Merge pull request #253 from misilot/acme-updates

Acme updates -- Allow for External Account Binding
Islandora-Devops · Jan 13, 2023 · 3b0a730 · 3b0a730
2 parents 9ab60d8 + 52af78f
commit 3b0a730
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/build/docker-compose/docker-compose.acme.yml b/build/docker-compose/docker-compose.acme.yml
@@ -17,7 +17,7 @@ services:
       - --entryPoints.activemq.address=:8161
       - --entryPoints.solr.address=:8983
       - --entryPoints.code-server.address=:8443
-      - --log.level=${TRAEFIK_LOG_LEVEL-ERROR}
+      - --log.level=${TRAEFIK_LOG_LEVEL:-ERROR}
       - --providers.docker
       - --providers.docker.network=gateway
       - --providers.docker.exposedByDefault=false
@@ -26,8 +26,12 @@ services:
       - --certificatesresolvers.myresolver.acme.httpchallenge=true
       - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=http
       - --certificatesresolvers.myresolver.acme.email=${[email protected]}
+      - --certificatesresolvers.myresolver.acme.keyType=${ACME_KEY_TYPE-RSA4096}
       - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json
       - --certificatesResolvers.myresolver.acme.caServer=${ACME_SERVER-https://acme-v02.api.letsencrypt.org/directory}
+      - --certificatesresolvers.myresolver.acme.certificatesduration=${ACME_CERT_DURATION-2160}
+      - --certificatesresolvers.myresolver.acme.eab.kid=${ACME_EAB_KID-}
+      - --certificatesresolvers.myresolver.acme.eab.hmacencoded=${ACME_EAB_HMAC-}
     volumes:
       - ../../acme:/acme:rw
   cantaloupe:

diff --git a/sample.env b/sample.env
@@ -35,11 +35,21 @@ PROJECT_DRUPAL_DOCKERFILE=Dockerfile
 # Includes `traefik` as a service, if false assume we are sharing a traefik
 # from another project.
 INCLUDE_TRAEFIK_SERVICE=true
+TRAEFIK_LOG_LEVEL=ERROR
 
 # Should we use ACME to generate a SSL Certificate
 USE_ACME=false
 # Specify email to tie SSL Certificate to with ACME provider
 ACME_EMAIL=[email protected]
+# KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'.
+ACME_KEY_TYPE=RSA4096
+
+# ACME Defaults for Let's Encrypt Service
+# ACME_SERVER=https://acme-v02.api.letsencrypt.org/directory
+# Default duration for the certificate is 90 days or 2,160 hours for Let's Encrypt
+# ACME_CERT_DURATION=2160
+# ACME_EAB_KID=
+# ACME_EAB_HMAC=
 
 # Includes `watchtower` as a service.
 INCLUDE_WATCHTOWER_SERVICE=false