|
@@ -1,5 +1,15 @@
|
1
|
1
|
== Dotege
|
2
|
2
|
|
|
3
|
+Dotege is a tool to automatically generate configuration files from templates
|
|
4
|
+based on running docker containers. It also obtains SSL certificates for
|
|
5
|
+domains using Let's Encrypt, and can send a signal (such as HUP) to another
|
|
6
|
+container when the template changes.
|
|
7
|
+
|
|
8
|
+Out of the box it supports writing a HAProxy configuration file with
|
|
9
|
+appropriate entries for all containers with `com.chameth.*` labels.
|
|
10
|
+This enables automatic reverse proxying to any container with the
|
|
11
|
+relevant networks.
|
|
12
|
+
|
3
|
13
|
=== Configuration
|
4
|
14
|
|
5
|
15
|
Dotege is configured using environment variables:
|
|
@@ -72,9 +82,72 @@ Comma- or space-delimited list of hostnames that the container will handle reque
|
72
|
82
|
Certificates will have the first host as the subject, and any additional hosts will be
|
73
|
83
|
alternate names. Certificates are only reused if all hostnames match.
|
74
|
84
|
|
|
85
|
+== Example compose file
|
|
86
|
+
|
|
87
|
+[source,yaml]
|
|
88
|
+----
|
|
89
|
+version: '3.5'
|
|
90
|
+services:
|
|
91
|
+ dotege:
|
|
92
|
+ image: csmith/dotege
|
|
93
|
+ restart: always
|
|
94
|
+ volumes:
|
|
95
|
+ - data:/data/config
|
|
96
|
+ - certs:/data/certs
|
|
97
|
+ - config:/data/output
|
|
98
|
+ - /var/run/docker.sock:/var/run/docker.sock
|
|
99
|
+ environment:
|
|
100
|
+ - DOTEGE_ACME_EMAIL=email@address
|
|
101
|
+ - DOTEGE_DNS_PROVIDER=httpreq
|
|
102
|
+ - DOTEGE_SIGNAL_CONTAINER=dotege_haproxy_1
|
|
103
|
+ - DOTEGE_SIGNAL_TYPE=USR2
|
|
104
|
+ - DOTEGE_WILDCARD_DOMAINS=mydomain.com
|
|
105
|
+ - HTTPREQ_ENDPOINT=https://example.com/
|
|
106
|
+ - HTTPREQ_USERNAME=user@name
|
|
107
|
+ - HTTPREQ_PASSWORD=p@ssw0rd
|
|
108
|
+
|
|
109
|
+ haproxy:
|
|
110
|
+ image: haproxy:2.0.1
|
|
111
|
+ restart: always
|
|
112
|
+ volumes:
|
|
113
|
+ - config:/usr/local/etc/haproxy:ro
|
|
114
|
+ - certs:/certs:ro
|
|
115
|
+ ports:
|
|
116
|
+ - 443:443
|
|
117
|
+ - 80:80
|
|
118
|
+ networks:
|
|
119
|
+ - web
|
|
120
|
+
|
|
121
|
+networks:
|
|
122
|
+ web:
|
|
123
|
+ external: true
|
|
124
|
+
|
|
125
|
+volumes:
|
|
126
|
+ data:
|
|
127
|
+ certs:
|
|
128
|
+ config:
|
|
129
|
+----
|
|
130
|
+
|
|
131
|
+This creates an instance of Dotege, configured to use `httpreq` to perform DNS
|
|
132
|
+operations in order to generate SSL certificates. You can see the list of
|
|
133
|
+supported providers and their required environment variables in the
|
|
134
|
+https://go-acme.github.io/lego/dns/[Lego docs].
|
|
135
|
+
|
|
136
|
+The haproxy instance has read-only access to the config and certs volumes that
|
|
137
|
+will be populated by Dotege, and Dotege will send it the `USR2` signal whenever
|
|
138
|
+the config or certs change. With the default haproxy image this will cause it
|
|
139
|
+to reload the configuration.
|
|
140
|
+
|
|
141
|
+Container names must be resolvable from the haproxy container with the default
|
|
142
|
+template. This means the haproxy container should be on the same network as
|
|
143
|
+the containers it's proxying to. I recommend creating a global 'web' network
|
|
144
|
+(or similar) that all web-facing containers sit in.
|
|
145
|
+
|
75
|
146
|
== Contributing
|
76
|
147
|
|
77
|
|
-There is a [pre-commit](https://pre-commit.com/) to go fmt and run basic checks on
|
|
148
|
+Contributions are welcome!
|
|
149
|
+
|
|
150
|
+There is a https://pre-commit.com/[pre-commit] to go fmt and run basic checks on
|
78
|
151
|
commit; to enable it simply:
|
79
|
152
|
|
80
|
153
|
pip install pre-commit
|