nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

README (1682B)


      1 LETSENCRYPT CERTIFICATES FOR NOMAD
      2 ----------------------------------
      3 
      4 Request and renew Letsencrypt certificates with Nomad.
      5 
      6 USAGE
      7 -----
      8 
      9 Register the volume for the Letsencrypt certificates:
     10 
     11  nomad volume register certbot-volume.hcl
     12 
     13 Install the periodic job:
     14 
     15  nomad run certbot.nomad
     16 
     17 LETSENCRYPT EMAIL
     18 -----------------
     19 
     20 Add Letsencrypt plain-text email in Nomad variable "certbot/email"
     21 
     22 DOMAINS
     23 -------
     24 
     25 Add Letsencrypt domains in Nomad variable "certbot/domains" as list
     26 
     27   cn1.example.com,san1.example.com",cn2.example.com,more.domains,..
     28 
     29 Hint: Don't automatically redirect http traffic to https ports. If enabled,
     30 Letsencrypt fails to download the challenge files from the http endpoint
     31 (always redirected straight to https, which is no desired in this scenario).
     32 
     33   # don't redirect to https (disable https redirection to renew certificates)
     34   #redirect scheme https if !{ ssl_fc } is_site
     35 
     36 
     37 RENEWAL
     38 -------
     39 
     40 https://eff-certbot.readthedocs.io/en/stable/using.html#re-creating-and-updating-existing-certificates
     41 
     42 >If a certificate is requested with run or certonly specifying a certificate
     43 >name that already exists, Certbot updates the existing certificate. Otherwise a
     44 >new certificate is created and assigned the specified name.
     45 
     46 LEVANT
     47 ------
     48 
     49 Alternatively, use levant to dynamically template the tasks of this job.
     50 
     51 Spins up n tasks for n certificates.
     52 
     53 - Pro: Use JSON file on the host to provide domains as input. The approach with the
     54   simple shell scripts orders all certificates in the same task (same script).
     55 - Contra: No KV to provide domains as input
     56 
     57 Howto:
     58 - adjust the defaults file
     59 - levant render certbot.levant
     60 - levant {plan,run} certbot.levant