Watches for changes to traefik acme json files and extracts certificates to a specific folder
Project description
Overview
This tool can be used to extract acme certificates (ex: lets encrupt) from traefik json files. The tool is design to watch for changes to a folder for any files that match a filespec (defaults to *,json however can be set to a specific file name) and when changes are detected it will process the file and extract any certificates that are in it to the specified output path
Installation
Python Script/Tool
Installation can be done via the python package installer tool pip
$ pip install traefik-certificate-exporter
Docker
docker pull ravensorb/traefik-certificate-exporter:latest
Usage
usage: traefik-certificate-exporter [-h] [-wp WATCHPATH] [-fs FILEPATTERN] [--traefik-resolver-id TRAEFIKRESOLVERID] [-od OUTPUTPATH] [-f] [-r] [--dry-run] [-id [INCLUDEDOMAINS [INCLUDEDOMAINS ...]] | -xd
[EXCLUDEDOMAINS [EXCLUDEDOMAINS ...]]]
Extract traefik letsencrypt certificates.
optional arguments:
-h, --help show this help message and exit
-wp WATCHPATH, --watch-path WATCHPATH
the path to watch for changes (default: .)
-fs FILEPATTERN, --file-spec FILEPATTERN
file that contains the traefik certificates (default: *.json)
--traefik-resolver-id TRAEFIKRESOLVERID
Traefik certificate-resolver-id.
-od OUTPUTPATH, --output-directory OUTPUTPATH
The folder to exports the certificates in to (default: ./certs)
-f, --flat If specified, all certificates into a single folder
-r, --restart_container
If specified, any container that are labeled with 'com.github.ravensorb.traefik-certificate-exporter.domain-restart=<DOMAIN>' will be restarted if the domain name of a generated certificates matches the value
of the lable. Multiple domains can be seperated by ','
--dry-run Don't write files and do not restart docker containers.
-id [INCLUDEDOMAINS [INCLUDEDOMAINS ...]], --include-domains [INCLUDEDOMAINS [INCLUDEDOMAINS ...]]
If specified, only certificates that match domains in this list will be extracted
-xd [EXCLUDEDOMAINS [EXCLUDEDOMAINS ...]], --exclude-domains [EXCLUDEDOMAINS [EXCLUDEDOMAINS ...]]
If specified. certificates that match domains in this list will be ignored
Examples
Watch the letsencrypt folder for any changes to files matching acme-*.json and export any certs managed by the resolver called "resolver-http"
Script
traefik-certificate-exporter -wp /mnt/traefik-data/letsencrypt -od /mnt/certs -fs "acme-*.json" --traefik-resolver-id "resolver-http"
Docker
docker run -it ravensorb/traefik-certificate-exporter:latest -v /mnt/traefik-data/letsencrypt:/data -v /mnt/certs:/certs -e "TRAEFIK_RESOLVERID=resolver-http" -e "TRAEFIK_FILESPEC=acme-*.json"
Credits
This tool is HEAVLY influenced by the excellent work of DanielHuisman and Marc Brückner
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for traefik-certificate-exporter-0.0.5.dev0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a881a9984633ca914b704db2985f9087760798dd4530b790338c571b7d6d98e0 |
|
| MD5 | 45fec3ff7fe8ac6b43d906d37e4aceea |
|
| BLAKE2b-256 | 2a6afdaa89c251f34371ef39237a786fdfb3b88d908b39c6883fde1f1feee03e |
Hashes for traefik_certificate_exporter-0.0.5.dev0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 974033380e99d47d8f1ccef8e6935f63416c07681a4700bb6e1919e1205b9eb1 |
|
| MD5 | 056fa15fc01e448ae834f142a921ea32 |
|
| BLAKE2b-256 | 888167b26ea7b6dba6daaffbcb8749eaf4f41cecf4b26bdab74d29845397989f |
