Change to dnschallenge certs
This commit is contained in:
parent
a6f91c53a6
commit
3db33a8111
@ -1,2 +1,5 @@
|
||||
# transfer.sh
|
||||
|
||||
This repository details the setup of a [transfer.sh](https://hub.docker.com/r/dutchcoders/transfer.sh) service, using docker with [traefik](https://hub.docker.com/_/traefik) to handle Let's Encrypt certificates, using a [DNS challenge](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge). In order for this setup to work, your DNS server must be configured with a TSIG key for dynamic updates. See our [bind9](https://gitea.moeny.ai/moeny/bind9) repo for more info.
|
||||
|
||||
Also, note that the [`docker-compose.yaml`](docker-compose.yaml) uses environment variables for information on your TSIG key and DNS server. Make sure to copy [`deploy.env`](deploy.env) to `.env` and fill it with your own information. You'll also want to set up a user and password in here to use with the transfer.sh service.
|
||||
@ -2,6 +2,8 @@ services:
|
||||
traefik:
|
||||
image: traefik:v2.10
|
||||
restart: always
|
||||
networks:
|
||||
- transfer_sh_default
|
||||
command:
|
||||
- --api.insecure=false
|
||||
- --providers.docker=true
|
||||
@ -10,11 +12,11 @@ services:
|
||||
- --entrypoints.web.http.redirections.entryPoint.to=https
|
||||
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
||||
- --entrypoints.https.address=:443
|
||||
- --certificatesresolvers.le.acme.dnschallenge=true
|
||||
- --certificatesresolvers.le.acme.dnschallenge.provider=rfc2136
|
||||
- --certificatesresolvers.le.acme.dnschallenge.resolvers=8.8.8.8,8.8.4.4
|
||||
- --certificatesresolvers.le.acme.email=transfer.sh@moeny.ai
|
||||
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
|
||||
- --certificatesresolvers.le_transfer_sh.acme.dnschallenge=true
|
||||
- --certificatesresolvers.le_transfer_sh.acme.dnschallenge.provider=rfc2136
|
||||
- --certificatesresolvers.le_transfer_sh.acme.dnschallenge.resolvers=8.8.8.8,8.8.4.4
|
||||
- --certificatesresolvers.le_transfer_sh.acme.email=transfer.sh@moeny.ai
|
||||
- --certificatesresolvers.le_transfer_sh.acme.storage=/letsencrypt/acme.json
|
||||
- --log.level=DEBUG
|
||||
environment:
|
||||
- RFC2136_TSIG_KEY=${TSIG_KEY}
|
||||
@ -28,28 +30,32 @@ services:
|
||||
- "8090:80"
|
||||
- "8490:443"
|
||||
volumes:
|
||||
- traefik:/letsencrypt:rw
|
||||
- traefik_moeny_transfer_sh:/letsencrypt:rw
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
|
||||
transfer:
|
||||
image: dutchcoders/transfer.sh:latest
|
||||
restart: always
|
||||
networks:
|
||||
- transfer_sh_default
|
||||
volumes:
|
||||
- /mnt/nfs/transfer-sh:/txdata
|
||||
- /mnt/nfs/moeny-transfer:/txdata
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.transfer.rule=Host(`tx.moeny.ai`)"
|
||||
- "traefik.http.routers.transfer.entrypoints=https"
|
||||
- "traefik.http.routers.transfer.tls.certresolver=le"
|
||||
- "traefik.http.routers.transfer.tls.domains[0].main=moeny.ai"
|
||||
- "traefik.http.routers.transfer.tls.domains[0].sans=*.moeny.ai"
|
||||
- "traefik.http.services.transfer.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.transfer_sh.rule=Host(`tx.moeny.ai`)"
|
||||
- "traefik.http.routers.transfer_sh.entrypoints=https"
|
||||
- "traefik.http.routers.transfer_sh.tls.certresolver=le_transfer_sh"
|
||||
- "traefik.http.services.transfer_sh.loadbalancer.server.port=8080"
|
||||
command:
|
||||
- --provider=local
|
||||
- --basedir=/txdata
|
||||
- --random-token-length=10
|
||||
- --http-auth-user=${TRANSFER_USER}
|
||||
- --http-auth-pass=${TRANSFER_PASS}
|
||||
restart: always
|
||||
|
||||
volumes:
|
||||
traefik: { driver: local }
|
||||
traefik_moeny_transfer_sh: { driver: local }
|
||||
|
||||
networks:
|
||||
transfer_sh_default:
|
||||
name: transfer_sh_default
|
||||
Loading…
Reference in New Issue
Block a user