initial commit

.gitignore

@@ -0,0 +1,3 @@
+data/*
+.env
+docker-compose.override.yml

README.md

@@ -0,0 +1,28 @@
+# step-ca
+step-ca ready to go for your internal network.
+
+this project was setup for use with nginx-proxy in a local network environment to run several services with hopefully network-wide trusted certificates.
+
+# configuration
+there's not much to configure with step-ca. just copy the env.sample file to .env and configure the values the way you like. since port 443 is in use on a monolithic setup very likely, you may want to set a different port there.
+
+all the rest is default step-ca configuration.
+
+# initialization
+after running the container you may want enable acme as this is not the case by default. just run the following command
+
+`docker compose exec step-ca step ca provisioner add acme --type ACME`
+
+or connect to a container shell and run the `step-ca` command there.
+
+after that you should be able to use your own ca with an acme client.
+
+details: https://smallstep.com/docs/step-ca/provisioners#acme
+
+# docs
+* step-ca  https://smallstep.com/docs/step-ca/
+* docker tls ca  https://smallstep.com/docs/tutorials/docker-tls-certificate-authority
+* github  https://github.com/smallstep/certificates
+
+2022-11-04
+dede

docker-compose.yml

@@ -0,0 +1,12 @@
+---
+version: "3.7"
+
+services:
+  step-ca:
+    image: smallstep/step-ca
+    container_name: step-ca
+    restart: unless-stopped
+    ports:
+      - ${APP_PORT:-9000}:9000
+    volumes:
+      - ${APP_DATADIR:-./data}:/home/step

env.sample

@@ -0,0 +1,8 @@
+APP_PORT=9000
+APP_DATADIR=./data
+
+DOCKER_STEPCA_INIT_NAME=CA
+DOCKER_STEPCA_INIT_DNS_NAMES=ca.internal
+DOCKER_STEPCA_INIT_PROVISIONER_NAME=admin
+DOCKER_STEPCA_INIT_SSH=true
+DOCKER_STEPCA_INIT_PASSWORD=initpwd