Merge pull request #50 from Dstack-TEE/feat-namecheap-supports

ingress: added namecheap support

Author: Leechael

custom-domain/dstack-ingress/DNS_PROVIDERS.md

@@ -6,6 +6,7 @@ This guide explains how to configure dstack-ingress to work with different DNS p
 
 - **Cloudflare** - The original and default provider
 - **Linode DNS** - For Linode-hosted domains
+- **Namecheap** - For Namecheap-hosted domains
 
 ## Environment Variables
 
@@ -15,7 +16,7 @@ This guide explains how to configure dstack-ingress to work with different DNS p
 - `GATEWAY_DOMAIN` - dstack gateway domain (e.g., `_.dstack-prod5.phala.network`)
 - `CERTBOT_EMAIL` - Email for Let's Encrypt registration
 - `TARGET_ENDPOINT` - Backend application endpoint to proxy to
-- `DNS_PROVIDER` - DNS provider to use (`cloudflare`, `linode`)
+- `DNS_PROVIDER` - DNS provider to use (`cloudflare`, `linode`, `namecheap`)
 
 ### Optional Variables
 
@@ -53,7 +54,28 @@ LINODE_API_TOKEN=your-api-token
 - If resolution fails, it falls back to CNAME (but CAA records won't work on that subdomain)
 - This is a Linode-specific limitation not present in other providers
 
-## Docker Compose Example
+### Namecheap
+
+```bash
+DNS_PROVIDER=namecheap
+NAMECHEAP_USERNAME=your-username
+NAMECHEAP_API_KEY=your-api-key
+NAMECHEAP_CLIENT_IP=your-client-ip
+```
+
+**Required Credentials:**
+- `NAMECHEAP_USERNAME` - Your Namecheap account username
+- `NAMECHEAP_API_KEY` - Your Namecheap API key (from https://ap.www.namecheap.com/settings/tools/apiaccess/)
+- `NAMECHEAP_CLIENT_IP` - The IP address of the node (required for Namecheap API authentication)
+
+**Important Notes for Namecheap:**
+- Namecheap API requires node IP address for authentication, and you need add it to whitelist IP first.
+- Namecheap doesn't support CAA records through their API currently
+- The certbot plugin uses the format `certbot-dns-namecheap` package
+
+## Docker Compose Examples
+
+### Linode Example
 
 ```yaml
 version: '3.8'
@@ -78,6 +100,33 @@ services:
       - ./evidences:/evidences
 ```
 
+### Namecheap Example
+
+```yaml
+version: '3.8'
+
+services:
+  ingress:
+    image: dstack-ingress:latest
+    ports:
+      - "443:443"
+    environment:
+      # Common configuration
+      - DNS_PROVIDER=namecheap
+      - DOMAIN=app.example.com
+      - GATEWAY_DOMAIN=_.dstack-prod5.phala.network
+      - [email protected]
+      - TARGET_ENDPOINT=http://backend:8080
+
+      # Namecheap specific
+      - NAMECHEAP_USERNAME=your-username
+      - NAMECHEAP_API_KEY=your-api-key
+      - NAMECHEAP_CLIENT_IP=your-public-ip
+    volumes:
+      - ./letsencrypt:/etc/letsencrypt
+      - ./evidences:/evidences
+```
+
 ## Migration from Cloudflare-only Setup
 
 If you're currently using the Cloudflare-only version:
@@ -111,4 +160,10 @@ Ensure your API tokens/credentials have the necessary permissions listed above f
 ### Linode
 1. Go to https://cloud.linode.com/profile/tokens
 2. Create a Personal Access Token
-3. Grant "Domains" Read/Write access
+3. Grant "Domains" Read/Write access
+
+### Namecheap
+1. Go to https://ap.www.namecheap.com/settings/tools/api-access/
+2. Enable API access for your account
+3. Note down your API key and username
+4. Make sure your IP address is whitelisted in the API settings

custom-domain/dstack-ingress/Dockerfile

@@ -18,7 +18,6 @@ RUN set -e; \
     done && \
     apt-get update && \
     apt-get install -y --no-install-recommends \
-        certbot \
         openssl \
         bash \
         python3-pip \
@@ -32,6 +31,17 @@ RUN set -e; \
 
 RUN mkdir -p /etc/letsencrypt /var/www/certbot /usr/share/nginx/html
 
+# Set up Python virtual environment and install certbot
+RUN set -e; \
+    python3 -m venv --system-site-packages /opt/app-venv && \
+    . /opt/app-venv/bin/activate && \
+    pip install --upgrade pip && \
+    pip install certbot requests && \
+    # Create symlinks for system-wide access
+    ln -sf /opt/app-venv/bin/certbot /usr/local/bin/certbot && \
+    # Ensure the virtual environment is always activated for scripts
+    echo 'source /opt/app-venv/bin/activate' > /etc/profile.d/app-venv.sh
+
 COPY ./scripts /scripts/
 RUN chmod +x /scripts/*.sh /scripts/*.py
 ENV PATH="/scripts:$PATH"