Compare commits
No commits in common. "c13080b7dd75565298c68848345b9f1a9e5ad86c" and "adadb253abdce5bd51de119b86d7f0b1b5af3390" have entirely different histories.
c13080b7dd
...
adadb253ab
|
@ -14,11 +14,11 @@ RUN apk update \
|
|||
bash \
|
||||
su-exec \
|
||||
libxml2-utils \
|
||||
&& git clone https://github.com/lukas2511/dehydrated /dehydrated
|
||||
&& git clone https://github.com/lukas2511/dehydrated /dehydrated
|
||||
|
||||
# Add the files in the 'root' folder to the images filesystem
|
||||
ADD root /
|
||||
|
||||
|
||||
VOLUME /etc/dehydrated
|
||||
VOLUME /var/www/dehydrated
|
||||
VOLUME /certs
|
||||
|
|
24
README.md
24
README.md
|
@ -1,24 +0,0 @@
|
|||
# docker-dehydrated
|
||||
|
||||
This is a docker container that wraps around [dehydrated](https://github.com/lukas2511/dehydrated).
|
||||
|
||||
## Usage
|
||||
|
||||
For a short tutorial on how to use this container with zero-configuration to sign certificates
|
||||
using the HTTP-Challenge, see [zero-config-mode.md]("Zero-Config"-Mode).
|
||||
|
||||
## Environment variables
|
||||
|
||||
The following environment variables can be set to influence the container's behaviour:
|
||||
|
||||
- `$ENDPOINT` which ACME-Endpoint you want to use, supported values: "staging", "production" (default).
|
||||
- `$CHALLENGE` what type of challenge should be used, supported values: "http-01" (default), "dns-01"
|
||||
|
||||
If the environment variables were not explicitely set, no modification to the configuration file is made
|
||||
|
||||
## Behaviour on startup
|
||||
|
||||
When the container is started, a script is run which looks for the configuration file in the places supported by dehydrated,
|
||||
and if no configuration file is found, it will copy the [example configuration file](https://github.com/lukas2511/dehydrated/docs/examples/config)
|
||||
into `/etc/dehydrated/config`.
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
#!/bin/bash
|
||||
chown -R ${UID}:${GID} /etc/dehydrated /certs /var/www/dehydrated
|
||||
# Run dehydrated
|
||||
su-exec ${UID}:${GID} /dehydrated/dehydrated --cron --keep-going
|
||||
su-exec ${UID}:${GID} /dehydrated/dehydrated -c
|
||||
|
|
|
@ -1,11 +1,3 @@
|
|||
#!/bin/sh
|
||||
s6-svc -O /etc/s6.d/dehydrated
|
||||
|
||||
# Set ownership to dehydrated on the relevant folders
|
||||
chown -R ${UID}:${GID} /etc/dehydrated /certs /var/www/dehydrated
|
||||
|
||||
# Register to the CA
|
||||
su-exec ${UID}:${GID} /dehydrated/dehydrated --register --accept-terms
|
||||
|
||||
# Run the weekly script once
|
||||
/etc/periodic/weekly/dehydrated
|
||||
|
|
|
@ -1,58 +0,0 @@
|
|||
#!/bin/bash
|
||||
s6-svc -O /etc/s6.d/setup
|
||||
|
||||
# Check if and which configuration file exists
|
||||
CONFIGFILE="none"
|
||||
for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do
|
||||
if [[ -f "${check_config}/config" ]]; then
|
||||
CONFIGFILE="${check_config}/config"
|
||||
fi
|
||||
done
|
||||
|
||||
# At this point, if no configuration file exists, copy the example into /etc/dehydrated
|
||||
if [[ "$CONFIGFILE" == "none" ]]; then
|
||||
cp /dehydrated/docs/examples/config /etc/dehydrated/config
|
||||
CONFIGFILE="/etc/dehydrated/config"
|
||||
fi
|
||||
|
||||
# Determine if the staging endpoint should be used
|
||||
case "$ENDPOINT" in
|
||||
"staging")
|
||||
# If CA=... is commented, uncomment and set it to staging, if it is set to production, set it to staging
|
||||
sed -ie 's/#CA=.*$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory"/g' $CONFIGFILE
|
||||
sed -ie 's/CA=.+acme-v01\.api\..+$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory"/g' $CONFIGFILE
