Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
lqb
/
nginx-ui
zrkadlo https://github.com/0xJacky/nginx-ui.git
1
0
Fork 0
Súbory Issues 0 Wiki
Strom: v2.0.0-rc.
Branche Tagy
nginx-ui
/
internal
/
cert
/
config
/
lightsail.toml

lightsail.toml 2.3 KB
Permanentný odkaz História Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. Name = "Amazon Lightsail"
    2. 

  2. Description = ''''''
    3. 

  3. URL = "https://aws.amazon.com/lightsail/"
    4. 

  4. Code = "lightsail"
    5. 

  5. Since = "v0.5.0"
    6. 

  6. 

  7. Example = ''''''
    8. 

  8. 

  9. Additional = '''
    10. 

  10. ## Description
    11. 

  11. 

  12. AWS Credentials are automatically detected in the following locations and prioritized in the following order:
    13. 

  13. 

  14. 1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`]
    15. 

  15. 2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`)
    16. 

  16. 3. Amazon EC2 IAM role
    17. 

  17. 

  18. AWS region is not required to set as the Lightsail DNS zone is in global (us-east-1) region.
    19. 

  19. 

  20. ## Policy
    21. 

  21. 

  22. The following AWS IAM policy document describes the minimum permissions required for lego to complete the DNS challenge.
    23. 

  23. 

  24. ```json
    25. 

  25. {
    26. 

  26.   "Version": "2012-10-17",
    27. 

  27.   "Statement": [
    28. 

  28.     {
    29. 

  29.       "Effect": "Allow",
    30. 

  30.       "Action": [
    31. 

  31.         "lightsail:DeleteDomainEntry",
    32. 

  32.         "lightsail:CreateDomainEntry"
    33. 

  33.       ],
    34. 

  34.       "Resource": "<Lightsail DNS zone ARN>"
    35. 

  35.     }
    36. 

  36.   ]
    37. 

  37. }
    38. 

  38. ```
    39. 

  39. 

  40. Replace the `Resource` value with your Lightsail DNS zone ARN.
    41. 

  41. You can retrieve the ARN using aws cli by running `aws lightsail get-domains --region us-east-1` (Lightsail web console does not show the ARN, unfortunately).
    42. 

  42. It should be in the format of `arn:aws:lightsail:global:<ACCOUNT ID>:Domain/<DOMAIN ID>`.
    43. 

  43. You also need to replace the region in the ARN to `us-east-1` (instead of `global`).
    44. 

  44. 

  45. Alternatively, you can also set the `Resource` to `*` (wildcard), which allow to access all domain, but this is not recommended.
    46. 

  46. '''
    47. 

  47. 

  48. [Configuration]
    49. 

  49.   [Configuration.Credentials]
    50. 

  50.     AWS_ACCESS_KEY_ID = "Managed by the AWS client. Access key ID (`AWS_ACCESS_KEY_ID_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
    51. 

  51.     AWS_SECRET_ACCESS_KEY = "Managed by the AWS client. Secret access key (`AWS_SECRET_ACCESS_KEY_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
    52. 

  52.     DNS_ZONE = "Domain name of the DNS zone"
    53. 

  53.   [Configuration.Additional]
    54. 

  54.     AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."
    55. 

  55.     LIGHTSAIL_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
    56. 

  56.     LIGHTSAIL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
    57. 

  57. 

  58. [Links]
    59. 

  59.   GoClient = "https://github.com/aws/aws-sdk-go-v2"
    60.