35 lines
1.5 KiB
YAML
Executable File
35 lines
1.5 KiB
YAML
Executable File
# {{ ansible_managed }}
|
|
|
|
# Docker Compose to create certificate for mail domain
|
|
# Do not run this and mailserver at same time (Uses the same VPN config and hostname)
|
|
# TODO: Would be nice at some point to be able to use a different port exposed on mail.{{ domain_name }} for privacy aside from the default port 80. Could not get it working though, certbot has issues even when proxying from one port to port 80. Seems to be an issue with Gluetun and Certbot being only able to bind to ipv6 port 80.
|
|
|
|
# WE ARE NOW HANDLING SSL CERTIFICATE RENWEAL ON PROXY, USE PROVIDED SCRIPT IN DIR TO COPY CERTS FROM PROXY TO HERE
|
|
|
|
services:
|
|
# Gluetun is used to connect container to VPN
|
|
certbot-gluetun:
|
|
image: qmcgaw/gluetun
|
|
cap_add:
|
|
- NET_ADMIN
|
|
environment:
|
|
- VPN_SERVICE_PROVIDER=custom
|
|
- VPN_TYPE=wireguard
|
|
- VPN_ENDPOINT_IP={{ proxy_server_ip }}
|
|
- VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }}
|
|
- WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }}
|
|
- WIREGUARD_PRIVATE_KEY={{ mail_service_privkey }}
|
|
- WIREGUARD_ADDRESSES=10.0.0.2/32
|
|
- FIREWALL_VPN_INPUT_PORTS=80,443
|
|
ports:
|
|
- "80:80" # HTTP
|
|
certbot:
|
|
image: certbot/certbot
|
|
network_mode: "service:certbot-gluetun"
|
|
volumes:
|
|
- ./data/certbot/certs:/etc/letsencrypt
|
|
- ./data/certbot/logs:/var/log/letsencrypt
|
|
- /etc/localtime:/etc/localtime:ro
|
|
entrypoint: sh -c "sleep 15 && certbot certonly --standalone -d mail.{{ domain_name }} --noninteractive --agree-tos --email alerts@{{ domain_name }} --no-eff-email"
|
|
|