feat: Add examples for major DNS providers

examples/certbot-dns-cloudflare/README.md

@@ -1,8 +0,0 @@
-Please have a look at the [certbot-dns-cloudflare documentation](https://certbot-dns-cloudflare.readthedocs.io/en/stable/) first.
-
-Procedure :
-
-- Edit domains in the compose file
-- Edit CloudFlare credentials in cloudflare.ini file (generate using https://dash.cloudflare.com/?to=/:account/profile/api-tokens)
-- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
-- When certificates are generated, run your services : `docker-compose up -d`

examples/certbot-dns-cloudflare/cloudflare.ini

@@ -1,5 +0,0 @@
-# Cloudflare API token used by Certbot (recommended)
-dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef012345671
-# Cloudflare API credentials used by Certbot (not recommended)
-#dns_cloudflare_email = cloudflare@example.com
-#dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef012341

examples/certbot-dns-cloudflare/entrypoint.sh

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-echo "Certbot started, domains = $DOMAINS"
-
-first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
-if [ "$EMAIL" = "" ] ; then
-	EMAIL="contact@${first_domain}"
-fi
-
-if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
-	echo "Renewing certificates ..."
-	certbot renew
-else
-	echo "Asking for certificates ..."
-	certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /opt/cloudflare.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
-fi
-
-echo "Fixing permissions ..."
-chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
-
-echo "Certbot ended, sleeping for 24 hours"
-
-sleep 86400

examples/certbot-dns-digitalocean/README.md

@@ -1,8 +0,0 @@
-Please have a look at the [certbot-dns-digitalocean documentation](https://certbot-dns-digitalocean.readthedocs.io/en/stable/) first.
-
-Procedure :
-
-- Edit domains in the compose file
-- Edit DigitalOcean credentials in digitalocean.ini file (generate using https://cloud.digitalocean.com/settings/api/tokens)
-- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
-- When certificates are generated, run your services : `docker-compose up -d`

examples/certbot-dns-digitalocean/digitalocean.ini

@@ -1,2 +0,0 @@
-# DigitalOcean API credentials used by Certbot
-dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff

examples/certbot-dns-digitalocean/entrypoint.sh

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-echo "Certbot started, domains = $DOMAINS"
-
-first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
-if [ "$EMAIL" = "" ] ; then
-	EMAIL="contact@${first_domain}"
-fi
-
-if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
-	echo "Renewing certificates ..."
-	certbot renew
-else
-	echo "Asking for certificates ..."
-	certbot certonly -n --dns-digitalocean --dns-digitalocean-credentials /opt/digitalocean.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
-fi
-
-echo "Fixing permissions ..."
-chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
-
-echo "Certbot ended, sleeping for 24 hours"
-
-sleep 86400

examples/certbot-dns-google/README.md

@@ -1,8 +0,0 @@
-Please have a look at the [certbot-dns-google documentation](https://certbot-dns-google.readthedocs.io/en/stable/) first.
-
-Procedure :
-
-- Edit domains in the compose file
-- Edit Google credentials in google.json file (generate using https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount)
-- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
-- When certificates are generated, run your services : `docker-compose up -d`

examples/certbot-dns-google/entrypoint.sh

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-echo "Certbot started, domains = $DOMAINS"
-
-first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
-if [ "$EMAIL" = "" ] ; then
-	EMAIL="contact@${first_domain}"
-fi
-
-if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
-	echo "Renewing certificates ..."
-	certbot renew
-else
-	echo "Asking for certificates ..."
-	certbot certonly -n --dns-google --dns-google-credentials /opt/google.json --email "$EMAIL" --agree-tos -d "$DOMAINS"
-fi
-
-echo "Fixing permissions ..."
-chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
-
-echo "Certbot ended, sleeping for 24 hours"
-
-sleep 86400

