github/traefik-certificate-extractor
1
0
Fork 0
mirror of https://github.com/SnowMB/traefik-certificate-extractor.git synced 2025-09-18 21:24:31 +08:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: github:upstream_pr
Branches Tags
github:master github:upstream_pr github:add_cli_args github:feature-cli
github:v1.4.0 github:v1.2.1 github:v1.2.0 github:v1.1.1 github:v1.1.0 github:v1.0.0
..
compare: github:master
Branches Tags
github:master github:upstream_pr github:add_cli_args github:feature-cli
github:v1.4.0 github:v1.2.1 github:v1.2.0 github:v1.1.1 github:v1.1.0 github:v1.0.0

3 Commits
upstream_p ... master

Author SHA1 Message Date
Marc Brückner
0f4cab45f2 docker-compose example 2018-11-11 21:13:01 +01:00
Marc Brückner
55c8204f42 fix #1: docker run example 2018-11-11 21:06:45 +01:00
Marc Brückner
39c7664bd6 fix docker.sock 2018-11-11 21:00:39 +01:00
2 changed files with 25 additions and 8 deletions
Expand all files Collapse all files

27
README.md
View File

@@ -1,10 +1,12 @@
# Traefik Certificate Extractor
Forked from [DanielHuisman/traefik-certificate-extractor](https://github.com/DanielHuisman/traefik-certificate-extractor)
Tool to extract Let's Encrypt certificates from Traefik's ACME storage file. Can automatically restart containers using the docker API.
## Installation
```shell
git clone https://github.com/DanielHuisman/traefik-certificate-extractor
git clone https://github.com/snowmb/traefik-certificate-extractor
cd traefik-certificate-extractor
```
@@ -34,19 +36,34 @@ optional arguments:
Default file is `./data/acme.json`. The output directories are `./certs` and `./certs_flat`.
## Docker
There is a Docker image available for this tool: [DanielHuisman/traefik-certificate-extractor](https://hub.docker.com/r/DanielHuisman/traefik-certificate-extractor/).
There is a Docker image available for this tool: [snowmb/traefik-certificate-extractor](https://hub.docker.com/r/snowmb/traefik-certificate-extractor/).
Example run:
```shell
docker run --name extractor -d \
-v /opt/traefik:/app/data \
-v ./certs:/app/certs \
-v /var/run/docker.socket:/var/run/docker.socket \
DanielHuisman/traefik-certificate-extractor
-v /var/run/docker.socket:/var/run/docker.sock \
snowmb/traefik-certificate-extractor -r
```
Mount the whole folder containing the traefik certificate file (`acme.json`) as `/app/data`. The extracted certificates are going to be written to `/app/certs`.
The docker socket is used to find any containers with this label: `com.github.DanielHuisman.traefik-certificate-extractor.restart_domain=<DOMAIN>`.
The docker socket is used to find any containers with this label: `com.github.SnowMB.traefik-certificate-extractor.restart_domain=<DOMAIN>`.
If the domains of an extracted certificate and the restart domain matches, the container is restarted. Multiple domains can be given seperated by `,`.
You can easily use `docker-compose` to integrate this container into your setup:
```yaml
...
services:
certs:
image: snowmb/traefik-certificate-extractor
volumes:
- path/to/acme.json:/app/data/acme.json:ro
- certs:/app/certs:rw
- /var/run/docker.sock:/var/run/docker.sock
command: -r --include example.com
restart: always
```
## Output
```

6
extractor.py
View File

@@ -76,9 +76,9 @@ class PathType(object):
def restartContainerWithDomains(domains):
client = docker.from_env()
container = client.containers.list(filters = {"label" : "com.github.DanielHuisman.traefik-certificate-extractor.restart_domain"})
container = client.containers.list(filters = {"label" : "com.github.SnowMB.traefik-certificate-extractor.restart_domain"})
for c in container:
restartDomains = str.split(c.labels["com.github.DanielHuisman.traefik-certificate-extractor.restart_domain"], ',')
restartDomains = str.split(c.labels["com.github.SnowMB.traefik-certificate-extractor.restart_domain"], ',')
if not set(domains).isdisjoint(restartDomains):
print('restarting container ' + c.id)
if not args.dry:
@@ -217,7 +217,7 @@ if __name__ == "__main__":
parser.add_argument('-f', '--flat', action='store_true',
help='outputs all certificates into one folder')
parser.add_argument('-r', '--restart_container', action='store_true',
help="uses the docker API to restart containers that are labeled with 'com.github.DanielHuisman.traefik-certificate-extractor.restart_domain=<DOMAIN>' if the domain name of a generated certificates matches. Multiple domains can be seperated by ','")
help="uses the docker API to restart containers that are labeled with 'com.github.SnowMB.traefik-certificate-extractor.restart_domain=<DOMAIN>' if the domain name of a generated certificates matches. Multiple domains can be seperated by ','")
parser.add_argument('--dry-run', action='store_true', dest='dry',
help="Don't write files and do not start docker containers.")
group = parser.add_mutually_exclusive_group()