
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web
+      {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
+      dnsChallenge:
+        provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
+        resolvers:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"
+      {{ end }}
  production:
    acme:
      email: {{ env "LETS_ENCRYPT_EMAIL" }}
      storage: /etc/letsencrypt/production-acme.json
      httpChallenge:
        entryPoint: web
-        {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
-        dnsChallenge:
-          provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
-        {{ end }}
+      {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
+      dnsChallenge:
+        provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
+        resolvers:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"
+      {{ end }}