README
¶
traefik-cert
A service for serving certs obtained by traefik.
I originally created this in order to use traefik to managed certs from Let's Encrypt, and use those certs on other services, like SMTP and IMAP.
Usage
- Generate a JWT keypair to use for authorizing clients.
- Deploy the service somewhere so it can access the same certs as traefik.
- Generate JWT tokens for other services to obtain certs.
- Use the
getcertverb to get a cert and save it in a place for the service.
Deployment of service
Use the public key from the JWT keypair.
With docker run:
docker run -v /tmp/acme:/acme \
--label=traefik.frontend.rule=Host:dev.sprinkle.cloud \
--name cert \
-v ${PWD}/public.key:/public.key \
brimstone/traefik-cert
As a Docker swarm service:
TODO
Usage of client
- Generate a token with this keypair with a top level
certobject. This cert object needs to have an arraydomainswith all of the specific domains. - Use the
getcertverb with the token to connect to the service and request a cert.
Example JWT
Header:
{
"alg": "RS256",
"kid": "",
"typ": "JWT"
}
Payload:
{
"exp": 1561597620,
"iat": 1530061620,
"nbf": 1530061620,
"cert": {
"domains": [
"dev.sprinkle.cloud"
]
}
}
Example usage of getcert
traefik-cert getcert -u cert.sprinkle.cloud -d mail.sprinkle.cloud -j eyJhbGciOiJSUzI1NiIsImtpZCI6IiIsInR5cCI6IkpXVCJ9…
Requirements/Prerequisites
- Go
- Docker
Contributing
- Fork the project.
- Make your feature addition or bug fix.
- Add tests for it. This is important so I don't break it in a future version unintentionally.
- Send a pull request. Bonus points for topic branches.
TODOs/Problems
- Needs documentation around swarm service
Discussion
If you have questions, please make an issue.
License
This project is released under the AGPLv3 License.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.