mirror/docker-letsencrypt-nginx-proxy-companion
1
0
Fork 0
mirror of https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion synced 2024-11-22 20:42:04 +01:00
Code Issues Releases Activity

docs: update DNS-01 doc

Browse Source
This commit is contained in:
Nicolas Duchon 2024-07-17 07:57:09 +02:00
parent 24d76fb42c
commit e6f31f0d10
1 changed files with 31 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
docs/Let's-Encrypt-and-ACME.md
View File

@ -12,36 +12,52 @@ The following environment variables are optional and parametrize the way the Let
#### DNS-01 ACME challenge #### DNS-01 ACME challenge
In order to switch to the DNS-01 ACME challenge, set the `ACME_CHALLENGE` environment variable to `DNS-01` on your proxied container. This will also require you to set the `ACMESH_DNS_API_CONFIG` environment variable to a JSON or YAML string containing the configuration for the DNS provider you are using. Inside the JSON or YAML string, the `DNS_API` property is always required and should be set to the name of the [acme.sh DNS API](https://github.com/acmesh-official/acme.sh/tree/3.0.7/dnsapi) you want to use. In order to switch to the DNS-01 ACME challenge, set the `ACME_CHALLENGE` environment variable to `DNS-01` on your acme-companion container. This will also require you to set the `ACMESH_DNS_API_CONFIG` environment variable to a JSON or YAML string containing the configuration for the DNS provider you are using. Inside the JSON or YAML string, the `DNS_API` property is always required and should be set to the name of the [acme.sh DNS API](https://github.com/acmesh-official/acme.sh/tree/3.0.7/dnsapi) you want to use.
The other properties required will depend on the DNS provider you are using. For more information on the required properties for each DNS provider, please refer to the [acme.sh documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi) (please keep in mind that nginxproxy/acme-companion is using a fixed version of acme.sh, so the documentation might include DNS providers that are not yet available in the version used by this image). The other properties required will depend on the DNS provider you are using. For more information on the required properties for each DNS provider, please refer to the [acme.sh documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi) (please keep in mind that nginxproxy/acme-companion is using a fixed version of acme.sh, so the documentation might include DNS providers that are not yet available in the version used by this image).
Example using the [Gandi Live DNS API](https://github.com/acmesh-official/acme.sh/blob/3.0.7/dnsapi/dns_gandi_livedns.sh): Both `ACME_CHALLENGE` and `ACMESH_DNS_API_CONFIG` environment variables can also be set on the proxied application container, in which case they will override the values set on the acme-companion container, if any.
Not: if you do not plan on using the `HTTP-01` challenge at all, you won't need to share `/usr/share/nginx/html` between the **nginx-proxy** and **acme-companion** containers, and can remove this volume from both.
Example using [Cloudflare DNS](https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_cf.sh):
```console ```console
docker run --detach \ docker run --detach \
--name your-proxyed-app \ --name nginx-proxy-acme \
--env "VIRTUAL_HOST=yourdomain.tld" \ --volume certs:/etc/nginx/certs \
--env "LETSENCRYPT_HOST=yourdomain.tld" \ --volume acme:/etc/acme.sh \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--env "DEFAULT_EMAIL=mail@yourdomain.tld" \
--env "ACME_CHALLENGE=DNS-01" \ --env "ACME_CHALLENGE=DNS-01" \
--env "ACMESH_DNS_API_CONFIG={'DNS_API': 'dns_gandi_livedns', 'GANDI_LIVEDNS_KEY': 'yourApiKey'}" \ --env "ACMESH_DNS_API_CONFIG={'DNS_API': 'dns_cf', 'CF_Key': 'yourCloudflareApiKey', 'CF_Email': 'yourCloudflareAccountEmail'}" \
nginx nginxproxy/acme-companion
``` ```
Same example on a Docker compose file: Same example on a Docker compose file:
```yaml ```yaml
services: services:
# [...] # nginx proxy container omitted
app: acme:
image: nginx image: nginxproxy/acme-companion
container_name: your-proxyed-app container_name: nginx-proxy-acme
volumes:
- certs:/etc/nginx/certs
- acme:/etc/acme.sh
- /var/run/docker.sock:/var/run/docker.sock:ro
environment: environment:
VIRTUAL_HOST: yourdomain.tld DEFAULT_EMAIL: mail@yourdomain.tld
LETSENCRYPT_HOST: yourdomain.tld
ACME_CHALLENGE: DNS-01 ACME_CHALLENGE: DNS-01
ACMESH_DNS_API_CONFIG: |- ACMESH_DNS_API_CONFIG: |-
DNS_API: dns_gandi_livedns DNS_API: dns_cf
GANDI_LIVEDNS_KEY: yourApiKey CF_Key: yourCloudflareApiKey
CF_Email: yourCloudflareAccountEmail
# app container omitted
volumes:
certs:
acme:
``` ```
If you experience issues with the DNS-01 ACME challenge, please try to get it working outside of the container before opening an issue. If you can't get it working outside of the container, please seek support on the [acme.sh repository](https://github.com/acmesh-official). If you experience issues with the DNS-01 ACME challenge, please try to get it working outside of the container before opening an issue. If you can't get it working outside of the container, please seek support on the [acme.sh repository](https://github.com/acmesh-official).