|
||||
# Same procedure for CA_TERMS=...
|
||||
sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||
sed -ie 's/CA_TERMS=.+acme-v01\.api\..+$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||
;;
|
||||
"production")
|
||||
# If CA=... is commented, uncomment and set to production, if it was set to staging, set it to production
|
||||
sed -ie 's/#CA=.*$/CA="https:\/\/acme-v01.api.letsencrypt.org\/directory"/g' $CONFIGFILE
|
||||
sed -ie 's/CA=.+acme-staging\.api\..+$/https:\/\/acme-v01.api.letsencrypt.org\/directory"/g' $CONFIGFILE
|
||||
# Same thing for CA_TERMS=...
|
||||
sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-v01.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||
sed -ie 's/CA_TERMS=.+acme-staging\.api\..+$/CA_TERMS="https:\/\/acme-v01.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||
;;
|
||||
*)
|
||||
echo "INFO: No endpoint was specifically set, dehydrated will use its default"
|
||||
;;
|
||||
esac
|
||||
|
||||
# Determine which type of challenge should be used
|
||||
case "$CHALLENGE" in
|
||||
"http-01")
|
||||
# If we have a "fresh" config, uncomment the challengetype-line and set our value
|
||||
sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="http-01"/g' $CONFIGFILE
|
||||
# If a challengetype is already set, overwrite it
|
||||
sed -ie 's/CHALLENGETYPE=.+$/CHALLENGETYPE="http-01"/g' $CONFIGFILE
|
||||
;;
|
||||
"dns-01")
|
||||
# If we have the default config, uncomment the line and set our challengetype
|
||||
sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="dns-01"/g' $CONFIGFILE
|
||||
# If a challengetype was already set, overwrite it with the new value
|
||||
sed -ie 's/CHALLENGETYPE=.+$/CHALLENGETYPE="dns-01"/g' $CONFIGFILE
|
||||
;;
|
||||
*)
|
||||
echo "INFO: No challenge-type was specified, the default from dehydrated will be used"
|
||||
;;
|
||||
esac
|
|
@ -1,46 +0,0 @@
|
|||
# Zero-configuration mode
|
||||
|
||||
This is a tutorial on how to use this container (without needing to configure anything) to create
|
||||
certificates for a given set of domains (using the HTTP-Challenge).
|
||||
|
||||
## Prerequisites
|
||||
|
||||
These are the things that you need to setup / already have set up in order to use this container
|
||||
for creating certificates using the HTTP-Challenge:
|
||||
|
||||
- A working internet connection, obviously
|
||||
- HTTP Webserver to serve the ``.well-known`` which is used for the HTTP-Challenge
|
||||
|
||||
Now create a folder in which dehydrated can push the challenge-data later, in this tutorial it
|
||||
will be called ``dehydrated-www``. Configure your Webserver to serve the contents of this folder
|
||||
under ``domain``/.well-known/ (for all domains for which you want to create certificates).
|
||||
|
||||
Next create another folder in which dehydrated will place its configuration, certificates etc.,
|
||||
in this tutorial it will be called ``dehydrated-data``. In this folder, create a file called
|
||||
``domains.txt`` in which you list the domains you want to create certificates for, using the
|
||||
following format:
|
||||
|
||||
- each domain on a new line
|
||||
- subdomains of a domain on the same line as the domain.
|
||||
|
||||
For more information on the format, see [https://github.com/lukas2511/dehydrated/blob/master/docs/domains_txt.md](https://github.com/lukas2511/dehydrated/blob/master/docs/domains_txt.md)
|
||||
|
||||
## Using docker-dehydrated
|
||||
|
||||
Now you can just run the container, and as the default challenge is the HTTP-Challenge, you do
|
||||
not need to pass environment variables to alter the default behaviour. To run the container,
|
||||
execute:
|
||||
|
||||
```bash
|
||||
$ docker run -v ./dehydrated-www:/var/www/dehydrated \
|
||||
-v ./dehydrated-data:/etc/dehydrated jcgruenhage/dehydrated
|
||||
```
|
||||
|
||||
Please note that on SELinux-Systems, you need to set the "SELinux"-Flag when passing volumes:
|
||||
``./dehydrated-www:/var/www/dehydrated:z`` (analog for ``dehydrated-data``).
|
||||
|
||||
Also, the container will ``chown`` the folders passed to himself, so make sure your webserver can
|
||||
still serve the contents of ``dehydrated-www``.
|
||||
|
||||
After the challenges have been run, the certificates will be stored in ``dehydrated-data/certs``,
|
||||
make sure to back this folder up!
|
Loading…
Reference in a new issue