examples/certbot-dns-google/google.json

@@ -1,12 +0,0 @@
-{
-  "type": "service_account",
-  "project_id": "...",
-  "private_key_id": "...",
-  "private_key": "...",
-  "client_email": "...",
-  "client_id": "...",
-  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
-  "token_uri": "https://accounts.google.com/o/oauth2/token",
-  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
-  "client_x509_cert_url": "..."
-}

examples/certbot-dns-ovh/README.md

@@ -1,8 +0,0 @@
-Please have a look at the [certbot-dns-ovh documentation](https://certbot-dns-ovh.readthedocs.io/en/stable/) first.
-
-Procedure :
-
-- Edit domains in the compose file
-- Edit OVH credentials in ovh.ini file (generate using https://eu.api.ovh.com/createToken/)
-- Run certbot only and wait for certificate to be generated : `docker-compose up -d mycertbot`
-- When certificates are generated, run your services : `docker-compose up -d`

examples/certbot-dns-ovh/entrypoint.sh

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-echo "Certbot started, domains = $DOMAINS"
-
-first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
-if [ "$EMAIL" = "" ] ; then
-	EMAIL="contact@${first_domain}"
-fi
-
-if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
-	echo "Renewing certificates ..."
-	certbot renew
-else
-	echo "Asking for certificates ..."
-	certbot certonly -n --dns-ovh --dns-ovh-credentials /opt/ovh.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
-fi
-
-echo "Fixing permissions ..."
-chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
-
-echo "Certbot ended, sleeping for 24 hours"
-
-sleep 86400

examples/certbot-dns-ovh/ovh.ini

@@ -1,5 +0,0 @@
-# OVH API credentials used by Certbot
-dns_ovh_endpoint = ovh-eu
-dns_ovh_application_key = MDAwMDAwMDAwMDAw
-dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
-dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw

examples/certbot-dns-route53/README.md

@@ -1,8 +0,0 @@
-Please have a look at the [certbot-dns-route53 documentation](https://certbot-dns-route53.readthedocs.io/en/stable/) first.
-
-Procedure :
-
-- Edit domains in the compose file
-- Edit AWS credentials in aws.ini file (generate using https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-overview.html)
-- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
-- When certificates are generated, run your services : `docker-compose up -d`

examples/certbot-dns-route53/aws.ini

@@ -1,3 +0,0 @@
-[default]
-aws_access_key_id=AKIAIOSFODNN7EXAMPLE
-aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

examples/certbot-dns-route53/docker-compose.yml

@@ -1,85 +0,0 @@
-services:
-  bunkerweb:
-    image: bunkerity/bunkerweb:1.6.0-beta
-    container_name: bunkerweb
-    ports:
-      - "80:8080"
-      - "443:8443"
-    environment:
-      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
-    restart: "unless-stopped"
-    networks:
-      - bw-universe
-      - bw-services
-
-  bw-scheduler:
-    image: bunkerity/bunkerweb-scheduler:1.6.0-beta
-    container_name: bw-scheduler
-    depends_on:
-      - bunkerweb
-    volumes:
-      - bw-data:/data
-      - certs:/certs
-    environment:
-      BUNKERWEB_INSTANCES: "bunkerweb"
-      SERVER_NAME: "app1.example.com app2.example.com app3.example.com" # replace with your domains
-      MULTISITE: "yes"
-      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
-      SERVE_FILES: "no"
-      DISABLE_DEFAULT_SERVER: "yes"
-      USE_CLIENT_CACHE: "yes"
-      USE_GZIP: "yes"
-      USE_REVERSE_PROXY: "yes"
-      USE_CUSTOM_SSL: "yes"
-      CUSTOM_SSL_CERT: "/certs/live/example.com/fullchain.pem"
-      CUSTOM_SSL_KEY: "/certs/live/example.com/privkey.pem"
-      app1.example.com_REVERSE_PROXY_URL: "/"
-      app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080"
-      app2.example.com_REVERSE_PROXY_URL: "/"
-      app2.example.com_REVERSE_PROXY_HOST: "http://app2:8080"
-      app3.example.com_REVERSE_PROXY_URL: "/"
-      app3.example.com_REVERSE_PROXY_HOST: "http://app3:8080"
-    restart: "unless-stopped"
-    networks:
-      - bw-universe
-
-  mycertbot:
-    image: certbot/dns-route53:v2.11.0
-    environment:
-      DOMAINS: "*.example.com,example.com"
-      EMAIL: "contact@example.com"
-    volumes:
-      - certs:/etc/letsencrypt
-      - ./aws.ini:/opt/aws.ini
-      - ./entrypoint.sh:/opt/entrypoint.sh
-    entrypoint: /bin/sh /opt/entrypoint.sh
-
-  app1:
-    image: nginxdemos/nginx-hello
-    networks:
-      - bw-services
-
-  app2:
-    image: nginxdemos/nginx-hello
-    networks:
-      - bw-services
-
-  app3:
-    image: nginxdemos/nginx-hello
-    networks:
-      - bw-services
-
-volumes:
-  bw-data:
-  certs:
-
-
-networks:
-  bw-universe:
-    name: bw-universe
-    ipam:
-      driver: default
-      config:
-        - subnet: 10.20.30.0/24
-  bw-services:
-    name: bw-services

