Watches for changes to traefik acme json files and extracts certificates to a specific folder
Project description
Overview
This tool can be used to extract acme certificates (ex: lets encrupt) from traefik json files. The tool is design to watch for changes to a folder for any files that match a filespec (defaults to *,json however can be set to a specific file name) and when changes are detected it will process the file and extract any certificates that are in it to the specified output path
Installation
Python Script/Tool
Installation can be done via the python package installer tool pip
$ pip install traefik-certificate-exporter
Usage
usage: traefik-certificate-exporter [-h] [-c CONFIGFILE] [-d SETTINGS.DATAPATH] [-w] [-fs SETTINGS.FILESPEC] [-o SETTINGS.OUTPUTPATH] [--traefik-resolver-id SETTINGS.TRAEFIKRESOLVERID] [--flat] [--restart-container]
[--dry-run] [-r] [--include-resolvername-in-outputpath] [-ll {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [-id [SETTINGS.DOMAINS.INCLUDE ...] | -xd [SETTINGS.DOMAINS.EXCLUDE ...]]
Extract traefik letsencrypt certificates.
options:
-h, --help show this help message and exit
-c CONFIGFILE, --config-file CONFIGFILE
the path to watch for changes (default: config.yaml)
-d SETTINGS.DATAPATH, --data-path SETTINGS.DATAPATH
the path that contains the acme json files
-w, --watch-for-changes
If specified, monitor and watch for changes to acme files
-fs SETTINGS.FILESPEC, --file-spec SETTINGS.FILESPEC
file that contains the traefik certificates
-o SETTINGS.OUTPUTPATH, --output-path SETTINGS.OUTPUTPATH
The folder to exports the certificates in to
--traefik-resolver-id SETTINGS.TRAEFIKRESOLVERID
Traefik certificate-resolver-id.
--flat If specified, all certificates into a single folder
--restart-container If specified, any container that are labeled with 'com.github.ravensorb.traefik-certificate-exporter.domain-restart=<DOMAIN>' will be restarted if the domain name of a generated certificates
matches the value of the lable. Multiple domains can be seperated by ','
--dry-run Don't write files and do not restart docker containers.
-r, --run-at-start Runs Export immediately on start (used with watch-for-changes).
--include-resolvername-in-outputpath
Added the resolvername in the path used to export the certificates (ignored if flat is specified).
-ll {DEBUG,INFO,WARNING,ERROR,CRITICAL}, --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
Set the logging level (default: INFO)
-id [SETTINGS.DOMAINS.INCLUDE ...], --include-domains [SETTINGS.DOMAINS.INCLUDE ...]
If specified, only certificates that match domains in this list will be extracted
-xd [SETTINGS.DOMAINS.EXCLUDE ...], --exclude-domains [SETTINGS.DOMAINS.EXCLUDE ...]
If specified. certificates that match domains in this list will be ignored
Examples
Watch the letsencrypt folder for any changes to files matching acme-*.json and export any certs managed by the resolver called "resolver-http"
Script
Run it once and then exit
traefik-certificate-exporter \
-d /mnt/traefik-data/letsencrypt \
-o /mnt/certs \
-fs "acme-*.json" \
-r
Run it and watch for changes to the files
traefik-certificate-exporter \
-d /mnt/traefik-data/letsencrypt \
-o /mnt/certs \
-fs "acme-*.json"
-w
Credits
This tool is HEAVLY influenced by the excellent work of DanielHuisman and Marc Brückner
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for traefik_certificate_exporter-0.1.0.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8f0dd984241cf51b8e23b7c52f3d8a8f14ab360c098937695d2d397d313d44d4 |
|
MD5 | a82ff5b1465134d531034af88418e6d4 |
|
BLAKE2b-256 | 94698103a13745c075b206a32e7001716fd087c150a8143855bdadf6c81476d1 |
Hashes for traefik_certificate_exporter-0.1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 592ba880c808b8e6c303ffb65b3546d36160cf5ba34d4d10f549f3d586879e61 |
|
MD5 | da1a00800e9b53770004c466f1784430 |
|
BLAKE2b-256 | c52b463f1c38b223b429c9421979fa7b3a5a20a8eb5cc175d5a4180b09f4e357 |