Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add duckdns dns-01 challenge plugin #281

Conversation

emulatorchen
Copy link
Contributor

Add duckdns plugin of certbot.
The ini name is duckdns.ini though but key is dns_duckdns_token instead of dns_duckdns_api_token, which is a bit different from the certbot_authenticators.md(https://github.com/JonasAlfredsson/docker-nginx-certbot/blob/master/docs/certbot_authenticators.md)

@emulatorchen
Copy link
Contributor Author

Hi @JonasAlfredsson , I found that the failure was raised by the package cryptography where it is before the new dependency is introduced, looks like a random failed. I also test the build in my local ubuntu 22.04 twice and it looks good to me, would you mind triggering it again?

docker-nginx-certbot/src$ cat Dockerfile && sudo docker build -t jonasal/nginx-certbot:local -f ./Dockerfile .
FROM nginx:1.27.0
LABEL maintainer="Jonas Alfredsson <[email protected]>"

ENV CERTBOT_DNS_AUTHENTICATORS \
    cloudflare \
    cloudxns \
    digitalocean \
    dnsimple \
    dnsmadeeasy \
    gehirn \
    google \
    linode \
    luadns \
    nsone \
    ovh \
    rfc2136 \
    route53 \
    sakuracloud \
    ionos \
    bunny \
    duckdns

# Needed in order to install Python packages via PIP after PEP 668 was
# introduced, but I believe this is safe since we are in a container without
# any real need to cater to other programs/environments.
ARG PIP_BREAK_SYSTEM_PACKAGES=1

# Through this we gain the ability to handle certbot upgrades through
# dependabot pull requests.
COPY requirements.txt /requirements.txt

# Do a single run command to make the intermediary containers smaller.
RUN set -ex && \
# Install packages necessary during the build phase (for all architectures).
    apt-get update && \
    apt-get install -y --no-install-recommends \
            build-essential \
            cargo \
            curl \
            libffi8 \
            libffi-dev \
            libssl-dev \
            openssl \
            pkg-config \
            procps \
            python3 \
            python3-dev \
    && \
# Install the latest version of PIP, Setuptools and Wheel.
    curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 && \
# Install certbot.
    pip3 install -r /requirements.txt && \
# And the supported extra authenticators.
    pip3 install $(echo $CERTBOT_DNS_AUTHENTICATORS | sed 's/\(^\| \)/\1certbot-dns-/g') && \
# Remove everything that is no longer necessary.
    apt-get remove --purge -y \
            build-essential \
            cargo \
            curl \
            libffi-dev \
            libssl-dev \
            pkg-config \
            python3-dev \
    && \
    apt-get autoremove -y && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    rm -rf /root/.cache && \
    rm -rf /root/.cargo && \
# Create new directories and set correct permissions.
    mkdir -p /var/www/letsencrypt && \
    mkdir -p /etc/nginx/user_conf.d && \
    chown www-data:www-data -R /var/www \
    && \
# Make sure there are no surprise config files inside the config folder.
    rm -f /etc/nginx/conf.d/*

# Copy in our "default" Nginx server configurations, which make sure that the
# ACME challenge requests are correctly forwarded to certbot and then redirects
# everything else to HTTPS.
COPY nginx_conf.d/ /etc/nginx/conf.d/

# Copy in all our scripts and make them executable.
COPY scripts/ /scripts
RUN chmod +x -R /scripts && \
# Make so that the parent's entrypoint script is properly triggered (issue #21).
    sed -ri '/^if \[ "\$1" = "nginx" \] \|\| \[ "\$1" = "nginx-debug" \]; then$/,${s//if echo "$1" | grep -q "nginx"; then/;b};$q1' /docker-entrypoint.sh

