Dotege is configured using environment variables:
The folder where certificates will be placed. Defaults to `/data/certs`.
The DNS provider to use. Must be one https://go-acme.github.io/lego/dns/[supported by Lego].
The DNS provider will also be configured using environmental variables, as documented by
the Lego project. Required.
The path to a JSON file to store ACME credentials and certificates. This file will
contain the private keys for all certificates generated by Dotege, so must not
be accessible to other users or processes. Defaults to `/data/config/certs.json`.
The e-mail address to provide to the ACME service for updates, renewal reminders, etc.
The ACME server to request certificates from. Defaults to the Let's Encrypt production
server at https://acme-v02.api.letsencrypt.org/directory. For staging, this can be set
The key type to use for private keys when generating a certificate using ACME. Valid
* `P256` for EC256
* `P384` for EC384
* `2048` for RSA-2048
* `4096` for RSA-4096
* `8192` for RSA-8192
The default value is `P384`.
The name of a container that should be sent a signal when the template or certificates
are changed. No signal is sent if not specified.
The type of signal to send to the `DOTEGE_SIGNAL_CONTAINER`. Defaults to `HUP`.
Location to write the templated configuration file to. Defaults to `/data/output/haproxy.cfg`.
Path to a template to use to generate configuration. Defaults to `./templates/haproxy.cfg.tpl`,
which is a bundled basic template for generating HAProxy configurations.
A space or comma separated list of domains that should use wildcard certificates.
Defaults to an empty list.
=== Docker labels
Dotege operates by parsing labels applied to docker containers. It understands the following:
Specifies the name of an auth group (which must be defined appropriately in the template file)
that users are required to be in to access the container.
The port on which the container is listening for requests.
Comma- or space-delimited list of hostnames that the container will handle requests for.
Certificates will have the first host as the subject, and any additional hosts will be
alternate names. Certificates are only reused if all hostnames match.
There is a [pre-commit](https://pre-commit.com/) to go fmt and run basic checks on
commit; to enable it simply:
pip install pre-commit