examples/certbot-dns-route53/entrypoint.sh

@@ -1,24 +0,0 @@
-#!/bin/sh
-
-echo "Certbot started, domains = $DOMAINS"
-
-first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
-if [ "$EMAIL" = "" ] ; then
-	EMAIL="contact@${first_domain}"
-fi
-
-if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
-	echo "Renewing certificates ..."
-	certbot renew
-else
-	echo "Asking for certificates ..."
-	export AWS_CONFIG_FILE=/opt/aws.ini
-	certbot certonly -n --dns-route53 --email "$EMAIL" --agree-tos -d "$DOMAINS"
-fi
-
-echo "Fixing permissions ..."
-chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
-
-echo "Certbot ended, sleeping for 24 hours"
-
-sleep 86400

examples/dns-cloudflare/README.md

@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-cloudflare documentation](https://certbot-dns-cloudflare.readthedocs.io/en/stable/) first.
+
+Procedure :
+
+- Edit domains in the compose file
+- Edit Cloudflare credentials in the compose file (generate using https://dash.cloudflare.com/?to=/:account/profile/api-tokens)
+- Run your services, the scheduler will take care of the rest : `docker-compose up -d`

examples/dns-cloudflare/docker-compose.yml

@@ -3,8 +3,9 @@ services:
     image: bunkerity/bunkerweb:1.6.0-beta
     container_name: bunkerweb
     ports:
-      - "80:8080"
-      - "443:8443"
+      - "80:8080/tcp"
+      - "443:8443/tcp"
+      - "443:8443/udp" # for QUIC
     environment:
       API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
     restart: "unless-stopped"
@@ -30,9 +31,16 @@ services:
       USE_CLIENT_CACHE: "yes"
       USE_GZIP: "yes"
       USE_REVERSE_PROXY: "yes"
-      USE_CUSTOM_SSL: "yes"
-      CUSTOM_SSL_CERT: "/certs/live/example.com/fullchain.pem"
-      CUSTOM_SSL_KEY: "/certs/live/example.com/privkey.pem"
+
+      # Let's Encrypt configuration
+      AUTO_LETS_ENCRYPT: "yes"
+      EMAIL_LETS_ENCRYPT: "changeme@example.com" # replace with your email to receive notifications about certificate expiration
+      LETS_ENCRYPT_CHALLENGE: "dns"
+      LETS_ENCRYPT_DNS_PROVIDER: "digitalocean"
+      LETS_ENCRYPT_DNS_PROPAGATION: "default" # change this to a number of seconds if you have a slow DNS provider (It's recommended to use the default value)
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM: "dns_digitalocean_token <your-digitalocean-api-token>" # replace with your DigitalOcean API token
+
+      # Reverse proxy configuration
       app1.example.com_REVERSE_PROXY_URL: "/"
       app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080"
       app2.example.com_REVERSE_PROXY_URL: "/"
@@ -43,17 +51,6 @@ services:
     networks:
       - bw-universe
 
