Add docker with traefik for dnschallenge certs
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
.DS_Store
|
||||
.env
|
||||
2
Dockerfile
Normal file
@ -0,0 +1,2 @@
|
||||
FROM nginx
|
||||
COPY html /usr/share/nginx/html
|
||||
@ -3,3 +3,7 @@
|
||||
This is the repository for the *[moeny.ai](https://moeny.ai)* website, showcasing New York’s network of AI experts and our journey toward building lean, impactful AI solutions.
|
||||
|
||||
Looking to connect more? Join our [RocketChat](https://rocketchat.moeny.ai).
|
||||
|
||||
## Docker Compose
|
||||
|
||||
The docker setup uses [traefik](https://hub.docker.com/_/traefik) to handle Let's Encrypt certificates, using a [DNS challenge](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge). In order for this setup to work, your DNS server must be configured with a TSIG key for dynamic updates. See our [bind9](https://gitea.moeny.ai/moeny/bind9) repo for more info.
|
||||
5
deploy.env
Normal file
@ -0,0 +1,5 @@
|
||||
# DNS TSIG Configuration
|
||||
TSIG_KEY=your-tsig-key-name
|
||||
TSIG_SECRET=your-tsig-secret
|
||||
DNS_SERVER=your-dns-server
|
||||
DNS_ZONE=your-dns-zone
|
||||
53
docker-compose.yaml
Normal file
@ -0,0 +1,53 @@
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.10
|
||||
restart: always
|
||||
networks:
|
||||
- website_default
|
||||
command:
|
||||
- --api.insecure=false
|
||||
- --providers.docker=true
|
||||
- --providers.docker.exposedbydefault=false
|
||||
- --entrypoints.web.address=:80
|
||||
- --entrypoints.web.http.redirections.entryPoint.to=https
|
||||
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
||||
- --entrypoints.https.address=:443
|
||||
- --certificatesresolvers.le_moeny_website.acme.dnschallenge=true
|
||||
- --certificatesresolvers.le_moeny_website.acme.dnschallenge.provider=rfc2136
|
||||
- --certificatesresolvers.le_moeny_website.acme.dnschallenge.resolvers=8.8.8.8,8.8.4.4
|
||||
- --certificatesresolvers.le_moeny_website.acme.email=webmaster@moeny.ai
|
||||
- --certificatesresolvers.le_moeny_website.acme.storage=/letsencrypt/acme.json
|
||||
- --log.level=DEBUG
|
||||
environment:
|
||||
- RFC2136_TSIG_KEY=${TSIG_KEY}
|
||||
- RFC2136_TSIG_SECRET=${TSIG_SECRET}
|
||||
- RFC2136_NAMESERVER=${DNS_SERVER}
|
||||
- RFC2136_ZONE=${DNS_ZONE}
|
||||
- RFC2136_TSIG_ALGORITHM=hmac-sha256
|
||||
- RFC2136_DEBUG=true
|
||||
- RFC2136_TIMEOUT=60
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- traefik_moeny_website:/letsencrypt:rw
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
|
||||
moeny:
|
||||
build: .
|
||||
restart: always
|
||||
networks:
|
||||
- website_default
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.moeny_website.rule=Host(`moeny.ai`)"
|
||||
- "traefik.http.routers.moeny_website.entrypoints=https"
|
||||
- "traefik.http.routers.moeny_website.tls.certresolver=le_moeny_website"
|
||||
- "traefik.http.services.moeny_website.loadbalancer.server.port=80"
|
||||
|
||||
volumes:
|
||||
traefik_moeny_website: { driver: local }
|
||||
|
||||
networks:
|
||||
website_default:
|
||||
name: website_default
|
||||
|
Before Width: | Height: | Size: 34 KiB After Width: | Height: | Size: 34 KiB |
|
Before Width: | Height: | Size: 5.0 KiB After Width: | Height: | Size: 5.0 KiB |
|
Before Width: | Height: | Size: 1.3 KiB After Width: | Height: | Size: 1.3 KiB |
|
Before Width: | Height: | Size: 4.2 KiB After Width: | Height: | Size: 4.2 KiB |
|
Before Width: | Height: | Size: 326 KiB After Width: | Height: | Size: 326 KiB |
|
Before Width: | Height: | Size: 32 KiB After Width: | Height: | Size: 32 KiB |
|
Before Width: | Height: | Size: 567 B After Width: | Height: | Size: 567 B |