ipv64 dns eingeführt und nur für wai aktiviert.
This commit is contained in:
parent
81cf632a7e
commit
ab5ac24000
|
|
@ -0,0 +1,67 @@
|
||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
#################################################################################################################
|
||||||
|
# DNS challenge Script für ipv64.net
|
||||||
|
# Das Script soll genutzt werden um die DNS-01 Challenge per EXEC Methode über
|
||||||
|
# den "Let’s Encrypt client and ACME library written in Go" (LEGO) und die API von ipv64.net
|
||||||
|
# LEGO Dokumentation: https://go-acme.github.io/lego/dns/exec/
|
||||||
|
# API Dokumentation: https://ipv64.net/dyndns_updater_api.php
|
||||||
|
# Mit dem Nginx Proxy Manager ist das Skript nicht kompatibel, da der NPM die EXEC Methode nicht unterstützt.
|
||||||
|
# Daher wurde das Skript für die Nutzung mit Traefik umgesetzt.
|
||||||
|
# Traefik Dokumentation: https://doc.traefik.io/traefik/https/acme/#providers
|
||||||
|
# Getestet wurde es mit Traefik 2.9 aber auch 1.7 sollte es laut Dokumentation unterstützen:
|
||||||
|
# https://doc.traefik.io/traefik/v1.7/configuration/acme/#provider
|
||||||
|
#################################################################################################################
|
||||||
|
# Alle Konfigurationsparameter werden aus der config.env Datei gelesen
|
||||||
|
#############################################
|
||||||
|
configfile="config.env"
|
||||||
|
|
||||||
|
if [ ! -r "$configfile" ]; then
|
||||||
|
echo "$configfile does not exist or isn't readable"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
apitoken=$(grep ^"apitoken=" "$configfile" | sed -e "s/apitoken=//")
|
||||||
|
|
||||||
|
if [ -z "$apitoken" ]; then
|
||||||
|
echo "apitoken is not defined in $configfile"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
"present")
|
||||||
|
echo "Present"
|
||||||
|
full_domain=$2
|
||||||
|
domain=$(echo $full_domain | rev | cut -d . -f -3 | rev)
|
||||||
|
praefix=${full_domain%"$domain"}
|
||||||
|
praefix=${praefix%"."}
|
||||||
|
auth_h="Authorization: Bearer $apitoken"
|
||||||
|
domain_pl="add_record=$domain"
|
||||||
|
praefix_pl="praefix=$praefix"
|
||||||
|
type_pl="type=TXT"
|
||||||
|
content_pl="content=$3"
|
||||||
|
echo "fd= $full_domain, domain= $domain, praefix=$praefix"
|
||||||
|
curl -s -X POST -d "$domain_pl" -d "$praefix_pl" -d "$type_pl" -d "$content_pl" -H "$auth_h" https://ipv64.net/api
|
||||||
|
;;
|
||||||
|
"cleanup")
|
||||||
|
full_domain=$2
|
||||||
|
domain=$(echo $full_domain | rev | cut -d . -f -3 | rev)
|
||||||
|
praefix=${full_domain%"$domain"}
|
||||||
|
praefix=${praefix%"."}
|
||||||
|
auth_h="Authorization: Bearer $apitoken"
|
||||||
|
domain_pl="del_record=$domain"
|
||||||
|
praefix_pl="praefix=$praefix"
|
||||||
|
type_pl="type=TXT"
|
||||||
|
content_pl="content=$3"
|
||||||
|
echo "fd= $full_domain, domain= $domain, praefix=$praefix"
|
||||||
|
curl -s -X DELETE -d "$domain_pl" -d "$praefix_pl" -d "$type_pl" -d "$content_pl" -H "$auth_h" https://ipv64.net/api
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "OOPS"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -45,4 +45,14 @@
|
||||||
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
|
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
[certificatesResolvers.myresolver.acme.tlsChallenge]
|
[certificatesResolvers.myresolver.acme.tlsChallenge]
|
||||||
[certificatesResolvers.myresolver.acme.httpChallenge]
|
[certificatesResolvers.myresolver.acme.httpChallenge]
|
||||||
entryPoint = "web"
|
entryPoint = "web"
|
||||||
|
[certificatesResolvers.ipv64.acme]
|
||||||
|
email = "ddns@mcseeno.de" #Email Adresse hier anpassen
|
||||||
|
storage = "/etc/traefik/ACME/acme.json"
|
||||||
|
# caServer = "https://acme-v02.api.letsencrypt.org/directory"
|
||||||
|
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
|
[certificatesResolvers.ipv64.acme.dnsChallenge]
|
||||||
|
provider = "exec"
|
||||||
|
delayBeforeCheck = 1
|
||||||
|
resolvers = ["159.69.110.93:53", "167.235.231.182:53"]
|
||||||
|
|
||||||
|
|
@ -25,6 +25,8 @@ services:
|
||||||
- "/etc/timezone:/etc/timezone:ro"
|
- "/etc/timezone:/etc/timezone:ro"
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||||
- "/docker/traefik_v2x/config:/etc/traefik"
|
- "/docker/traefik_v2x/config:/etc/traefik"
|
||||||
|
environment:
|
||||||
|
- "EXEC_PATH_FILE=/etc/traefik/ipv64-dns-challenge.sh"
|
||||||
ports:
|
ports:
|
||||||
- "8888:8080"
|
- "8888:8080"
|
||||||
- "80:80"
|
- "80:80"
|
||||||
|
|
@ -54,9 +56,9 @@ services:
|
||||||
container_name: "simple-service"
|
container_name: "simple-service"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.whoami.rule=Host(`wai.czechman.dynvpn.de`)"
|
- "traefik.http.routers.whoami.rule=Host(`wai.czechman.ipv64.de`)"
|
||||||
- "traefik.http.routers.whoami.entrypoints=websecure"
|
- "traefik.http.routers.whoami.entrypoints=websecure"
|
||||||
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
- "traefik.http.routers.whoami.tls.certresolver=ipv64"
|
||||||
- "traefik.http.routers.whoami.middlewares=api-auth"
|
- "traefik.http.routers.whoami.middlewares=api-auth"
|
||||||
networks:
|
networks:
|
||||||
- "traefik_proxy"
|
- "traefik_proxy"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue