docker-compose.acme.sh-dot.yml

# NOTE: This is just an example (which is also not fully tested yet) how you could use sniDust with DoT and a trusted certificate.
# Is uses acme.sh and the DNS-01 method in conjuntion with cloudflare. For other options using acme.sh please see here: https://github.com/acmesh-official/acme.sh/wiki/
#
#
# You need run acme.sh ONCE manually. After the container will manually renew certs and call snidust to reload certs
#  docker  exec  \
#    -e CF_Token="TOKEN" \
#    -e CF_Email="abc@example.com" \
#    acme.sh --issue -d dot.example.com  --dns dns_cf
#
volumes:
    acme_sh:
      driver: local

services:
    acme.sh:
        container_name: acme.sh
        image: neilpang/acme.sh
        command: daemon
        volumes:
          - acme_sh:/acme.sh
          - /var/run/docker.sock:/var/run/docker.sock
        environment:
          - DEPLOY_DOCKER_CONTAINER_LABEL=sh.acme.autoload.domain=dot.example.com
          - DEPLOY_DOCKER_CONTAINER_KEY_FILE=/etc/dnsdist/cert/tls.key
          - DEPLOY_DOCKER_CONTAINER_CERT_FILE="/etc/dnsdist/cert/cert.pem"
          - DEPLOY_DOCKER_CONTAINER_CA_FILE="/etc/dnsdist/cert/ca.pem"
          - DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/etc/dnsdist/cert/tls.pem"
          - DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="/usr/bin/dog @127.0.0.1:5300 --short reload.certs.snidust.local"
    sniDust:
        container_name: sniDust
        labels:
            - sh.acme.autoload.domain=dot.example.com
        environment:
            - 'ALLOWED_CLIENTS=127.0.0.1/32, myDynDNSDomain.no-ip.com' # CHANGE THIS
            - 'EXTERNAL_IP=10.111.123.8' # CHANGE THIS TO YOUR VPS PUBLIC IP
            - TZ=Europe/Berlin
            - DNSDIST_ENABLE_DOT=true
            - DNSDIST_DOT_CERT_TYPE=manual
        ports:
            - '443:8443'
            - '80:8080'
            - '53:5300/udp'
            - '53:5300/tcp'
            - '853:8530/tcp'
        image: 'ghcr.io/seji64/snidust:main'
        restart: unless-stopped