Czechman
/
traefik_v2x
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ipv64 dns eingeführt und nur für wai aktiviert.

This commit is contained in:
Czechman 2023-01-10 02:29:09 +01:00
parent 81cf632a7e
commit ab5ac24000
3 changed files with 82 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
config/ipv64-dns-challenge.sh Normal file
View File

@ -0,0 +1,67 @@
#! /bin/sh
#################################################################################################################
# DNS challenge Script für ipv64.net
# Das Script soll genutzt werden um die DNS-01 Challenge per EXEC Methode über
# den "Lets Encrypt client and ACME library written in Go" (LEGO) und die API von ipv64.net
# LEGO Dokumentation: https://go-acme.github.io/lego/dns/exec/
# API Dokumentation: https://ipv64.net/dyndns_updater_api.php
# Mit dem Nginx Proxy Manager ist das Skript nicht kompatibel, da der NPM die EXEC Methode nicht unterstützt.
# Daher wurde das Skript für die Nutzung mit Traefik umgesetzt.
# Traefik Dokumentation: https://doc.traefik.io/traefik/https/acme/#providers
# Getestet wurde es mit Traefik 2.9 aber auch 1.7 sollte es laut Dokumentation unterstützen:
# https://doc.traefik.io/traefik/v1.7/configuration/acme/#provider
#################################################################################################################
# Alle Konfigurationsparameter werden aus der config.env Datei gelesen
#############################################
configfile="config.env"
if [ ! -r "$configfile" ]; then
echo "$configfile does not exist or isn't readable"
exit 1
fi
apitoken=$(grep ^"apitoken=" "$configfile" | sed -e "s/apitoken=//")
if [ -z "$apitoken" ]; then
echo "apitoken is not defined in $configfile"
exit 1
fi
set -e
case "$1" in
"present")
echo "Present"
full_domain=$2
domain=$(echo $full_domain | rev | cut -d . -f -3 | rev)
praefix=${full_domain%"$domain"}
praefix=${praefix%"."}
auth_h="Authorization: Bearer $apitoken"
domain_pl="add_record=$domain"
praefix_pl="praefix=$praefix"
type_pl="type=TXT"
content_pl="content=$3"
echo "fd= $full_domain, domain= $domain, praefix=$praefix"
curl -s -X POST -d "$domain_pl" -d "$praefix_pl" -d "$type_pl" -d "$content_pl" -H "$auth_h" https://ipv64.net/api
;;
"cleanup")
full_domain=$2
domain=$(echo $full_domain | rev | cut -d . -f -3 | rev)
praefix=${full_domain%"$domain"}
praefix=${praefix%"."}
auth_h="Authorization: Bearer $apitoken"
domain_pl="del_record=$domain"
praefix_pl="praefix=$praefix"
type_pl="type=TXT"
content_pl="content=$3"
echo "fd= $full_domain, domain= $domain, praefix=$praefix"
curl -s -X DELETE -d "$domain_pl" -d "$praefix_pl" -d "$type_pl" -d "$content_pl" -H "$auth_h" https://ipv64.net/api
;;
*)
echo "OOPS"
;;
esac

10
config/traefik.toml
View File

@ -46,3 +46,13 @@
[certificatesResolvers.myresolver.acme.tlsChallenge] [certificatesResolvers.myresolver.acme.tlsChallenge]
[certificatesResolvers.myresolver.acme.httpChallenge] [certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web" entryPoint = "web"
[certificatesResolvers.ipv64.acme]
email = "ddns@mcseeno.de" #Email Adresse hier anpassen
storage = "/etc/traefik/ACME/acme.json"
# caServer = "https://acme-v02.api.letsencrypt.org/directory"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
[certificatesResolvers.ipv64.acme.dnsChallenge]
provider = "exec"
delayBeforeCheck = 1
resolvers = ["159.69.110.93:53", "167.235.231.182:53"]

6
docker-compose.yaml
View File

@ -25,6 +25,8 @@ services:
- "/etc/timezone:/etc/timezone:ro" - "/etc/timezone:/etc/timezone:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro" - "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/docker/traefik_v2x/config:/etc/traefik" - "/docker/traefik_v2x/config:/etc/traefik"
environment:
- "EXEC_PATH_FILE=/etc/traefik/ipv64-dns-challenge.sh"
ports: ports:
- "8888:8080" - "8888:8080"
- "80:80" - "80:80"
@ -54,9 +56,9 @@ services:
container_name: "simple-service" container_name: "simple-service"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`wai.czechman.dynvpn.de`)" - "traefik.http.routers.whoami.rule=Host(`wai.czechman.ipv64.de`)"
- "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver" - "traefik.http.routers.whoami.tls.certresolver=ipv64"
- "traefik.http.routers.whoami.middlewares=api-auth" - "traefik.http.routers.whoami.middlewares=api-auth"
networks: networks:
- "traefik_proxy" - "traefik_proxy"