-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-stack.yml
93 lines (83 loc) · 2.69 KB
/
docker-stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
version: '3.3'
services:
certbot:
image: theohbrothers/docker-certbot-dns-cron:v1.12.0-ovh
environment:
###########
# Certbot #
###########
# Whether to use production or staging LetsEncrypt endpoint. 0 for production, 1 for staging
- STAGING=0
# RSA Key size
- RSA_KEY_SIZE=4096
# Domains file, delimited by "\n"
- DOMAINS_FILE=/run/secrets/certbot_domains.txt
# Admin Email's Local-part for LetsEncrypt expiry-notification emails
# E.g. use "admin" for notification emails sent to "admin.example.com"
# See https://en.wikipedia.org/wiki/Email_address for more information on the Local-part
- DOMAIN_ADMIN_EMAIL_LOCALPART=admin
# Certbot DNS Plugin
- PLUGIN_DNS_PROVIDER=ovh
- PLUGIN_DNS_CREDENTIALS_FILE=/run/secrets/certbot_dns_ovh_credentials.ini
- PLUGIN_DNS_PROPAGATION_SECONDS=10
##########
# Deploy #
##########
# Whether to deploy certs. Omit environment variable to disable
- DEPLOY_CERTS=1
##########
# Reload #
##########
# Container name to reload after signing and obtaining cert. Omit environment variable to disable
- TARGET_CONTAINER_NAME=nginx-proxy-docker-gen
##########
# Report #
##########
# Whether to email the certbot report on successful signing of certs
- EMAIL_REPORT=1
# Email vars to send Report
- EMAIL_FROM_FILE=/run/secrets/certbot_email_from
- EMAIL_TO_FILE=/run/secrets/certbot_email_to
- EMAIL_USER_FILE=/run/secrets/certbot_email_user
- EMAIL_PASSWORD_FILE=/run/secrets/certbot_email_password
- SMTP_SERVER_FILE=/run/secrets/certbot_email_smtp_server
- SMTP_PORT_FILE=/run/secrets/certbot_email_smtp_port
secrets:
- certbot_domains.txt
- certbot_dns_ovh_credentials.ini
- certbot_email_from
- certbot_email_to
- certbot_email_user
- certbot_email_password
- certbot_email_smtp_server
- certbot_email_smtp_port
volumes:
- nginx-proxy-certs:/certs/:rw
- ./data/letsencrypt:/etc/letsencrypt/:rw
- /var/run/docker.sock:/tmp/docker.sock:ro
deploy:
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints: [node.role == manager]
secrets:
certbot_domains.txt:
external: true
certbot_dns_ovh_credentials.ini:
external: true
certbot_email_from:
external: true
certbot_email_to:
external: true
certbot_email_user:
external: true
certbot_email_password:
external: true
certbot_email_smtp_server:
external: true
certbot_email_smtp_port:
external: true
volumes:
nginx-proxy-certs:
external: true