Skip to content

dodslaser/docker-bootstrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
README.md
README.md
 
 
init-dns
init-dns
 
 
init-pki
init-pki
 
 

Repository files navigation

Various init scripts for bootstraping docker containers

init-dns

Bootstrap a local DNS based on pihole/pihole

[...]
image: pihole/pihole
entrypoint: ''
command: /bin/bash -c "curl -fsSL [init-dns URL] | /bin/bash" # This needs to be bash for pihole
environment:
  - INGRESS_DOMAIN: mydomain.local # Local domain used by ingress
  - INGRESS_IP: 192.168.1.100 # Ingress IP address
[...]

init-pki

Bootstrap a PKI based on smallstep/step-ca

[...]
image: smallstep/step-ca
entrypoint: ''
command: /bin/sh -c "curl -fsSL [init-pki URL] | /bin/sh"
environment:
  - NAME: MyCA # The name of the CA
  - DNS: 'pki,pki.mydomain.local' # DNS names where the PKI will be reachable 
  - PROVISIONER: 'admin@mydomain.local' # Name of the first provisioner
 volumes:
  - /dev/urandom:/dev/urandom
  - pki-step:/home/step
[...]

Note

  • Your ingress will need to trust the generated root_ca.crt to obtain certificates with ACME. For traefik this can be achieved by mounting the pki-step volume from the above example to /pki and setting LEGO_CA_CERTIFICATES to /pki/certs/root_ca.crt The ca-password is randomly generated in /home/step/secrets/password
  • An ACME provisioner is created by default (accessible at https://[ca-url]/acme/acme/directory)
  • The config file is patched to enable the badgerV2 database with fileIO to prevent breaking on armv7 (See issue #279 in smallstep/certificates).

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages