Watches for changes to traefik acme json files and extracts certificates to a specific folder
Project description
Overview
This tool can be used to extract acme certificates (ex: lets encrupt) from traefik json files. The tool is design to watch for changes to a folder for any files that match a filespec (defaults to *,json however can be set to a specific file name) and when changes are detected it will process the file and extract any certificates that are in it to the specified output path
Installation
Python Script/Tool
Installation can be done via the python package installer tool pip
$ pip install traefik-certificate-exporter
Usage
usage: traefik-certificate-exporter [-h] [-c CONFIGFILE] [-d DATAPATH] [-w] [-fs FILESPEC] [-o OUTPUTPATH] [--traefik-resolver-id TRAEFIKRESOLVERID] [-f] [-r] [--dry-run] [-id [INCLUDEDOMAINS [INCLUDEDOMAINS ...]] | -xd
[EXCLUDEDOMAINS [EXCLUDEDOMAINS ...]]]
Extract traefik letsencrypt certificates.
optional arguments:
-h, --help show this help message and exit
-c CONFIGFILE, --config-file CONFIGFILE
the path to watch for changes (default: None)
-d DATAPATH, --data-path DATAPATH
the path that contains the acme json files (default: ./)
-w, --watch-for-changes
If specified, monitor and watch for changes to acme files
-fs FILESPEC, --file-spec FILESPEC
file that contains the traefik certificates (default: *.json)
-o OUTPUTPATH, --output-directory OUTPUTPATH
The folder to exports the certificates in to (default: ./certs)
--traefik-resolver-id TRAEFIKRESOLVERID
Traefik certificate-resolver-id.
-f, --flat If specified, all certificates into a single folder
-r, --restart_container
If specified, any container that are labeled with 'com.github.ravensorb.traefik-certificate-exporter.domain-restart=<DOMAIN>' will be restarted if the domain name of a generated certificates matches the value
of the lable. Multiple domains can be seperated by ','
--dry-run Don't write files and do not restart docker containers.
-id [INCLUDEDOMAINS [INCLUDEDOMAINS ...]], --include-domains [INCLUDEDOMAINS [INCLUDEDOMAINS ...]]
If specified, only certificates that match domains in this list will be extracted
-xd [EXCLUDEDOMAINS [EXCLUDEDOMAINS ...]], --exclude-domains [EXCLUDEDOMAINS [EXCLUDEDOMAINS ...]]
If specified. certificates that match domains in this list will be ignored
Examples
Watch the letsencrypt folder for any changes to files matching acme-*.json and export any certs managed by the resolver called "resolver-http"
Script
Run it once and exite
traefik-certificate-exporter \
-d /mnt/traefik-data/letsencrypt \
-o /mnt/certs \
-fs "acme-*.json" \
--traefik-resolver-id "resolver-http"
Run it and watch for changes to the files
traefik-certificate-exporter \
-d /mnt/traefik-data/letsencrypt \
-o /mnt/certs \
-fs "acme-*.json" \
--traefik-resolver-id "resolver-http" \
-w
Credits
This tool is HEAVLY influenced by the excellent work of DanielHuisman and Marc Brückner
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for traefik-certificate-exporter-0.0.7.dev6.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 34c095168097c51db90290995116c915d6b2e8cb234754777f921101129a705d |
|
MD5 | 3281a2638ac5cb0e5e6ddae5822edcaf |
|
BLAKE2b-256 | 09dc42bca9f994f8efcde50a55e66bc4ca1fbfb0e76bbc9c5f1e6d5ce7a6dd06 |
Hashes for traefik_certificate_exporter-0.0.7.dev6-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 346ff1b15962aaaaaa74893725f95ad081dd4d81ec1c31be3e2c438df631d5ba |
|
MD5 | f70ddfbbbbae6bc754f1d96f3acc2adb |
|
BLAKE2b-256 | a822e8398ad23a6d65272d6c283d2cd35b71ec580e8d7793a7e64c559da9808d |