~sirn/docker-dehydrated-lexicon - Simple wrapper around dehydrated and lexicon (and snooze)

907b260d — Sirn Thanabulpong 1 year, 8 months ago

Actually use the correct S6 dist file

dd7351a9 — Sirn Thanabulpong 1 year, 8 months ago

Actually enable multibuild

dffb33d3 — Sirn Thanabulpong 1 year, 8 months ago

Enable multi-arch build

refs

main: browse log

clone

read-only: https://git.sr.ht/~sirn/docker-dehydrated-lexicon
read/write: git@git.sr.ht:~sirn/docker-dehydrated-lexicon

#Dehydrated Lexicon

Simple wrapper around dehydrated and lexicon, with periodic certificate renewal using snooze

#Usage

Prepare data directory and domain to request cert:

$ mkdir -p data
$ echo example.com > data/domains.txt

Request certificate:

$ podman run -v ./data:/data --rm -it \
    -e PROVIDER=gandi \
    -e LEXICON_GANDI_AUTH_TOKEN=example \
    -e LEXICON_GANDI_API_PROTOCOL=rest \
    docker.io/sirn/dehydrated-lexicon:latest

#Renewal Hook

It is possible to run renewal hook by placing a shell script inside /data/renew.d, e.g.

$ mkdir -p ./data/renew.d
$ cat <<EOF | tee ./data/renew.d/00-insecure-permissions
#!/bin/sh
echo "Using insecure permissions"
chmod 0644 "\$KEYFILE" "\$CERTFILE" "\$CHAINFILE" "\$FULLCHAINFILE" "\$FULLBUNDLE"
chmod 0755 "\$DIRNAME"
EOF

#Note

In addition to standard dehydrated certificate files, this wrapper will also create another file called fullbundle.pem in the certificate directory. This file can be used directly with Hitch, HAProxy, or other applications that require a combined private key and certificates in a single file.