From 26f86bdd40a7e775504bc07ac3641efc9b5e678c Mon Sep 17 00:00:00 2001
From: dede <luca@g-laber.de>
Date: Fri, 4 Nov 2022 21:43:44 +0100
Subject: [PATCH] initial commit

---
 .gitignore         |  3 +++
 README.md          | 28 ++++++++++++++++++++++++++++
 docker-compose.yml | 12 ++++++++++++
 env.sample         |  8 ++++++++
 4 files changed, 51 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 docker-compose.yml
 create mode 100644 env.sample

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f3ae298
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+data/*
+.env
+docker-compose.override.yml
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5188d5f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+# step-ca
+step-ca ready to go for your internal network.
+
+this project was setup for use with nginx-proxy in a local network environment to run several services with hopefully network-wide trusted certificates.
+
+# configuration
+there's not much to configure with step-ca. just copy the env.sample file to .env and configure the values the way you like. since port 443 is in use on a monolithic setup very likely, you may want to set a different port there.
+
+all the rest is default step-ca configuration.
+
+# initialization
+after running the container you may want enable acme as this is not the case by default. just run the following command
+
+`docker compose exec step-ca step ca provisioner add acme --type ACME`
+
+or connect to a container shell and run the `step-ca` command there.
+
+after that you should be able to use your own ca with an acme client.
+
+details: https://smallstep.com/docs/step-ca/provisioners#acme
+
+# docs
+* step-ca  https://smallstep.com/docs/step-ca/
+* docker tls ca  https://smallstep.com/docs/tutorials/docker-tls-certificate-authority
+* github  https://github.com/smallstep/certificates
+
+2022-11-04
+dede
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..cfa1f4a
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,12 @@
+---
+version: "3.7"
+
+services:
+  step-ca:
+    image: smallstep/step-ca
+    container_name: step-ca
+    restart: unless-stopped
+    ports:
+      - ${APP_PORT:-9000}:9000
+    volumes:
+      - ${APP_DATADIR:-./data}:/home/step
diff --git a/env.sample b/env.sample
new file mode 100644
index 0000000..d36bea3
--- /dev/null
+++ b/env.sample
@@ -0,0 +1,8 @@
+APP_PORT=9000
+APP_DATADIR=./data
+
+DOCKER_STEPCA_INIT_NAME=CA
+DOCKER_STEPCA_INIT_DNS_NAMES=ca.internal
+DOCKER_STEPCA_INIT_PROVISIONER_NAME=admin
+DOCKER_STEPCA_INIT_SSH=true
+DOCKER_STEPCA_INIT_PASSWORD=initpwd