Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker_api https fix for secured docker #673

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

docker_api https fix for secured docker #673

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b965b4e
docker_api https fix for secured docker
alin-o Jun 30, 2020
644338f
CI
Jun 30, 2020
75bb9ec
docker secure connection documentation
Jul 4, 2020
891f691
Delete .gitlab-ci.yml
alin-o Jul 4, 2020
e91a6be
Merge branch 'main' of https://github.com/nginx-proxy/acme-companion …
Mar 25, 2024
b7efc01
Merge branch 'nginx-proxy-main'
Mar 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions app/functions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,14 @@ function docker_api {
else
scheme="http://${DOCKER_HOST#*://}"
fi

if [[ -v DOCKER_TLS_VERIFY && -v DOCKER_CERT_PATH && ! -z "$DOCKER_TLS_VERIFY" ]]; then
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the sake of consistency with the other features, could we check if DOCKER_TLS_VERIFY is set to true/True/TRUE (using the lc() function) instead of just setting the variable to any value ?

curl_opts+=(--cert ${DOCKER_CERT_PATH}/cert.pem)
curl_opts+=(--key ${DOCKER_CERT_PATH}/key.pem)
curl_opts+=(--cacert ${DOCKER_CERT_PATH}/ca.pem)
scheme="https://${DOCKER_HOST#*://}"
fi

[[ $method = "POST" ]] && curl_opts+=(-H 'Content-Type: application/json')
curl "${curl_opts[@]}" -X "${method}" "${scheme}$1"
}
Expand Down
10 changes: 9 additions & 1 deletion docs/Container-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,12 @@ You can also create test certificates per container (see [Test certificates](./L

* `ACME_PRE_HOOK` - The provided command will be run before every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_PRE_HOOK=echo 'start'"`. For more information see [Pre- and Post-Hook](./Hooks.md)

* `ACME_POST_HOOK` - The provided command will be run after every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_POST_HOOK=echo 'end'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
* `ACME_POST_HOOK` - The provided command will be run after every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_POST_HOOK=echo 'end'"`. For more information see [Pre- and Post-Hook](./Hooks.md)

## Optional docker host configuration
* `DOCKER_HOST` - set the host for docker. Must include the scheme (`unix://`, `http://` or `https://`)

If the docker host daemon socket is [protected](https://docs.docker.com/engine/security/https/):

* `DOCKER_TLS_VERIFY` - set it to value `1` if the docker host requires client TLS authentication
* `DOCKER_CERT_PATH` - path to TLS client certificates for the docker host. This folder should contain `cert.pem`, `key.pem` and `ca.pem` files. See [Create a CA, server and client keys with OpenSSL](https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should be a bit more clearer about the fact that this environment variable set a path that will be looked upon inside the container and that the expected file will have to be mounted to this path somehow.