-  mycertbot:
-    image: certbot/dns-google:v2.11.0
-    environment:
-      DOMAINS: "*.example.com,example.com"
-      EMAIL: "contact@example.com"
-    volumes:
-      - certs:/etc/letsencrypt
-      - ./google.json:/opt/google.json
-      - ./entrypoint.sh:/opt/entrypoint.sh
-    entrypoint: /bin/sh /opt/entrypoint.sh
-
   app1:
     image: nginxdemos/nginx-hello
     networks:
@@ -71,7 +68,6 @@ services:
 
 volumes:
   bw-data:
-  certs:
 
 
 networks:

examples/dns-digitalocean/README.md

@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-digitalocean documentation](https://certbot-dns-digitalocean.readthedocs.io/en/stable/) first.
+
+Procedure :
+
+- Edit domains in the compose file
+- Edit DigitalOcean credentials in the compose file (generate using https://cloud.digitalocean.com/settings/api/tokens)
+- Run your services, the scheduler will take care of the rest : `docker-compose up -d`

examples/dns-digitalocean/docker-compose.yml

@@ -3,8 +3,9 @@ services:
     image: bunkerity/bunkerweb:1.6.0-beta
     container_name: bunkerweb
     ports:
-      - "80:8080"
-      - "443:8443"
+      - "80:8080/tcp"
+      - "443:8443/tcp"
+      - "443:8443/udp" # for QUIC
     environment:
       API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
     restart: "unless-stopped"
@@ -30,9 +31,16 @@ services:
       USE_CLIENT_CACHE: "yes"
       USE_GZIP: "yes"
       USE_REVERSE_PROXY: "yes"
-      USE_CUSTOM_SSL: "yes"
-      CUSTOM_SSL_CERT: "/certs/live/example.com/fullchain.pem"
-      CUSTOM_SSL_KEY: "/certs/live/example.com/privkey.pem"
+
+      # Let's Encrypt configuration
+      AUTO_LETS_ENCRYPT: "yes"
+      EMAIL_LETS_ENCRYPT: "changeme@example.com" # replace with your email to receive notifications about certificate expiration
+      LETS_ENCRYPT_CHALLENGE: "dns"
+      LETS_ENCRYPT_DNS_PROVIDER: "cloudflare"
+      LETS_ENCRYPT_DNS_PROPAGATION: "default" # change this to a number of seconds if you have a slow DNS provider (It's recommended to use the default value)
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM: "dns_cloudflare_api_token <your-cloudflare-api-token>" # replace with your Cloudflare API token
+
+      # Reverse proxy configuration
       app1.example.com_REVERSE_PROXY_URL: "/"
       app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080"
       app2.example.com_REVERSE_PROXY_URL: "/"
@@ -43,17 +51,6 @@ services:
     networks:
       - bw-universe
 
-  mycertbot:
-    image: certbot/dns-digitalocean:v2.11.0
-    environment:
-      DOMAINS: "*.example.com,example.com"
-      EMAIL: "contact@example.com"
-    volumes:
-      - certs:/etc/letsencrypt
-      - ./digitalocean.ini:/opt/digitalocean.ini
-      - ./entrypoint.sh:/opt/entrypoint.sh
-    entrypoint: /bin/sh /opt/entrypoint.sh
-
   app1:
     image: nginxdemos/nginx-hello
     networks:
@@ -71,7 +68,6 @@ services:
 
 volumes:
   bw-data:
-  certs:
 
 
 networks:

