wip change acme html01 to dns01

2025-01-23 05:12:20 +01:00 · 2023-04-24 11:44:33 +02:00 · 2023-04-24 11:44:33 +02:00 · e4d42e7f6f
commit e4d42e7f6f
parent dcf714e224
2 changed files with 56 additions and 11 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -23,7 +23,7 @@ services:
        HUGO_BASE: lieuwe.${NGINX_HOST}
    volumes:
      - hugo_data:/public:z
-      - nginx_certs:/etc/letsencrypt/live:z
+      - nginx_certs:/etc/letsencrypt/live:ro,z

  hugo-site:
    <<: *defaults
@ -52,6 +52,11 @@ services:
      - ./config/pg-init-scripts:/docker-entrypoint-initdb.d:ro,z
    ports:
      - "5432:5432"
+    healthcheck:
+      test: "pg_isready"
+      timeout: 45s
+      interval: 10s
+      retries: 10

  nextcloud:
    <<: *defaults
@ -74,7 +79,10 @@ services:
      - SMTP_NAME=admin@${NGINX_HOST}
      - SMTP_PASSWORD=${SQL_PSWD}
    depends_on:
-      - pgsqlserver
+      pgsqlserver:
+        condition: service_healthy
+      acme-companion:
+        condition: service_healthy
    links:
      - pgsqlserver
    expose:
@ -105,7 +113,10 @@ services:
    ports:
      - "222:22"
    depends_on:
-      - pgsqlserver
+      pgsqlserver:
+        condition: service_healthy
+      acme-companion:
+        condition: service_healthy
    links:
      - pgsqlserver

@ -122,7 +133,10 @@ services:
      - ROUNDCUBEMAIL_SMTP_SERVER=tls://${NGINX_HOST}
      - ROUNDCUBEMAIL_DB_PASSWORD=${SQL_PSWD}
    depends_on:
-      - pgsqlserver
+      pgsqlserver:
+        condition: service_healthy
+      acme-companion:
+        condition: service_healthy
    links:
      - pgsqlserver
    expose:
@ -159,11 +173,12 @@ services:
    cap_add:
      - NET_ADMIN
    depends_on:
-      - ddnsgd
+      acme-companion:
+        condition: service_healthy

  reverse-proxy:
    <<: *defaults
-    image: nginxproxy/nginx-proxy
+    image: nginxproxy/nginx-proxy:1.2.3
    container_name: nginx-proxy
    environment:
      - DEFAULT_EMAIL=admin@${NGINX_HOST}
@ -174,7 +189,7 @@ services:
      - nginx_html:/usr/share/nginx/html:z
      - nginx_conf:/etc/nginx/conf.d/:z
      - nginx_dhparam:/etc/nginx/dhparam:z
-      - nginx_certs:/etc/nginx/certs/:z
+      - nginx_certs:/etc/nginx/certs/:ro,z
      - nginx_vhost:/etc/nginx/vhost.d/:z
      - mail_html:/var/www/roundcube:z
      - nextcloud_data:/var/www/nextcloud:z
@ -183,19 +198,32 @@ services:
      - ./config/nginx/header_default:/etc/nginx/vhost.d/default:z
      - /var/run/docker.sock:/tmp/docker.sock:ro,z
    depends_on:
-      - ddnsgd
+      ddnsgd:
+        condition: service_healthy

  acme-companion:
    <<: *defaults
-    image: nginxproxy/acme-companion
+    image: nginxproxy/acme-companion:2.2.3
    container_name: nginx-proxy-acme
+    environment:
+      - DEFAULT_EMAIL=admin@${NGINX_HOST}
    volumes_from:
      - reverse-proxy
    volumes:
      - acme-state:/etc/acme.sh
+      - nginx_certs:/etc/nginx/certs:rw,z
      - /var/run/docker.sock:/var/run/docker.sock:ro,z
    depends_on:
      - ddnsgd
+    healthcheck:
+      test: test -f /etc/nginx/certs/lieuwe.${NGINX_HOST}.key
+      interval: 60s
+      retries: 5
+      start_period: 5s
+      timeout: 10s
+    depends_on:
+      ddnsgd:
+        condition: service_healthy

  ddnsgd:
    <<: *defaults
@ -206,6 +234,12 @@ services:
      - USERNAME=${GDNS_USERNAME}
      - PASSWORD=${GDNS_PASSWORD}
      - INTERVAL=9000
+    healthcheck:
+      test: /usr/bin/nslookup ${NGINX_HOST}
+      interval: 30s
+      retries: 5
+      start_period: 2s
+      timeout: 10s

  autodiscover:
    <<: *defaults
@ -224,6 +258,9 @@ services:
      - SMTP_SOCKET=STARTTLS
    expose:
      - "8000"
+    depends_on:
+      acme-companion:
+        condition: service_healthy

 volumes:
  acme-state:
--- a/local.env
+++ b/local.env
@ -1,3 +1,6 @@
+DEBUG=1
+# LETSENCRYPT_TEST=true
+
 ## Docker Env
 PERMIT_DOCKER=network

@ -20,6 +23,8 @@ ENABLE_DNSBL=0
 ENABLE_QUOTAS=0
 ENABLE_POP3=0

+
+## Email Relay
 RELAY_HOST=smtp.sendgrid.net
 RELAY_PORT=587
 RELAY_USER=apikey
@ -29,6 +34,7 @@ RELAY_USER=apikey
 POSTGRES_USER="pgadmin"
 POSTGRES_INITDB_ARGS="--auth-host=scram-sha-256 --auth-local=scram-sha-256"

+
 ## Round Cube Env
 ROUNDCUBEMAIL_DB_TYPE=pgsql
 ROUNDCUBEMAIL_DB_NAME=roundcube
@ -36,12 +42,14 @@ ROUNDCUBEMAIL_DB_USER=roundcube
 ROUNDCUBEMAIL_SKIN=elastic
 ROUNDCUBEMAIL_ASPELL_DICTS=en

+
 ## NGINX Reverse Proxy
 NGINX_PROXY_CONTAINER=nginx-proxy
 LETSENCRYPT_RESTART_CONTAINER=true
+ENABLE_IPV6=false
+

 ## GITEA Setup
-
 GITEA__server__HTTP_PORT        = 3000
 GITEA__server__DISABLE_SSH      = false
 GITEA__server__SSH_PORT         = 222