public
/
dotege
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Flesh out readme a little

master
Chris Smith 4 years ago
parent
abf3f68881
commit
310de66719
Signed by: Chris Smith <chris@chameth.com> GPG Key ID: 3A2D4BBDC4A3C9A9
1 changed files with 74 additions and 1 deletions
Split View Show Diff Stats
  1. 74
    1
      README.adoc

+ 74
- 1
README.adoc View File 

@@ -1,5 +1,15 @@
1 1 
 == Dotege
2 2
3 
+Dotege is a tool to automatically generate configuration files from templates
4 
+based on running docker containers. It also obtains SSL certificates for
5 
+domains using Let's Encrypt, and can send a signal (such as HUP) to another
6 
+container when the template changes.
7 
+
8 
+Out of the box it supports writing a HAProxy configuration file with
9 
+appropriate entries for all containers with `com.chameth.*` labels.
10 
+This enables automatic reverse proxying to any container with the
11 
+relevant networks.
12 
+
3 13 
 === Configuration
4 14
5 15 
 Dotege is configured using environment variables:
 
@@ -72,9 +82,72 @@ Comma- or space-delimited list of hostnames that the container will handle reque
72 82 
 Certificates will have the first host as the subject, and any additional hosts will be
73 83 
 alternate names. Certificates are only reused if all hostnames match.
74 84
85 
+== Example compose file
86 
+
87 
+[source,yaml]
88 
+----
89 
+version: '3.5'
90 
+services:
91 
+  dotege:
92 
+    image: csmith/dotege
93 
+    restart: always
94 
+    volumes:
95 
+      - data:/data/config
96 
+      - certs:/data/certs
97 
+      - config:/data/output
98 
+      - /var/run/docker.sock:/var/run/docker.sock
99 
+    environment:
100 
+      - DOTEGE_ACME_EMAIL=email@address
101 
+      - DOTEGE_DNS_PROVIDER=httpreq
102 
+      - DOTEGE_SIGNAL_CONTAINER=dotege_haproxy_1
103 
+      - DOTEGE_SIGNAL_TYPE=USR2
104 
+      - DOTEGE_WILDCARD_DOMAINS=mydomain.com
105 
+      - HTTPREQ_ENDPOINT=https://example.com/
106 
+      - HTTPREQ_USERNAME=user@name
107 
+      - HTTPREQ_PASSWORD=p@ssw0rd
108 
+
109 
+  haproxy:
110 
+    image: haproxy:2.0.1
111 
+    restart: always
112 
+    volumes:
113 
+      - config:/usr/local/etc/haproxy:ro
114 
+      - certs:/certs:ro
115 
+    ports:
116 
+      - 443:443
117 
+      - 80:80
118 
+    networks:
119 
+      - web
120 
+
121 
+networks:
122 
+  web:
123 
+    external: true
124 
+
125 
+volumes:
126 
+  data:
127 
+  certs:
128 
+  config:
129 
+----
130 
+
131 
+This creates an instance of Dotege, configured to use `httpreq` to perform DNS
132 
+operations in order to generate SSL certificates. You can see the list of
133 
+supported providers and their required environment variables in the
134 
+https://go-acme.github.io/lego/dns/[Lego docs].
135 
+
136 
+The haproxy instance has read-only access to the config and certs volumes that
137 
+will be populated by Dotege, and Dotege will send it the `USR2` signal whenever
138 
+the config or certs change. With the default haproxy image this will cause it
139 
+to reload the configuration.
140 
+
141 
+Container names must be resolvable from the haproxy container with the default
142 
+template. This means the haproxy container should be on the same network as
143 
+the containers it's proxying to. I recommend creating a global 'web' network
144 
+(or similar) that all web-facing containers sit in.
145 
+
75 146 
 == Contributing
76 147
77 
-There is a [pre-commit](https://pre-commit.com/) to go fmt and run basic checks on
148 
+Contributions are welcome!
149 
+
150 
+There is a https://pre-commit.com/[pre-commit] to go fmt and run basic checks on
78 151 
 commit; to enable it simply:
79 152
80 153 
     pip install pre-commit

Write Preview
Loading…
Cancel
Save