Browse Source

Add support for changing key types at ACME cert generation

main
Leo Maroni 1 year ago
parent
commit
0d1577b927
Signed by: em0lar GPG Key ID: B1ADA545CD2CBACD
  1. 13
      README.md
  2. 13
      templates/traefik.yml.j2

13
README.md

@ -47,6 +47,7 @@ traefik_tls_letsencrypt_challenges_http:
name: "le_http" # Name of the certificate resolver
entryPoint: "http"
storage: "{{ traefik_base_path }}/acme_http.json"
key_type: "RSA4096" # optional, per default RSA4096
# TLS-Challenge
traefik_tls_letsencrypt_challenges_tls:
@ -54,18 +55,20 @@ traefik_tls_letsencrypt_challenges_tls:
email: "test@example.org"
name: "le_tls" # Name of the certificate resolver
storage: "{{ traefik_base_path }}/acme_tls.json"
key_type: "RSA4096" # optional, per default RSA4096
# DNS-Challenge
traefik_tls_letsencrypt_challenges_dns:
enable: yes
provider: acme-dns
delay: 0
disablePropagationCheck: "false"
resolvers:
- 1.1.1.1
email: "test@example.org"
name: "le_dns" # Name of the certificate resolver
storage: "{{ traefik_base_path }}/acme_dns.json"
delay: 0 # optional, default 0
disablePropagationCheck: "false" # optional, default false
resolvers: # optional
- 1.1.1.1
name: "le_dns" # Name of the certificate resolver
key_type: "RSA4096" # optional, per default RSA4096
```
And please set the `traefik_default_cert_resovler` to the default cert resolver which you want to use for example for the dashboard.
#### Middlewares

13
templates/traefik.yml.j2

@ -25,6 +25,9 @@ certificatesResolvers:
entryPoint: {{ traefik_tls_letsencrypt_challenges_http.entryPoint }}
email: "{{ traefik_tls_letsencrypt_challenges_http.email }}"
storage: "{{ traefik_tls_letsencrypt_challenges_http.storage }}"
{% if traefik_tls_letsencrypt_challenges_http.key_type is defined %}
keyType: "{{ traefik_tls_letsencrypt_challenges_http.key_type }}"
{% endif %}
{% endif %}
{% if traefik_tls_letsencrypt_challenges_tls.enable %}
{{ traefik_tls_letsencrypt_challenges_tls.name }}:
@ -32,6 +35,9 @@ certificatesResolvers:
tlsChallenge: {}
email: "{{ traefik_tls_letsencrypt_challenges_tls.email }}"
storage: "{{ traefik_tls_letsencrypt_challenges_tls.storage }}"
{% if traefik_tls_letsencrypt_challenges_tls.key_type is defined %}
keyType: "{{ traefik_tls_letsencrypt_challenges_tls.key_type }}"
{% endif %}
{% endif %}
{% if traefik_tls_letsencrypt_challenges_dns.enable %}
{{ traefik_tls_letsencrypt_challenges_dns.name }}:
@ -40,14 +46,17 @@ certificatesResolvers:
provider: "{{ traefik_tls_letsencrypt_challenges_dns.provider }}"
delayBeforeCheck: "{{ traefik_tls_letsencrypt_challenges_dns.delay | default(0) }}"
disablePropagationCheck: {{ traefik_tls_letsencrypt_challenges_dns.disablePropagationCheck | default("false") }}
email: "{{ traefik_tls_letsencrypt_challenges_dns.email }}"
storage: "{{ traefik_tls_letsencrypt_challenges_dns.storage }}"
{% if traefik_tls_letsencrypt_challenges_http.key_type is defined %}
keyType: "{{ traefik_tls_letsencrypt_challenges_http.key_type }}"
{% endif %}
{% if traefik_tls_letsencrypt_challenges_dns.resolvers is defined %}
resolvers:
{% for resolver in traefik_tls_letsencrypt_challenges_dns.resolvers | default([]) %}
- {{ resolver }}
{% endfor %}
{% endif %}
email: "{{ traefik_tls_letsencrypt_challenges_dns.email }}"
storage: "{{ traefik_tls_letsencrypt_challenges_dns.storage }}"
{% endif %}
{% endif %}

Loading…
Cancel
Save