diff --git a/README.md b/README.md index 98fcaad..eece714 100644 --- a/README.md +++ b/README.md @@ -4,25 +4,30 @@ step-ca ready to go for your internal network. this project was setup for use with nginx-proxy in a local network environment to run several services with hopefully network-wide trusted certificates. # configuration -there's not much to configure with step-ca. just copy the env.sample file to .env and configure the values the way you like. since port 443 is in use on a monolithic setup very likely, you may want to set a different port there. +there's not much to configure with step-ca. to setup a new `.env` file you can either run the `setup.sh` script or just copy the `env.sample` file to `.env` and configure the values the way you like. if you do the configuration manually don't forget to create the data directory. -all the rest is default step-ca configuration. +the default port is 9000 and does not have to be changed except that port is already in use on your system. + +all the rest is default step-ca configuration (see the [docs](https://smallstep.com/docs/step-ca/)). # initialization after running the container you may want enable acme as this is not the case by default. just run the following command -`docker compose exec step-ca step ca provisioner add acme --type ACME` + docker compose exec step-ca step ca provisioner add acme --type ACME -or connect to a container shell and run the `step-ca` command there. +or connect to a container shell and run the command there. after that you should be able to use your own ca with an acme client. details: https://smallstep.com/docs/step-ca/provisioners#acme # links -* step-ca https://smallstep.com/docs/step-ca/ -* docker tls ca https://smallstep.com/docs/tutorials/docker-tls-certificate-authority -* github https://github.com/smallstep/certificates +* step-ca docs + https://smallstep.com/docs/step-ca/ +* docker tls ca + https://smallstep.com/docs/tutorials/docker-tls-certificate-authority +* github + https://github.com/smallstep/certificates 2022-11-04 dede diff --git a/env.sample b/env.sample index d36bea3..af60086 100644 --- a/env.sample +++ b/env.sample @@ -1,3 +1,5 @@ +COMPOSE_PROJECT_NAME=step-ca + APP_PORT=9000 APP_DATADIR=./data diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..380a631 --- /dev/null +++ b/setup.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# env setup script for step-ca docker compose +# 2023-01-06 by dede & dany + +echo "step-ca docker compose setup" +echo "> env setup for step-ca with docker compose..." + +# check for existing .env file to not break an existing setup +if [[ -f .env ]]; then + echo "> .env file already exists. setup will not run. either rename or delete it first." + exit 1 +elif [[ ! -f env.sample ]]; then + echo "> env.sample file is missing. cannot run." + exit 2 +fi + +# create .env file +echo -e "# file generated by ${0##*/} on $(date +"%F %H:%M") by $USER\n" > .env + +# step through the list of lines and ask for each key to use default value or set value +# for each line in configfile +while read -r -u 3 line; do + + # keep blank and comment lines + if [[ -z $line ]] || [[ $line == \#* ]]; then + echo "$line" >> .env + + # handle variable lines + else + # split line by '=' into key and value + readarray -d "=" -t currvar<<< "$line" + echo -n "please enter value for ${currvar[0]} [${currvar[1]::-1}]: " + read -r userinput + + # set userinput as new value + if [ -n "$userinput" ] ; then + echo "${currvar[0]}=$userinput" >> .env + + # keep default value if empty userinput + else + echo "$line" >> .env + fi + fi +done 3< env.sample