public
/
dotege
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Move config to env vars. 

I'll make up my mind one day.
master
Chris Smith 5 years ago
parent
e52a87e7f9
commit
b8b1d93a08
2 changed files with 102 additions and 8 deletions
Split View Show Diff Stats
  1. 62
    0
      README.adoc
  2. 40
    8
      dotege.go

+ 62
- 0
README.adoc View File 

@@ -0,0 +1,62 @@
1 
+== Dotege
2 
+
3 
+=== Configuration
4 
+
5 
+Dotege is configured using environment variables:
6 
+
7 
+`DOTEGE_CERT_DESTINATION`::
8 
+The folder where certificates will be placed. Defaults to `/data/certs`.
9 
+
10 
+`DOTEGE_DNS_PROVIDER`::
11 
+The DNS provider to use. Must be one https://go-acme.github.io/lego/dns/[supported by Lego].
12 
+The DNS provider will also be configured using environmental variables, as documented by
13 
+the Lego project. Required.
14 
+
15 
+`DOTEGE_ACME_CACHE_FILE`::
16 
+The path to a JSON file to store ACME credentials and certificates. This file will
17 
+contain the private keys for all certificates generated by Dotege, so must not
18 
+be accessible to other users or processes. Defaults to `/data/config/certs.json`.
19 
+
20 
+`DOTEGE_ACME_EMAIL`::
21 
+The e-mail address to provide to the ACME service for updates, renewal reminders, etc.
22 
+Required.
23 
+
24 
+`DOTEGE_ACME_ENDPOINT`::
25 
+The ACME server to request certificates from. Defaults to the Let's Encrypt production
26 
+server at https://acme-v02.api.letsencrypt.org/directory. For staging, this can be set
27 
+to https://acme-staging-v02.api.letsencrypt.org/directory.
28 
+
29 
+`DOTEGE_ACME_KEY_TYPE`::
30 
+The key type to use for private keys when generating a certificate using ACME. Valid
31 
+values are:
32 
++
33 
+  * `P256` for EC256
34 
+  * `P384` for EC384
35 
+  * `2048` for RSA-2048
36 
+  * `4096` for RSA-4096
37 
+  * `8192` for RSA-8192
38 
++
39 
+The default value is `P384`.
40 
+
41 
+`DOTEGE_TEMPLATE_DESTINATION`::
42 
+Location to write the templated configuration file to. Defaults to `/data/output/haproxy.cfg`.
43 
+
44 
+`DOTEGE_TEMPLATE_SOURCE`::
45 
+Path to a template to use to generate configuration. Defaults to `./templates/haproxy.cfg.tpl`,
46 
+which is a bundled basic template for generating HAProxy configurations.
47 
+
48 
+=== Docker labels
49 
+
50 
+Dotege operates by parsing labels applied to docker containers. It understands the following:
51 
+
52 
+`com.chameth.auth`::
53 
+Specifies the name of an auth group (which must be defined appropriately in the template file)
54 
+that users are required to be in to access the container.
55 
+
56 
+`com.chameth.proxy`::
57 
+The port on which the container is listening for requests.
58 
+
59 
+`com.chameth.vhost`::
60 
+Comma- or space-delimited list of hostnames that the container will handle requests for.
61 
+Certificates will have the first host as the subject, and any additional hosts will be
62 
+alternate names. Certificates are only reused if all hostnames match.

+ 40
- 8
dotege.go View File 

@@ -15,6 +15,38 @@ import (
15 15 
 	"time"
16 16 
 )
17 17
18 
+const (
19 
+	envCertDestinationKey         = "DOTEGE_CERT_DESTINATION"
20 
+	envCertDestinationDefault     = "/data/certs/"
21 
+	envDnsProviderKey             = "DOTEGE_DNS_PROVIDER"
22 
+	envAcmeEmailKey               = "DOTEGE_ACME_EMAIL"
23 
+	envAcmeEndpointKey            = "DOTEGE_ACME_ENDPOINT"
24 
+	envAcmeKeyTypeKey             = "DOTEGE_ACME_KEY_TYPE"
25 
+	envAcmeKeyTypeDefault         = "P384"
26 
+	envAcmeCacheLocationKey       = "DOTEGE_ACME_CACHE_FILE"
27 
+	envAcmeCacheLocationDefault   = "/data/config/certs.json"
28 
+	envTemplateDestinationKey     = "DOTEGE_TEMPLATE_DESTINATION"
29 
+	envTemplateDestinationDefault = "/data/output/haproxy.cfg"
30 
+	envTemplateSourceKey          = "DOTEGE_TEMPLATE_SOURCE"
31 
+	envTemplateSourceDefault      = "./templates/haproxy.cfg.tpl"
32 
+)
33 
+
34 
+func requiredVar(key string) (value string) {
35 
+	value, ok := os.LookupEnv(key)
36 
+	if !ok {
37 
+		panic(fmt.Errorf("required environmental variable not defined: %s", key))
38 
+	}
39 
+	return
40 
+}
41 
+
42 
+func optionalVar(key string, fallback string) (value string) {
43 
+	value, ok := os.LookupEnv(key)
44 
+	if !ok {
45 
+		value = fallback
46 
+	}
47 
+	return
48 
+}
49 
+
18 50 
 func monitorSignals() <-chan bool {
19 51 
 	signals := make(chan os.Signal, 1)
20 52 
 	done := make(chan bool, 1)
 
@@ -45,8 +77,8 @@ func createConfig() *model.Config {
45 77 
 	return &model.Config{
46 78 
 		Templates: []model.TemplateConfig{
47 79 
 			{
48 
-				Source:      "./templates/haproxy.cfg.tpl",
49 
-				Destination: "haproxy.cfg",
80 
+				Source:      optionalVar(envTemplateSourceKey, envTemplateSourceDefault),
81 
+				Destination: optionalVar(envTemplateDestinationKey, envTemplateDestinationDefault),
50 82 
 			},
51 83 
 		},
52 84 
 		Labels: model.LabelConfig{
 
@@ -54,14 +86,14 @@ func createConfig() *model.Config {
54 86 
 			RequireAuth: "com.chameth.auth",
55 87 
 		},
56 88 
 		Acme: model.AcmeConfig{
57 
-			DnsProvider:   "httpreq",
58 
-			Email:         "dotege.test@chameth.com",
59 
-			Endpoint:      lego.LEDirectoryStaging,
60 
-			KeyType:       certcrypto.EC256,
61 
-			CacheLocation: "/config/certs.json",
89 
+			DnsProvider:   requiredVar(envDnsProviderKey),
90 
+			Email:         requiredVar(envAcmeEmailKey),
91 
+			Endpoint:      optionalVar(envAcmeEndpointKey, lego.LEDirectoryProduction),
92 
+			KeyType:       certcrypto.KeyType(optionalVar(envAcmeKeyTypeKey, envAcmeKeyTypeDefault)),
93 
+			CacheLocation: optionalVar(envAcmeCacheLocationKey, envAcmeCacheLocationDefault),
62 94 
 		},
63 95 
 		DefaultCertActions:     model.COMBINE | model.FLATTEN,
64 
-		DefaultCertDestination: "/data/certs/",
96 
+		DefaultCertDestination: optionalVar(envCertDestinationKey, envCertDestinationDefault),
65 97 
 	}
66 98 
 }
67 99

Write Preview
Loading…
Cancel
Save