Created
September 25, 2024 08:52
-
-
Save xssfox/13608be92f7010692672629b405558ed to your computer and use it in GitHub Desktop.
acme renew for docker-compose.yml kanidm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| volumes: | |
| certs: | |
| services: | |
| create-cert: | |
| image: smallstep/step-cli | |
| volumes: | |
| - certs:/certs/:rw | |
| - ./ca:/root | |
| command: | |
| - step | |
| - ca | |
| - certificate | |
| - ${HOSTNAME} | |
| - /certs/cert.pem | |
| - /certs/key.pem | |
| - --acme=${CA_SERVER} | |
| - --root=/root/ca.pem | |
| ports: # to allow acme to work | |
| - 80:80 | |
| profiles: | |
| - create_cert | |
| restart: no | |
| user: "0:0" | |
| keep-cert-updated: | |
| image: smallstep/step-cli | |
| volumes: | |
| - certs:/certs/:rw | |
| - ./ca:/root | |
| command: | |
| - step | |
| - ca | |
| - renew | |
| - /certs/cert.pem | |
| - /certs/key.pem | |
| - --daemon | |
| - --ca-url=${CA_SERVER} | |
| - --root=/root/ca.pem | |
| - --renew-period=${RENEWAL_PERIOD} | |
| - --exec=killall kanidm # force a restart of the container when the cert changes | |
| - -f | |
| ports: # to allow acme to work | |
| - 80:80 | |
| restart: always | |
| user: "0:0" | |
| pid: "container:${COMPOSE_PROJECT_NAME}-kanidm-1" #I presume there is a way to get the "1" but I have no idea | |
| depends_on: | |
| kanidm: | |
| condition: service_started | |
| kanidm: | |
| image: docker.io/kanidm/server:latest | |
| restart: always | |
| volumes: | |
| - ./data:/data:rw | |
| - certs:/certs/:rw | |
| ports: | |
| - "636:3636" | |
| - "443:8443" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment