aditosoftware / nodepki-docker Goto Github PK
View Code? Open in Web Editor NEWDocker container for NodePKI API server and NodePKI client. Batteries included.
License: MIT License
Docker container for NodePKI API server and NodePKI client. Batteries included.
License: MIT License
Container exit must be forced. Doesn't react on CTRL+C :(
Add nodepki-client to docker container.
Hi there,
I tried to run nodepki-docker
but the nodepki server seems to crash every time docker-compose up
entered.
Clone the repo:
git clone [email protected]:aditosoftware/nodepki-docker.git
Edit docker-compose.yml
:
version: '3.4'
services:
nodepki:
image: adito/nodepki-docker
ports:
- "8080:8080"
- "2560:2560"
- "5000:5000"
- "5858:5858"
volumes:
- "/opt/data/nodepki/nodepki:/root/nodepki/data"
- "/opt/data/nodepki/nodepki-client/:/root/nodepki-client/data"
- "/opt/data/nodepki/nodepki-webclient/:/root/nodepki-webclient/data"
- "/opt/data/nodepki/certs/:/root/nodepki-client/out"
extra_hosts:
- "ca.example.com:127.0.0.1"
- "ocsp.example.com:127.0.0.1"
- "ca-admin.example.com:127.0.0.1"
environment:
API_USERNAME: localadmin
API_PASSWORD: top_secret
labels:
traefik.ca-admin.port: 5000
traefik.ca-admin.frontend.rule: Host:ca-admin.example.com
traefik.ca-admin.protocol: http
traefik.ca.port: 8080
traefik.ca.frontend.rule: Host:ca.example.com
traefik.ca.protocol: http
traefik.ocsp.port: 2560
traefik.ocsp.frontend.rule: Host:ocsp.example.com
traefik.ocsp.protocol: http
Let the basic config generate:
[root@node01]# docker-compose run nodepki /bin/sh /root/setup.sh
>>>>>> Setting up NodePKI-Client ...
>>>>>> Setting up NodePKI-Webclient ...
>>>>>> Setting up NodePKI ...
[14:21:15] User created successfully.
>>>>>> Setup finished.
Edited the configuration nodepki/config/config.yml
:
###
### Server config: IP-Address and port to listen to.
###
server:
ip: 0.0.0.0
http:
domain: ca.example.com
port: 8080
ocsp:
domain: ocsp.example.com
port: 2560
###
### CA config: Passphrase for CA Key
###
ca:
root:
passphrase: <secret>
days: 3650
country: CH
state: Zurich
locality: Zurich
organization: Example GmbH
commonname: Root CA
intermediate:
passphrase: <secret>
days: 3650
country: CH
state: Zurich
locality: Zurich
organization: Example ORG
commonname: Intermediate CA
ocsp:
passphrase: <secret>
country: CH
url: "http://ocsp.example.com"
crl:
url: "http://ca.example.com/public/ca/intermediate/crl"
###
### Settings for end user certificates
###
cert:
lifetime_default: 1
lifetime_max: 1095
nodepki-webclient config.yml
:
server:
baseurl: http://ca-admin.example.com
ip: 0.0.0.0
port: 5000
apiserver:
hostname: ca.example.com
port: 8080
publicport: 8080
tls: false
csr_defaults:
country: CH
state: Zurich
locality: Zurich
organization: Example ORG
nodepki-client config.yml
:
###
### Hostnames and ports of the NodePKI server
###
server:
hostname: ca.example.com
port_plain: 8080
port_tls: 443
tls: false
###
### Username and password to authenticate with
###
user:
username: localadmin
password: top_secret
###
### CSR default values
###
csr_defaults:
country: "CH"
state: "Zurich"
locality: "Zurich"
organization: "Example ORG"
###
### Default certificate lifetime
###
cert_lifetime_default: 1095
Start of nodepki:
[root@node01]# docker-compose up
Recreating nodepki_nodepki_1 ... done
Attaching to nodepki_nodepki_1
nodepki_1 | 2018-04-28 14:23:16,479 CRIT Supervisor running as root (no user in config file)
nodepki_1 | 2018-04-28 14:23:16,482 INFO supervisord started with pid 7
nodepki_1 | 2018-04-28 14:23:17,484 INFO spawned: 'nodepki' with pid 10
nodepki_1 | 2018-04-28 14:23:17,485 INFO spawned: 'nodepki_webclient' with pid 11
nodepki_1 | 2018-04-28 14:23:17,936 INFO exited: nodepki (exit status 1; not expected)
nodepki_1 | 2018-04-28 14:23:18,938 INFO spawned: 'nodepki' with pid 32
nodepki_1 | 2018-04-28 14:23:18,939 INFO success: nodepki_webclient entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
nodepki_1 | 2018-04-28 14:23:19,350 INFO exited: nodepki (exit status 1; not expected)
nodepki_1 | 2018-04-28 14:23:21,354 INFO spawned: 'nodepki' with pid 48
nodepki_1 | 2018-04-28 14:23:21,761 INFO exited: nodepki (exit status 1; not expected)
nodepki_1 | 2018-04-28 14:23:24,764 INFO spawned: 'nodepki' with pid 64
nodepki_1 | 2018-04-28 14:23:25,169 INFO exited: nodepki (exit status 1; not expected)
nodepki_1 | 2018-04-28 14:23:26,171 INFO gave up: nodepki entered FATAL state, too many start retries too quickly
Do you guys have any guess that the issue could be? I guess its something with the configuration but I don't have any clue what's wrong. The nodepki server unfortunately does not deliver a more specific error message.
