Merge branch 'master' into upstream_pr

Dockerfile

@@ -15,4 +15,4 @@ RUN pip3 install -r requirements.txt
 COPY . /app
 
 # Define entrypoint of the app
-ENTRYPOINT ["python3", "-u", "extractor.py"]
+ENTRYPOINT ["python3", "-u", "extractor.py", "-c", "data/acme.json", "-d", "certs"]

README.md

@@ -1,33 +1,50 @@
 # Traefik Certificate Extractor
 
-Forked from [DanielHuisman/traefik-certificate-extractor](https://github.com/DanielHuisman/traefik-certificate-extractor)
-
 Tool to extract Let's Encrypt certificates from Traefik's ACME storage file. Can automatically restart containers using the docker API.
 
 ## Installation
-```
+```shell
-git clone https://github.com/snowmb/traefik-certificate-extractor
+git clone https://github.com/DanielHuisman/traefik-certificate-extractor
 cd traefik-certificate-extractor
 ```
 
 ## Usage
-```
+```shell
-python3 extractor.py [FILE]
+usage: extractor.py [-h] [-c CERTIFICATE] [-d DIRECTORY] [-f] [-r] [--dry-run]
+                    [--include [INCLUDE [INCLUDE ...]] | --exclude
+                    [EXCLUDE [EXCLUDE ...]]]
+
+Extract traefik letsencrypt certificates.
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -c CERTIFICATE, --certificate CERTIFICATE
+                        file that contains the traefik certificates (default
+                        acme.json)
+  -d DIRECTORY, --directory DIRECTORY
+                        output folder
+  -f, --flat            outputs all certificates into one folder
+  -r, --restart_container
+                        uses the docker API to restart containers that are
+                        labeled accordingly
+  --dry-run             Don't write files and do not start docker containers.
+  --include [INCLUDE [INCLUDE ...]]
+  --exclude [EXCLUDE [EXCLUDE ...]]
 ```
 Default file is `./data/acme.json`. The output directories are `./certs` and `./certs_flat`.
 
 ## Docker
-There is a Docker image available for this tool: [snowmb/traefik-certificate-extractor](https://hub.docker.com/r/snowmb/traefik-certificate-extractor/).
+There is a Docker image available for this tool: [DanielHuisman/traefik-certificate-extractor](https://hub.docker.com/r/DanielHuisman/traefik-certificate-extractor/).
 Example run:
-```
+```shell
 docker run --name extractor -d \
   -v /opt/traefik:/app/data \
   -v ./certs:/app/certs \
   -v /var/run/docker.socket:/var/run/docker.socket \
-  snowmb/traefik-certificate-extractor
+  DanielHuisman/traefik-certificate-extractor 
 ```
-Mount the whole folder containing the traefik certificate file as `/app/data`. The extracted certificates are going to be written to `/app/certs`.
+Mount the whole folder containing the traefik certificate file (`acme.json`) as `/app/data`. The extracted certificates are going to be written to `/app/certs`.
-The docker socket is used to find any containers with this label: `com.github.SnowMB.traefik-certificate-extractor.restart_domain=<DOMAIN>`.
+The docker socket is used to find any containers with this label: `com.github.DanielHuisman.traefik-certificate-extractor.restart_domain=<DOMAIN>`.
 If the domains of an extracted certificate and the restart domain matches, the container is restarted. Multiple domains can be given seperated by `,`.
 
 

extractor.py

@@ -76,9 +76,9 @@ class PathType(object):
 
 def restartContainerWithDomains(domains):
     client = docker.from_env()
-    container = client.containers.list(filters = {"label" : "com.github.SnowMB.traefik-certificate-extractor.restart_domain"})
+    container = client.containers.list(filters = {"label" : "com.github.DanielHuisman.traefik-certificate-extractor.restart_domain"})
     for c in container:
-        restartDomains = str.split(c.labels["com.github.SnowMB.traefik-certificate-extractor.restart_domain"], ',')
+        restartDomains = str.split(c.labels["com.github.DanielHuisman.traefik-certificate-extractor.restart_domain"], ',')
         if not set(domains).isdisjoint(restartDomains):
             print('restarting container ' + c.id)
             if not args.dry:
@@ -195,7 +195,7 @@ class Handler(FileSystemEventHandler):
                     self.isWaiting = True #trigger the work just once (multiple events get fired)
                     self.timer = threading.Timer(2, self.doTheWork)
                     self.timer.start()
-    
+
     def doTheWork(self):
         print('DEBUG : starting the work')
         domains = createCerts(self.args)
@@ -204,7 +204,7 @@ class Handler(FileSystemEventHandler):
 
         with self.lock:
             self.isWaiting = False
-	print('DEBUG : finished')
+        print('DEBUG : finished')
 
 
 if __name__ == "__main__":
@@ -217,7 +217,7 @@ if __name__ == "__main__":
     parser.add_argument('-f', '--flat', action='store_true',
                         help='outputs all certificates into one folder')
     parser.add_argument('-r', '--restart_container', action='store_true',
-                        help='uses the docker API to restart containers that are labeled accordingly')
+                        help="uses the docker API to restart containers that are labeled with 'com.github.DanielHuisman.traefik-certificate-extractor.restart_domain=<DOMAIN>' if the domain name of a generated certificates matches. Multiple domains can be seperated by ','")
     parser.add_argument('--dry-run', action='store_true', dest='dry',
                         help="Don't write files and do not start docker containers.")
     group = parser.add_mutually_exclusive_group()