public
/
docker-service-nginx
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
瀏覽代碼

Configure SSL certs

pull/4/head
Chris Smith 8 年之前
父節點
562dc3802a
當前提交
337e4cd322
共有 3 個檔案被更改,包括 16 行新增3 行删除
統一視圖 顯示文件統計
  1. 6
    0
      README.md
  2. 7
    3
      generate.py
  3. 3
    0
      nginx.tpl

+ 6
- 0
README.md 查看文件

38 
   --name (default: unknown) name of the host running docker
 38 
   --name (default: unknown) name of the host running docker
39 
 ```
 39 
 ```
40
40
41 
+And some additional arguments:
42 
+
43 
+```
44 
+  --cert-path (default: /letsencrypt/certs/%s/fullchain.pem) path to the SSL cert. Use '%s' for the primary vhost.
45 
+  --cert-key-path (default: /letsencrypt/certs/%s/privkey.pem) path to the SSL cert's private key. Use '%s' for the primary vhost.
46 
+```

+ 7
- 3
generate.py 查看文件

11 
 parser.add_argument('--etcd-port', type=int, help='Port to connect to etcd on', default=2379)
 11 
 parser.add_argument('--etcd-port', type=int, help='Port to connect to etcd on', default=2379)
12 
 parser.add_argument('--etcd-host', help='Host to connect to etcd on', default='etcd')
 12 
 parser.add_argument('--etcd-host', help='Host to connect to etcd on', default='etcd')
13 
 parser.add_argument('--etcd-prefix', help='Prefix to use when retrieving keys from etcd', default='/docker')
 13 
 parser.add_argument('--etcd-prefix', help='Prefix to use when retrieving keys from etcd', default='/docker')
14 
+parser.add_argument('--cert-path', help='Path to use for certificates. Use "%s" for hostname', default='/letsencrypt/certs/%s/fullchain.pem')
15 
+parser.add_argument('--cert-key-path', help='Path to use for certificate private keys. Use "%s" for hostname', default='/letsencrypt/certs/%s/privkey.pem')
14 
 args = parser.parse_args()
 16 
 args = parser.parse_args()
15
17
16 
 jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader('/'))
 18 
 jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader('/'))
19
21
20 
 while True:
 22 
 while True:
21 
   services = []
 23 
   services = []
22 
-  domains = fetcher.get_label('com.chameth.vhost')
24 
+  domains = {k: v.split(',') for k, v in fetcher.get_label('com.chameth.vhost').items()}
23 
   protocols = fetcher.get_label('com.chameth.proxy.protocol')
 25 
   protocols = fetcher.get_label('com.chameth.proxy.protocol')
24 
   for container, values in fetcher.get_label('com.chameth.proxy').items():
 26 
   for container, values in fetcher.get_label('com.chameth.proxy').items():
25 
     networks = fetcher.get_networks(container)
 27 
     networks = fetcher.get_networks(container)
26 
     services.append({
 28 
     services.append({
27 
       'protocol': protocols[container] if container in protocols else 'http',
 29 
       'protocol': protocols[container] if container in protocols else 'http',
28 
-      'vhosts': domains[container].split(','),
30 
+      'vhosts': domains[container],
29 
       'host': next(iter(networks.values())), # TODO: Pick a bridge sensibly?
 31 
       'host': next(iter(networks.values())), # TODO: Pick a bridge sensibly?
30 
-      'port': values
32 
+      'port': values,
33 
+      'certificate': args.cert_path % domains[container][0],
34 
+      'certificate_key': args.cert_key_path % domains[container][0]
31 
     })
 35 
     })
32
36
33 
   print(template.render(services=services)) # TODO: Actually write it out
 37 
   print(template.render(services=services)) # TODO: Actually write it out

+ 3
- 0
nginx.tpl 查看文件

3 
     server_name {{ ' '.join(service.vhosts) }};
 3 
     server_name {{ ' '.join(service.vhosts) }};
4 
     listen [::]:443 ssl http2;
 4 
     listen [::]:443 ssl http2;
5
5
6 
+    ssl_certificate {{ service.certificate }};
7 
+    ssl_certificate_key {{ service.certificate_key }};
8 
+
6 
     location / {
 9 
     location / {
7 
         proxy_pass {{ service.protocol }}://{{ service.host }}:{{ service.port }};
 10 
         proxy_pass {{ service.protocol }}://{{ service.host }}:{{ service.port }};
8 
     }
 11 
     }

Write Preview
Loading…
取消
儲存