arno/gencert
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Andy 2018-07-01 16:58:17 +02:00
parent c27ce6de55
commit 4567ffc5d7
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C
1 changed files with 56 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
README.md
View File

@ -64,20 +64,64 @@ script in the following Linux distributions:
``/etc/ssl/certs/ca-certificates.crt`` file;
3. Restart Traefik.
> With the Step 1. Minio server will get the certificate it needs, hence SSE-C
> will be enabled.
With the Step 1. Minio server will get the certificate it needs, hence SSE-C
will be enabled.
> Steps 2. and 3. will need to be repeated each time you get a new CA
> certificate.
> These steps can be automated this way:
> Start Traefik with this command:
> ``sh -c "update-ca-certificates && traefik"``
> while ``/usr/local/share/ca-certificates`` container path is mounted from the
> host with the CA certificate produced by this script.
Steps 2. and 3. will need to be repeated each time you get a new CA
certificate.
These steps can be automated this way:
Start Traefik with this command:
``sh -c "update-ca-certificates && traefik"``
while ``/usr/local/share/ca-certificates`` container path is mounted from the
host with the CA certificate produced by this script.
> I am using Alpine Traefik image, the correct ca certificates path is
> ``/usr/local/share/ca-certificates/``, otherwise one of these
> https://golang.org/src/crypto/x509/root_linux.go
I am using Alpine Traefik image, the correct ca certificates path is
``/usr/local/share/ca-certificates/``, otherwise one of these
https://golang.org/src/crypto/x509/root_linux.go
- ``docker-compose.yml`` example with the gencert script:
```
version: '3'
networks:
oasis: {}
services:
minio:
restart: unless-stopped
image: minio/minio
networks:
- oasis
volumes:
- /srv/data/minio:/data
- /srv/data/minio/start/gencert.sh:/gencert.sh:ro
entrypoint: sh -c "cd /root/.minio/certs && /gencert.sh --cn minio.example.com && minio server /data"
environment:
- "MINIO_ACCESS_KEY=redacted"
- "MINIO_SECRET_KEY=redacted"
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host: minio.example.com"
- "traefik.frontend.passHostHeader=true"
- "traefik.port=9000"
traefik:
restart: unless-stopped
image: traefik:1.6-alpine
volumes:
- /srv/data/traefik/acme:/etc/traefik/acme
- /srv/data/traefik/traefik.toml:/etc/traefik/traefik.toml:ro
- /var/run/docker.sock:/var/run/docker.sock:ro # listen to the Docker events.
- /srv/data/traefik/ca-certs:/usr/local/share/ca-certificates:ro
command: sh -c "update-ca-certificates && traefik"
networks:
- oasis
ports:
- "127.0.0.1:8080:8080"
- "80:80"
- "443:443"
```
### Drawbacks