acme-dns
acme-dns copied to clipboard
Published
20 hours ago •
joohoi
joohoi
acme-dns always restarting
Help, why acme-dns keeps on restarting,
10.100.0.10 is kubedns clusterip, assigned for all docker apps as default container dns
[general]
# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
# In this case acme-dns will error out and you will need to define the listening interface
# for example: listen = "127.0.0.1:53"
listen = "0.0.0.0:53"
# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
protocol = "both"
# domain name to serve the requests off of
domain = "acme.kubernetes.bnpb.go.id"
# zone name server
nsname = "acme.kubernetes.bnpb.go.id"
# admin email address, where @ is substituted with .
nsadmin = "zein.msoleh.gmail.com"
# predefined records served in addition to the TXT
records = [
# domain pointing to the public IP of your acme-dns server
"acme.kubernetes.bnpb.go.id. A 116.12.46.204",
# specify that auth.example.org will resolve any *.auth.example.org records
"acme.kubernetes.bnpb.go.id. NS acme.kubernetes.bnpb.go.id.",
]
# debug messages from CORS etc
debug = false
[database]
# Database engine to use, sqlite3 or postgres
engine = "sqlite3"
# engine = "postgres"
# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
connection = "/var/lib/acme-dns/acme-dns.db"
# connection = "postgres://inarisk:[email protected]:5432/acmedns_db"
[api]
# listen ip eg. 127.0.0.1
ip = "0.0.0.0"
# disable registration endpoint
disable_registration = false
# listen port, eg. 443 for default HTTPS
port = "443"
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "letsencryptstaging"
# only used if tls = "cert"
# tls_cert_privkey = "/etc/tls/acme.kubernetes.bnpb.go.id/privkey.pem"
# tls_cert_fullchain = "/etc/tls/acme.kubernetes.bnpb.go.id/fullchain.pem"
# only used if tls = "letsencrypt"
acme_cache_dir = "api-certs"
# CORS AllowOrigins, wildcards can be used
corsorigins = [
"*"
]
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"
[logconfig]
# logging level: "error", "warning", "info" or "debug"
loglevel = "debug"
# possible values: stdout, TODO file & integrations
logtype = "stdout"
# file path for logfile TODO
# logfile = "./acme-dns.log"
# format, either "json" or "text"
logformat = "text"
kubernetes ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: acme-dns
namespace: acme-dns
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: acme.kubernetes.bnpb.go.id
http:
paths:
- backend:
serviceName: web
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- acme.kubernetes.bnpb.go.id
secretName: ingress-certificate-secret
cert-manager certificate:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bnpb-acme-certificate
spec:
secretName: ingress-certificate-secret
dnsNames:
- acme.kubernetes.bnpb.go.id
- "*.acme.kubernetes.bnpb.go.id"
issuerRef:
name: issuer-letsencrypt
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
group: cert-manager.io
cert-manager issuer:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: issuer-letsencrypt
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: [email protected]
privateKeySecretRef:
name: account-private-key-secret
solvers:
- dns01:
acmeDNS:
host: https://acme.kubernetes.bnpb.go.id
accountSecretRef:
name: acme-dns
key: acmedns.json
Did you read Issue #228 ?
That was resolved by changing config.cfg file:
[api]
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "none"
