step-ca application package for dcape.
- linux 64bit (git, make, wget, gawk, openssl)
- docker
- dcape with prepared traefik
- Git service (github, gitea or gogs)
certificatesResolvers:
stepca:
acme:
email: USER@EMAIL
storage: /etc/traefik/acme.json
caServer: "https://APP_SITE:9000/acme/acme/directory"
certificatesDuration: 2160 # 90 days
tlsChallenge: true
dnsChallenge:
provider: pdns
httpChallenge:
entryPoint: web
# https://smallstep.com/docs/tutorials/acme-protocol-acme-clients/#traefik
LEGO_CA_CERTIFICATES=/etc/traefik/root_ca.crt
- Prepared traefik
- file
var/traefik/custom/insecure.yml
with
http:
serversTransports:
insecure:
insecureSkipVerify: true
- traefik ENV
LEGO_CA_CERTIFICATES="/etc/traefik/root_ca.crt"
with generated crt from step-ca. - add X1 root crt to
LEGO_CA_CERTIFICATES
in case LetsEncrypt using together. - correct dns resolver and authoritative config in case private domain using.
- configure traefik.yml
certificatesResolvers
section
- Fork this repo in your Git service
- Setup deploy hook
- Run "Test delivery" (config sample will be created in dcape)
- Edit and save config (enable deploy etc)
- Run "Test delivery" again (app will be installed and started on webhook host)
See also: Deploy setup (in Russian)
The MIT License (MIT), see LICENSE.
Copyright (c) 2023 Alexey Kovrizhkin [email protected]