# Create a volume to have persistent storage for the obtained certificates.
VOLUME /etc/letsencrypt

# The Nginx parent Docker image already expose port 80, so we only need to add
# port 443 here.
EXPOSE 443

# Change the container's start command to launch our Nginx and certbot
# management script.
CMD [ "/scripts/start_nginx_certbot.sh" ]
[+] Building 88.8s (11/11) FINISHED                                                                            docker:default
 => [internal] load build definition from Dockerfile                                                                     0.0s
 => => transferring dockerfile: 3.21kB                                                                                   0.0s
 => [internal] load metadata for docker.io/library/nginx:1.27.0                                                          0.2s
 => [internal] load .dockerignore                                                                                        0.0s
 => => transferring context: 2B                                                                                          0.0s
 => [1/6] FROM docker.io/library/nginx:1.27.0@sha256:6af79ae5de407283dcea8b00d5c37ace95441fd58a8b1d2aa1ed93f5511bb18c    4.5s
 => => resolve docker.io/library/nginx:1.27.0@sha256:6af79ae5de407283dcea8b00d5c37ace95441fd58a8b1d2aa1ed93f5511bb18c    0.0s
 => => sha256:7111b42b4bfa1b5273abcc4b138983f48f9cb96bb3f896a6cb36af3dade80383 955B / 955B                               0.1s
 => => sha256:3dfc528a4df9e1be9b2817271a35cef87f001e699e5b8ef944640b383ca27e1f 394B / 394B                               0.1s
 => => sha256:6af79ae5de407283dcea8b00d5c37ace95441fd58a8b1d2aa1ed93f5511bb18c 10.27kB / 10.27kB                         0.0s
 => => sha256:baa881b012a49e3c2cd6ab9d80f9fcd2962a98af8ede947d0ef930a427b28afc 2.29kB / 2.29kB                           0.0s
 => => sha256:a72860cb95fd59e9c696c66441c64f18e66915fa26b249911e83c3854477ed9a 7.30kB / 7.30kB                           0.0s
 => => sha256:efc2b5ad9eec05befa54239d53feeae3569ccbef689aa5e5dbfc25da6c4df559 29.13MB / 29.13MB                         0.7s
 => => sha256:8fe9a55eb80f3167f7b3a9c39f90b9eacf833841e5a9f8d60c51f4d2400154a3 41.83MB / 41.83MB                         0.9s
 => => sha256:045037a63be803c1d446a5239439580a49cd8a8682a5addf4f03b2c1638948a4 627B / 627B                               0.0s
 => => sha256:0f11e17345c583a30e9cc89b80b1423b7b52b0e36cda9a6dc5de587ecf6ed54c 1.40kB / 1.40kB                           0.1s
 => => sha256:9e891cdb453be97c53e1ddbe4b955ee71099f18f16e68e7010c33662aaa944bf 1.21kB / 1.21kB                           0.1s
 => => extracting sha256:efc2b5ad9eec05befa54239d53feeae3569ccbef689aa5e5dbfc25da6c4df559                                1.7s
 => => extracting sha256:8fe9a55eb80f3167f7b3a9c39f90b9eacf833841e5a9f8d60c51f4d2400154a3                                1.6s
 => => extracting sha256:045037a63be803c1d446a5239439580a49cd8a8682a5addf4f03b2c1638948a4                                0.0s
 => => extracting sha256:7111b42b4bfa1b5273abcc4b138983f48f9cb96bb3f896a6cb36af3dade80383                                0.0s
 => => extracting sha256:3dfc528a4df9e1be9b2817271a35cef87f001e699e5b8ef944640b383ca27e1f                                0.0s
 => => extracting sha256:9e891cdb453be97c53e1ddbe4b955ee71099f18f16e68e7010c33662aaa944bf                                0.0s
 => => extracting sha256:0f11e17345c583a30e9cc89b80b1423b7b52b0e36cda9a6dc5de587ecf6ed54c                                0.0s
 => [internal] load build context                                                                                        0.0s
 => => transferring context: 38.23kB                                                                                     0.0s
 => [2/6] COPY requirements.txt /requirements.txt                                                                        0.9s
 => [3/6] RUN set -ex &&     apt-get update &&     apt-get install -y --no-install-recommends             build-essent  78.9s
 => [4/6] COPY nginx_conf.d/ /etc/nginx/conf.d/                                                                          0.3s 
 => [5/6] COPY scripts/ /scripts                                                                                         0.3s
 => [6/6] RUN chmod +x -R /scripts &&     sed -ri '/^if \[ "\$1" = "nginx" \] \|\| \[ "\$1" = "nginx-debug" \]; then$/,  0.2s
 => exporting to image                                                                                                   3.2s
 => => exporting layers                                                                                                  3.2s
 => => writing image sha256:64297902376a0e3dc755cebde17e425723fd1ce69dd96040cf39f4d016f37790                             0.0s
 => => naming to docker.io/jonasal/nginx-certbot:local

@JonasAlfredsson
Copy link
Owner

JonasAlfredsson commented Aug 13, 2024

Well that was a long road to get rustup to work on all architectures...
Can you rebase your pull request on the latest master so we can make sure the tests pass? :)

@emulatorchen
Copy link
Contributor Author

Thanks for the investigation! I found that the rebase will cause a non-fast-forward commit so I just merge the master instead.

@JonasAlfredsson JonasAlfredsson merged commit 893ed3f into JonasAlfredsson:master Aug 14, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants