|
|
|
@ -23,21 +23,21 @@ self-signed CA.
|
|
|
|
|
## Example usage
|
|
|
|
|
### Minio server with Traefik example
|
|
|
|
|
|
|
|
|
|
1. Replace "minio server" command with the following one:
|
|
|
|
|
- "cd /root/.minio/certs && ./gencert.sh --cn minio.example.com && minio server"
|
|
|
|
|
2. Copy the CA certificate "ca.crt" file to "/usr/local/share/ca-certificates/" and
|
|
|
|
|
run "update-ca-certificates" command which will update
|
|
|
|
|
"/etc/ssl/certs/ca-certificates.crt" file.
|
|
|
|
|
1. Replace ``minio server`` command with the following one:
|
|
|
|
|
- ``cd /root/.minio/certs && ./gencert.sh --cn minio.example.com && minio server /data``
|
|
|
|
|
2. Copy the CA certificate ``ca.crt`` file to ``/usr/local/share/ca-certificates/`` and
|
|
|
|
|
run ``update-ca-certificates`` command which will update
|
|
|
|
|
``/etc/ssl/certs/ca-certificates.crt`` file.
|
|
|
|
|
3. Restart Traefik.
|
|
|
|
|
|
|
|
|
|
> NOTE: Steps 2. and 3. will need to be repeated each time you get a new CA
|
|
|
|
|
> certificate. Then they can be automated this way:
|
|
|
|
|
> - Start Traefik with this command:
|
|
|
|
|
> sh -c "update-ca-certificates && traefik"
|
|
|
|
|
> while "/usr/local/share/ca-certificates" path is a host mounted
|
|
|
|
|
> ``sh -c "update-ca-certificates && traefik"``
|
|
|
|
|
> while ``/usr/local/share/ca-certificates`` path is a host mounted
|
|
|
|
|
> path with the CA certificate produced by this script.
|
|
|
|
|
> NOTE: I am using Alpine Traefik image, the correct ca certificates path is
|
|
|
|
|
> "/usr/local/share/ca-certificates/", otherwise one of these
|
|
|
|
|
> ``/usr/local/share/ca-certificates/``, otherwise one of these
|
|
|
|
|
> https://golang.org/src/crypto/x509/root_linux.go
|
|
|
|
|
|
|
|
|
|
## Script logic
|
|
|
|
|