Skip to content

dopos/dcape-app-step-ca

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

dcape-app-step-ca

GitHub Release GitHub code size in bytes GitHub license

step-ca application package for dcape.

Docker image used

Requirements

Traefik config

certificatesResolvers:
  stepca:
    acme:
      email: USER@EMAIL
      storage: /etc/traefik/acme.json
      caServer: "https://APP_SITE:9000/acme/acme/directory"
      certificatesDuration: 2160 # 90 days
      tlsChallenge: true
      dnsChallenge:
        provider: pdns
      httpChallenge:
        entryPoint: web
# https://smallstep.com/docs/tutorials/acme-protocol-acme-clients/#traefik
LEGO_CA_CERTIFICATES=/etc/traefik/root_ca.crt
  • Prepared traefik
  • file var/traefik/custom/insecure.yml with
http:
  serversTransports:
    insecure:
      insecureSkipVerify: true
  • traefik ENV LEGO_CA_CERTIFICATES="/etc/traefik/root_ca.crt" with generated crt from step-ca.
  • add X1 root crt to LEGO_CA_CERTIFICATES in case LetsEncrypt using together.
  • correct dns resolver and authoritative config in case private domain using.
  • configure traefik.yml certificatesResolvers section

Usage

  • Fork this repo in your Git service
  • Setup deploy hook
  • Run "Test delivery" (config sample will be created in dcape)
  • Edit and save config (enable deploy etc)
  • Run "Test delivery" again (app will be installed and started on webhook host)

See also: Deploy setup (in Russian)

License

The MIT License (MIT), see LICENSE.

Copyright (c) 2023 Alexey Kovrizhkin [email protected]