examples/dns-google/README.md

@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-google documentation](https://certbot-dns-google.readthedocs.io/en/stable/) first.
+
+Procedure :
+
+- Edit domains in the compose file
+- Edit Mandatory Google credentials in the compose file (generate using https://console.cloud.google.com/apis/credentials) (The other optional credentials have the default values: type, auth_uri, token_uri, auth_provider_x509_cert_url)
+- Run your services, the scheduler will take care of the rest : `docker-compose up -d`

examples/dns-google/docker-compose.yml

@@ -0,0 +1,86 @@
+services:
+  bunkerweb:
+    image: bunkerity/bunkerweb:1.6.0-beta
+    container_name: bunkerweb
+    ports:
+      - "80:8080/tcp"
+      - "443:8443/tcp"
+      - "443:8443/udp" # for QUIC
+    environment:
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.6.0-beta
+    container_name: bw-scheduler
+    depends_on:
+      - bunkerweb
+    volumes:
+      - bw-data:/data
+      - certs:/certs
+    environment:
+      BUNKERWEB_INSTANCES: "bunkerweb"
+      SERVER_NAME: "app1.example.com app2.example.com app3.example.com" # replace with your domains
+      MULTISITE: "yes"
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+      SERVE_FILES: "no"
+      DISABLE_DEFAULT_SERVER: "yes"
+      USE_CLIENT_CACHE: "yes"
+      USE_GZIP: "yes"
+      USE_REVERSE_PROXY: "yes"
+
+      # Let's Encrypt configuration
+      AUTO_LETS_ENCRYPT: "yes"
+      EMAIL_LETS_ENCRYPT: "changeme@example.com" # replace with your email to receive notifications about certificate expiration
+      LETS_ENCRYPT_CHALLENGE: "dns"
+      LETS_ENCRYPT_DNS_PROVIDER: "google"
+      LETS_ENCRYPT_DNS_PROPAGATION: "default" # change this to a number of seconds if you have a slow DNS provider (It's recommended to use the default value)
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM: "project_id <your-google-project-id>" # replace with your Google project ID
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_1: "private_key_id <your-google-private-key-id>" # replace with your Google private key ID
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_2: "private_key <your-google-private-key>" # replace with your Google private key
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_3: "client_email <your-google-client-email>" # replace with your Google client email
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_4: "client_id <your-google-client-id>" # replace with your Google client ID
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_5: "client_x509_cert_url <your-google-client-x509-cert-url>" # replace with your Google client x509 cert URL
+
+      # Reverse proxy configuration
+      app1.example.com_REVERSE_PROXY_URL: "/"
+      app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080"
+      app2.example.com_REVERSE_PROXY_URL: "/"
+      app2.example.com_REVERSE_PROXY_HOST: "http://app2:8080"
+      app3.example.com_REVERSE_PROXY_URL: "/"
+      app3.example.com_REVERSE_PROXY_HOST: "http://app3:8080"
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+
+  app1:
+    image: nginxdemos/nginx-hello
+    networks:
+      - bw-services
+
+  app2:
+    image: nginxdemos/nginx-hello
+    networks:
+      - bw-services
+
+  app3:
+    image: nginxdemos/nginx-hello
+    networks:
+      - bw-services
+
+volumes:
+  bw-data:
+
+
+networks:
+  bw-universe:
+    name: bw-universe
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+    name: bw-services

examples/dns-linode/README.md

@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-linode](https://certbot-dns-linode.readthedocs.io/en/stable/) first.
+
+Procedure :
+
+- Edit domains in the compose file
+- Edit Linode credentials in the compose file (generate using https://cloud.linode.com/profile/tokens)
+- Run your services, the scheduler will take care of the rest : `docker-compose up -d`

