28a60c7fc8
Dear maintainer, it took me a while to figure out I could use an external sh file, instead of trying to cramp everything into a one liner in the docker-compose. Maybe it will help other users too. Thanks for creating and maintaining this image. Best,
4.7 KiB
4.7 KiB
traefik-certs-dumper
If you appreciate this project:
Features
- Supported sources:
- file ("acme.json")
- KV stores (Consul, Etcd, Zookeeper, Boltdb)
- Watch changes:
- from file ("acme.json")
- from KV stores (Consul, Etcd, Zookeeper)
- Output formats:
- use domain as sub-directory (allow custom names and extensions)
- flat (domain as filename)
- Hook (only with watch mode and if the data source changes)
Installation
Download / CI Integration
curl -sfL https://raw.githubusercontent.com/ldez/traefik-certs-dumper/master/godownloader.sh | bash -s -- -b $(go env GOPATH)/bin v2.7.4
From Binaries
You can use pre-compiled binaries:
- To get the binary just download the latest release for your OS/Arch from the releases page
- Unzip the archive.
- Add
traefik-certs-dumperin yourPATH.
From Docker
docker run ldez/traefik-certs-dumper:<tag_name>
Examples:
- Traefik v1: docker-compose
- Traefik v2: docker-compose
Usage
Examples
Note: to dump data from Traefik v2, the CLI flag --version v2 must be added.
Simple Dump
$ traefik-certs-dumper file
dump
├──certs
│ └──my.domain.com.key
└──private
├──my.domain.com.crt
└──letsencrypt.key
Change source and destination
$ traefik-certs-dumper file --source ./acme.json --dest ./dump/test
test
├──certs
│ └──my.domain.com.key
└──private
├──my.domain.com.crt
└──letsencrypt.key
Use domain as sub-directory
$ traefik-certs-dumper file --domain-subdir=true
dump
├──my.domain.com
│ ├──certificate.crt
│ └──privatekey.key
└──private
└──letsencrypt.key
Change file extension
$ traefik-certs-dumper file --domain-subdir --crt-ext=.pem --key-ext=.pem
dump
├──my.domain.com
│ ├──certificate.pem
│ └──privatekey.pem
└──private
└──letsencrypt.key
Change file name
$ traefik-certs-dumper file --domain-subdir --crt-name=fullchain --key-name=privkey
dump
├──my.domain.com
│ ├──fullchain.crt
│ └──privkey.key
└──private
└──letsencrypt.key
KV store
Consul
$ traefik-certs-dumper kv consul --endpoints localhost:8500
Etcd
$ traefik-certs-dumper kv etcd --endpoints localhost:2379
Boltdb
$ traefik-certs-dumper kv boltdb --endpoints /the/path/to/mydb.db
Zookeeper
$ traefik-certs-dumper kv zookeeper --endpoints localhost:2181
Hook example
Hook can be a one liner passed as a string, or a file for more complex post-hook scenarios. For the former, create a file hook.sh and mount it, then pass "sh hooksh" as a parameter to --post-hook.
Here is a docker-compose example:
traefik-certs-dumper:
image: ldez/traefik-certs-dumper:v2.7.0
container_name: traefik-certs-dumper
entrypoint: sh -c '
apk add jq
; while ! [ -e /data/acme.json ]
|| ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do
sleep 1
; done
&& ls /data/certs/chat.talbot.audio
&& traefik-certs-dumper file --version v2 --domain-subdir --crt-ext=.pem --key-ext=.pem --watch --source /data/acme.json --dest /data/certs/ --post-hook "sh /traefik-certs-dumper/hook.sh"'
labels:
- "traefik.enable=false"
volumes:
- "./letsencrypt-data:/data"
- "./traefik-certs-dumper-data:/traefik-certs-dumper"
- "./out-data:/out-data"