-
Notifications
You must be signed in to change notification settings - Fork 815
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implemented LETSENCRYPT_STANDALONE_CERTS support from container env #610
Conversation
Standalone certificates are generated from a static user provided configuration file rather than from the dynamicaly generated (from running containers environment variables) letsencrypt_service_data file.
Hi. Sorry if I'm not getting it but how is that any different from using a dummy container to generate certificates ? |
The idea behind the standalone cert feature was to generate certificate that aren't tied to any specific container's Environment. |
I didn't see the dummy containers idea in the documentation. Do you have such? There are a few use cases I address with this PR:
|
Oh, it sounds like an attempt to implement something similar to #410 then. Did I get that right ? |
Yes, it actually implements issue #410, but with a little bit simpler way of configuration. Instead of having something like this
I suggest to have
The only drawback I see is that we can not merge into a single SAN group of domains foo.com / www.foo.com, but we can enhance it later upon request. |
Ok, standalone certs (#368) and the splitting of SAN certificates (#410) are two completely different features, hence the confusion. Standalone certs refers to the ability to issue certificate that aren't tied to a specific container's environment. You PR will have to use another env var than
|
I'd vote for |
I'm okay with Don't forget to create the documentation for the new environment variable. |
Other than that, the PR look fine to me. |
Wilco |
Didn't see you based you branch on |
@SilverFire could you re-open this PR with a new feature branch (like you did in #612) rather than your fork's I'd like to merge the standalone cert feature of |
Will do it today eve |
Sorry for the delay. Replaced with #647 |
Hi, @buchdag
I've followed your idea with LETSENCRYPT_STANDALONE_CERTS and ported it to environment variables of Nginx container.
The usage will be pretty simple:
docker-compose.yml
This config will produce three separate certificates. It seems more correct in terms of decoupling to claim separate certificates from the Nginx container env, than touching the main LE companion.
If the PR is acceptable, I will adjust the documentations