examples/dns-linode/docker-compose.yml

@@ -3,8 +3,9 @@ services:
     image: bunkerity/bunkerweb:1.6.0-beta
     container_name: bunkerweb
     ports:
-      - "80:8080"
-      - "443:8443"
+      - "80:8080/tcp"
+      - "443:8443/tcp"
+      - "443:8443/udp" # for QUIC
     environment:
       API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
     restart: "unless-stopped"
@@ -30,9 +31,17 @@ services:
       USE_CLIENT_CACHE: "yes"
       USE_GZIP: "yes"
       USE_REVERSE_PROXY: "yes"
-      USE_CUSTOM_SSL: "yes"
-      CUSTOM_SSL_CERT: "/certs/live/example.com/fullchain.pem"
-      CUSTOM_SSL_KEY: "/certs/live/example.com/privkey.pem"
+
+      # Let's Encrypt configuration
+      AUTO_LETS_ENCRYPT: "yes"
+      EMAIL_LETS_ENCRYPT: "changeme@example.com" # replace with your email to receive notifications about certificate expiration
+      LETS_ENCRYPT_CHALLENGE: "dns"
+      LETS_ENCRYPT_DNS_PROVIDER: "linode"
+      LETS_ENCRYPT_DNS_PROPAGATION: "default" # change this to a number of seconds if you have a slow DNS provider (It's recommended to use the default value)
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM: "dns_linode_key <your-linode-key>" # replace with your Linode key
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_1: "dns_linode_version 4" # replace with the Linode API version of your choice (the default is 4)
+
+      # Reverse proxy configuration
       app1.example.com_REVERSE_PROXY_URL: "/"
       app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080"
       app2.example.com_REVERSE_PROXY_URL: "/"
@@ -43,17 +52,6 @@ services:
     networks:
       - bw-universe
 
-  mycertbot:
-    image: certbot/dns-cloudflare:v2.11.0
-    environment:
-      DOMAINS: "*.example.com,example.com"
-      EMAIL: "contact@example.com"
-    volumes:
-      - certs:/etc/letsencrypt
-      - ./cloudflare.ini:/opt/cloudflare.ini
-      - ./entrypoint.sh:/opt/entrypoint.sh
-    entrypoint: /bin/sh /opt/entrypoint.sh
-
   app1:
     image: nginxdemos/nginx-hello
     networks:
@@ -71,7 +69,6 @@ services:
 
 volumes:
   bw-data:
-  certs:
 
 
 networks:

examples/dns-ovh/README.md

@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-ovh documentation](https://certbot-dns-ovh.readthedocs.io/en/stable/) first.
+
+Procedure :
+
+- Edit domains in the compose file
+- Edit OVH credentials in the compose file (generate using https://eu.api.ovh.com/createToken/)
+- Run your services, the scheduler will take care of the rest : `docker-compose up -d`

