|
@@ -0,0 +1,56 @@
|
|
1
|
+# Automatic Let's Encrypt certificate generator
|
|
2
|
+
|
|
3
|
+This connects my [docker-service-reporter](https://github.com/csmith/docker-service-reporter/)
|
|
4
|
+and [docker-letsencrypt-lexicon](https://github.com/csmith/docker-letsencrypt-lexicon)
|
|
5
|
+containers together. Between the three, they create a pipeline
|
|
6
|
+to automatically obtain Let's Encrypt certificates for
|
|
7
|
+containers as they're added or modified.
|
|
8
|
+
|
|
9
|
+## How?
|
|
10
|
+
|
|
11
|
+The `service-reporter` container populates `etcd` with details about
|
|
12
|
+known containers.
|
|
13
|
+
|
|
14
|
+This container monitors `etcd` for a label specifying vhosts, and builds a
|
|
15
|
+list of domain names and alternatives that need certificates.
|
|
16
|
+
|
|
17
|
+Finally, `letsencrypt-lexicon` takes in the list of domain names and
|
|
18
|
+obtains the actual certificates for them.
|
|
19
|
+
|
|
20
|
+## Usage
|
|
21
|
+
|
|
22
|
+Create a named volume to use for the domains list and resulting
|
|
23
|
+certificates:
|
|
24
|
+
|
|
25
|
+```bash
|
|
26
|
+docker volume create --name letsencrypt-data
|
|
27
|
+```
|
|
28
|
+
|
|
29
|
+You should mount this volume in the `letsencrypt-lexicon` container at
|
|
30
|
+`/letsencrypt`.
|
|
31
|
+
|
|
32
|
+Then run this container. It takes the same arguments as `service-reporter`:
|
|
33
|
+
|
|
34
|
+```
|
|
35
|
+ --etcd-host (default: etcd) hostname where ectd is running
|
|
36
|
+ --etcd-port (default: 2379) port to connect to ectd on
|
|
37
|
+ --etcd-prefix (default: /docker) prefix to read keys from
|
|
38
|
+ --name (default: unknown) name of the host running docker
|
|
39
|
+```
|
|
40
|
+
|
|
41
|
+So running the container will look something like:
|
|
42
|
+
|
|
43
|
+```bash
|
|
44
|
+docker run -d \
|
|
45
|
+ --name service-letsencrypt \
|
|
46
|
+ --restart always \
|
|
47
|
+ -v letsencrypt-data:/letsencrypt \
|
|
48
|
+ csmith/service-letsencrypt:latest \
|
|
49
|
+ --<arguments>
|
|
50
|
+```
|
|
51
|
+
|
|
52
|
+## Current known issues
|
|
53
|
+
|
|
54
|
+* **The container performs one update and then exits.** It does not yet monitor
|
|
55
|
+ for changes to etcd.
|
|
56
|
+
|