No reverse proxy is currently used in front of the nodepki application.
Thanks!
Regards,
Philip
This project looks to be pretty dead but here I go anyway :
I think I followed instructions, but still the setup scripts doesn't have the data directory to work with. mkdir -p
seems to help with this issue but I still get empty config when trying to continue with the procedure.
> sudo docker-compose run nodepki /bin/sh /opt/nodepki/setup.sh
>>>>>> Setting up NodePKI-Client ...
mkdir: can't create directory 'data/config': No such file or directory
cp: can't create 'data/config/config.yml': No such file or directory
/opt/nodepki/setup.sh: line 10: can't create data/config/config.yml.tmp: nonexistent directory
/opt/nodepki/setup.sh: line 11: can't create data/config/config.yml.tmp: nonexistent directory
>>>>>> Setting up NodePKI-Webclient ...
mkdir: can't create directory 'data/config': No such file or directory
cp: can't create 'data/config/config.yml': No such file or directory
>>>>>> Setting up NodePKI ...
mkdir: can't create directory 'data/config': No such file or directory
cp: can't create 'data/config/config.yml': No such file or directory
[15:55:28] User created successfully.
>>>>>> Setup finished.
Don't load complete new config file but use sed and environment variables to customize config in container.
Add information about Webclient
Hello,
I was able to deploy this on my local machine and it worked very well (thank you!), however, when I tried moving it to my NAS, things were not as smooth as I would've hoped them to be.
My setup is as follows:
Synology NAS with 2 containers:
Nginx container is essentially a reverse proxy for my other services. So, when I go to https://myservice.mydomain.com
, nginx will proxy_pass
to an internal url. I thought that I would do the same thing with nodepki, but I cannot figure out proper environment variables for everything to just work. All my service subdomains have a Let's Encrypt cert installed, so I have the following connection flow: Internet ----> SSL ---> NGinx ---> HTTP ----> service
I am trying to have all the services on a single subdomain (say, certification.mydomain.com
), instead of multiple. I have also used your nginx template from main readme file, where different services are at different locations.
I am pretty sure that the issue is with environment variables, but I am not sure.
Here's my nginx.conf:
server {
listen 443 ssl;
server_name certifications.mydomain.com;
include /config/snippets/le_cert.conf;
location = / {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite ^ https://certifications.mydomain.com/webclient/ permanent;
}
location /api {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nodepki:8080/api;
}
location /public {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nodepki:8080/public;
}
location /webclient/ {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nodepki:5000/;
}
location /ocsp {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nodepki:2560;
}
access_log logs/nodepki.access.log main;
error_log logs/nodepki.error.log;
}
Here's my env variables:
INTERMEDIATE_CA_COMMON_NAME=Intermediate CA,
ROOT_CA_COMMON_NAME=CA,
CA_CERT_EXPIRE_IN_DAYS=3650,
OCSP_PASSPHRASE=my_ocsp_password,
INTERMEDIATE_PASSPHRASE=my_intermediate_password,
ROOT_PASSPHRASE=my_root_password,
CERT_MAX_LIFETIME_IN_DAYS=3650,
CERT_MIN_LIFETIME_IN_DAYS=1,
ORGANIZATION_NAME=My Org,
LOCALITY_NAME=Some City,
STATE_NAME=Some State,
COUNTRY_CODE=US,
CA_OSCP_SERVER_HTTP_URL=https://certifications.mydomain.com/ocsp,
CA_CRL_SERVER_HTTP_URL=https://certifications.mydomain.com/public/ca/intermediate/crl,
CA_WEBCLIENT_HTTP_URL=https://certifications.mydomain.com/webclient,
CA_OSCP_SERVER_PORT=2560,
CA_OSCP_SERVER_URL=certifications.mydomain.net/ocsp,
CA_WEBCLIENT_SERVER_PORT=8080,
CA_WEBCLIENT_BIND_IP_ADDRESS=0.0.0.0,
CA_WEBCLIENT_SERVER_URL=certifications.mydomain.net/webclient,
CA_API_SERVER_TLS_ENABLED=false,
CA_API_SERVER_TLS_PORT=443,
CA_API_SERVER_PLAIN_PORT=5000,
CA_API_SERVER_URL=certifications.mydomain.net/api,
CA_API_SERVER_BIND_IP_ADDRESS=0.0.0.0,
API_PASSWORD=my_api_password,
API_USERNAME=my_api_user
Containers are linked to each other, which is why I am able to use nodepki
as a hostname in my nginx config.
Thanks for your help!
IP-Addresses are currently statically defined via Dockerfile. Make this dynamic.
Make Dockerfile and Docker-compose.yml version-independent from nodepki version.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.