examples/dns-ovh/docker-compose.yml

@@ -0,0 +1,83 @@
+services:
+  bunkerweb:
+    image: bunkerity/bunkerweb:1.6.0-beta
+    container_name: bunkerweb
+    ports:
+      - "80:8080/tcp"
+      - "443:8443/tcp"
+      - "443:8443/udp" # for QUIC
+    environment:
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.6.0-beta
+    container_name: bw-scheduler
+    depends_on:
+      - bunkerweb
+    volumes:
+      - bw-data:/data
+      - certs:/certs
+    environment:
+      BUNKERWEB_INSTANCES: "bunkerweb"
+      SERVER_NAME: "app1.example.com app2.example.com app3.example.com" # replace with your domains
+      MULTISITE: "yes"
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+      SERVE_FILES: "no"
+      DISABLE_DEFAULT_SERVER: "yes"
+      USE_CLIENT_CACHE: "yes"
+      USE_GZIP: "yes"
+      USE_REVERSE_PROXY: "yes"
+
+      # Let's Encrypt configuration
+      AUTO_LETS_ENCRYPT: "yes"
+      EMAIL_LETS_ENCRYPT: "changeme@example.com" # replace with your email to receive notifications about certificate expiration
+      LETS_ENCRYPT_CHALLENGE: "dns"
+      LETS_ENCRYPT_DNS_PROVIDER: "ovh"
+      LETS_ENCRYPT_DNS_PROPAGATION: "default" # change this to a number of seconds if you have a slow DNS provider (It's recommended to use the default value)
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM: "dns_ovh_application_key <your-ovh-application-key>" # replace with your OVH application key
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_1: "dns_ovh_application_secret <your-ovh-application-secret>" # replace with your OVH application secret
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_2: "dns_ovh_consumer_key <your-ovh-consumer-key>" # replace with your OVH consumer key
+
+      # Reverse proxy configuration
+      app1.example.com_REVERSE_PROXY_URL: "/"
+      app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080"
+      app2.example.com_REVERSE_PROXY_URL: "/"
+      app2.example.com_REVERSE_PROXY_HOST: "http://app2:8080"
+      app3.example.com_REVERSE_PROXY_URL: "/"
+      app3.example.com_REVERSE_PROXY_HOST: "http://app3:8080"
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+
+  app1:
+    image: nginxdemos/nginx-hello
+    networks:
+      - bw-services
+
+  app2:
+    image: nginxdemos/nginx-hello
+    networks:
+      - bw-services
+
+  app3:
+    image: nginxdemos/nginx-hello
+    networks:
+      - bw-services
+
+volumes:
+  bw-data:
+
+
+networks:
+  bw-universe:
+    name: bw-universe
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+    name: bw-services

examples/dns-rfc2136/README.md

@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-rfc2136 documentation](https://certbot-dns-rfc2136.readthedocs.io/en/stable/) first.
+
+Procedure :
+
+- Edit domains in the compose file
+- Edit RFC2136 credentials in the compose file according to the [RFC2136](https://tools.ietf.org/html/rfc2136) standard
+- Run your services, the scheduler will take care of the rest : `docker-compose up -d`

examples/dns-rfc2136/docker-compose.yml

@@ -0,0 +1,86 @@
+services:
+  bunkerweb:
+    image: bunkerity/bunkerweb:1.6.0-beta
+    container_name: bunkerweb
+    ports:
+      - "80:8080/tcp"
+      - "443:8443/tcp"
+      - "443:8443/udp" # for QUIC
+    environment:
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.6.0-beta
+    container_name: bw-scheduler
+    depends_on:
+      - bunkerweb
+    volumes:
+      - bw-data:/data
+      - certs:/certs
+    environment:
+      BUNKERWEB_INSTANCES: "bunkerweb"
+      SERVER_NAME: "app1.example.com app2.example.com app3.example.com" # replace with your domains
+      MULTISITE: "yes"
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+      SERVE_FILES: "no"
+      DISABLE_DEFAULT_SERVER: "yes"
+      USE_CLIENT_CACHE: "yes"
+      USE_GZIP: "yes"
+      USE_REVERSE_PROXY: "yes"
+
+      # Let's Encrypt configuration
+      AUTO_LETS_ENCRYPT: "yes"
+      EMAIL_LETS_ENCRYPT: "changeme@example.com" # replace with your email to receive notifications about certificate expiration
+      LETS_ENCRYPT_CHALLENGE: "dns"
+      LETS_ENCRYPT_DNS_PROVIDER: "rfc2136"
+      LETS_ENCRYPT_DNS_PROPAGATION: "default" # change this to a number of seconds if you have a slow DNS provider (It's recommended to use the default value)
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM: "dns_rfc2136_server <your-dns-server>" # replace with your DNS server
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_1: "dns_rfc2136_port 53" # replace with your DNS port (default is 53)
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_2: "dns_rfc2136_name <your-dns-name>" # replace with your DNS name
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_3: "dns_rfc2136_secret <your-dns-secret>" # replace with your DNS secret
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_4: "dns_rfc2136_algorithm HMAC-MD5" # replace with your DNS algorithm (default is HMAC-MD5)
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_5: "dns_rfc2136_sign_query false" # replace with true if you want to sign the query (default is false)
+
+      # Reverse proxy configuration
+      app1.example.com_REVERSE_PROXY_URL: "/"
+      app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080"
+      app2.example.com_REVERSE_PROXY_URL: "/"
+      app2.example.com_REVERSE_PROXY_HOST: "http://app2:8080"
+      app3.example.com_REVERSE_PROXY_URL: "/"
+      app3.example.com_REVERSE_PROXY_HOST: "http://app3:8080"
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+
+  app1:
+    image: nginxdemos/nginx-hello
+    networks:
+      - bw-services
+
+  app2:
+    image: nginxdemos/nginx-hello
+    networks:
+      - bw-services
+
+  app3:
+    image: nginxdemos/nginx-hello
+    networks:
+      - bw-services
+
+volumes:
+  bw-data:
+
+
+networks:
+  bw-universe:
+    name: bw-universe
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+    name: bw-services

