Docker template generator
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Chris Smith 89c69d7c50 Maybe don't name all certs '*.pem' 2 months ago
templates Add X-Forwarded-For as well 2 months ago
.gitignore Initial import 4 months ago
.pre-commit-config.yaml Use new docker and lego code 3 months ago
Dockerfile Use new docker and lego code 3 months ago
LICENCE Add licence 4 months ago
README.adoc Support for wildcard domains 2 months ago
config.go Support for wildcard domains 2 months ago
config_test.go Initialise config immediately 2 months ago
docker.go Remove dead code, tidy up 2 months ago
dotege.go Maybe don't name all certs '*.pem' 2 months ago
dotege_test.go Initialise config immediately 2 months ago
go.mod Use new docker and lego code 3 months ago
go.sum Use new docker and lego code 3 months ago
lego.go Accept existing certs in any order 2 months ago
lego_test.go Accept existing certs in any order 2 months ago
templates.go Remove dead code, tidy up 2 months ago

README.adoc

== Dotege

=== Configuration

Dotege is configured using environment variables:

`DOTEGE_CERT_DESTINATION`::
The folder where certificates will be placed. Defaults to `/data/certs`.

`DOTEGE_DNS_PROVIDER`::
The DNS provider to use. Must be one https://go-acme.github.io/lego/dns/[supported by Lego].
The DNS provider will also be configured using environmental variables, as documented by
the Lego project. Required.

`DOTEGE_ACME_CACHE_FILE`::
The path to a JSON file to store ACME credentials and certificates. This file will
contain the private keys for all certificates generated by Dotege, so must not
be accessible to other users or processes. Defaults to `/data/config/certs.json`.

`DOTEGE_ACME_EMAIL`::
The e-mail address to provide to the ACME service for updates, renewal reminders, etc.
Required.

`DOTEGE_ACME_ENDPOINT`::
The ACME server to request certificates from. Defaults to the Let's Encrypt production
server at https://acme-v02.api.letsencrypt.org/directory. For staging, this can be set
to https://acme-staging-v02.api.letsencrypt.org/directory.

`DOTEGE_ACME_KEY_TYPE`::
The key type to use for private keys when generating a certificate using ACME. Valid
values are:
+
* `P256` for EC256
* `P384` for EC384
* `2048` for RSA-2048
* `4096` for RSA-4096
* `8192` for RSA-8192
+
The default value is `P384`.

`DOTEGE_SIGNAL_CONTAINER`::
The name of a container that should be sent a signal when the template or certificates
are changed. No signal is sent if not specified.

`DOTEGE_SIGNAL_TYPE`::
The type of signal to send to the `DOTEGE_SIGNAL_CONTAINER`. Defaults to `HUP`.

`DOTEGE_TEMPLATE_DESTINATION`::
Location to write the templated configuration file to. Defaults to `/data/output/haproxy.cfg`.

`DOTEGE_TEMPLATE_SOURCE`::
Path to a template to use to generate configuration. Defaults to `./templates/haproxy.cfg.tpl`,
which is a bundled basic template for generating HAProxy configurations.

`DOTEGE_WILDCARD_DOMAINS`::
A space or comma separated list of domains that should use wildcard certificates.
Defaults to an empty list.

=== Docker labels

Dotege operates by parsing labels applied to docker containers. It understands the following:

`com.chameth.auth`::
Specifies the name of an auth group (which must be defined appropriately in the template file)
that users are required to be in to access the container.

`com.chameth.proxy`::
The port on which the container is listening for requests.

`com.chameth.vhost`::
Comma- or space-delimited list of hostnames that the container will handle requests for.
Certificates will have the first host as the subject, and any additional hosts will be
alternate names. Certificates are only reused if all hostnames match.

== Contributing

There is a [pre-commit](https://pre-commit.com/) to go fmt and run basic checks on
commit; to enable it simply:

pip install pre-commit
pre-commit install