examples/dns-route53/README.md

@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-route53 documentation](https://certbot-dns-route53.readthedocs.io/en/stable/) first.
+
+Procedure :
+
+- Edit domains in the compose file
+- Edit AWS credentials in the compose file (generate using https://console.aws.amazon.com/iam/home?#/security_credentials)
+- Run your services, the scheduler will take care of the rest : `docker-compose up -d`

examples/dns-route53/docker-compose.yml

@@ -3,8 +3,9 @@ services:
     image: bunkerity/bunkerweb:1.6.0-beta
     container_name: bunkerweb
     ports:
-      - "80:8080"
-      - "443:8443"
+      - "80:8080/tcp"
+      - "443:8443/tcp"
+      - "443:8443/udp" # for QUIC
     environment:
       API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
     restart: "unless-stopped"
@@ -30,9 +31,17 @@ services:
       USE_CLIENT_CACHE: "yes"
       USE_GZIP: "yes"
       USE_REVERSE_PROXY: "yes"
-      USE_CUSTOM_SSL: "yes"
-      CUSTOM_SSL_CERT: "/certs/live/example.com/fullchain.pem"
-      CUSTOM_SSL_KEY: "/certs/live/example.com/privkey.pem"
+
+      # Let's Encrypt configuration
+      AUTO_LETS_ENCRYPT: "yes"
+      EMAIL_LETS_ENCRYPT: "changeme@example.com" # replace with your email to receive notifications about certificate expiration
+      LETS_ENCRYPT_CHALLENGE: "dns"
+      LETS_ENCRYPT_DNS_PROVIDER: "route53"
+      LETS_ENCRYPT_DNS_PROPAGATION: "default" # change this to a number of seconds if you have a slow DNS provider (It's recommended to use the default value)
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM: "aws_access_key_id <your-aws-access-key-id>" # replace with your AWS access key ID
+      LETS_ENCRYPT_DNS_CREDENTIAL_ITEM_1: "aws_secret_access_key <your-aws-secret-access-key>" # replace with your AWS secret access key
+
+      # Reverse proxy configuration
       app1.example.com_REVERSE_PROXY_URL: "/"
       app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080"
       app2.example.com_REVERSE_PROXY_URL: "/"
@@ -43,17 +52,6 @@ services:
     networks:
       - bw-universe
 
-  mycertbot:
-    image: certbot/dns-ovh:v2.11.0
-    environment:
-      DOMAINS: "*.example.com,example.com"
-      EMAIL: "contact@example.com"
-    volumes:
-      - certs:/etc/letsencrypt
-      - ./ovh.ini:/opt/ovh.ini
-      - ./entrypoint.sh:/opt/entrypoint.sh
-    entrypoint: /bin/sh /opt/entrypoint.sh
-
   app1:
     image: nginxdemos/nginx-hello
     networks:
@@ -71,7 +69,6 @@ services:
 
 volumes:
   bw-data:
-  certs:
 
 
 networks: