Difference between revisions of "PKI ACME Container"

From Dogtag
Jump to: navigation, search
m (PKI ACME Dockerfile)
m
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Code Changes =
+
= Overview =
  
The code for PKI ACME responder is available in this branch:
+
This page describes the procedure to install PKI ACME responder as a container on Podman.
  
* https://github.com/edewata/pki/commits/acme
+
Development branch: https://github.com/edewata/pki/commits/acme
  
= PKI ACME Dockerfile =
+
= Dockerfile =
  
<pre>
+
* https://github.com/dogtagpki/pki/blob/master/base/acme/Dockerfile
FROM fedora:30
 
 
 
EXPOSE 8080
 
 
 
RUN dnf install -y dnf-plugins-core && dnf copr enable -y edewata/pki
 
RUN dnf install -y pki-server && dnf clean all
 
 
 
# Create Tomcat instance
 
RUN pki-server create tomcat@acme
 
 
 
# Deploy PKI ACME responder
 
RUN pki-server acme-create -i tomcat@acme
 
RUN pki-server acme-deploy -i tomcat@acme
 
 
 
# Configure permission for OpenShift
 
RUN chgrp -Rf root /var/lib/tomcats/acme && chmod -Rf g+w /var/lib/tomcats/acme
 
 
 
USER tomcat
 
 
 
CMD [ "pki-server", "run", "tomcat@acme", "--as-current-user" ]
 
</pre>
 
 
 
= Building PKI ACME Image =
 
 
 
<pre>
 
$ docker build -t acme .
 
</pre>
 
 
 
= Running PKI ACME Container =
 
 
 
<pre>
 
$ docker run \
 
    --name acme \
 
    --tmpfs /tmp \
 
    --tmpfs /run \
 
    --publish 8080:8080 \
 
    -ti \
 
    acme
 
</pre>
 
  
= Testing with an ACME Client =
+
= Building Container Image =
  
 
<pre>
 
<pre>
$ certbot certonly --manual \
+
$ mkdir -p RPMS
    -d server.example.com \
+
$ podman build \
    --register-unsafely-without-email \
+
  -t pki-acme \
    --preferred-challenges dns \
+
  --build-arg COPR_REPO=@pki/master \
    --server http://localhost:8080/acme/directory
+
  .
 
</pre>
 
</pre>
  
= Releasing PKI ACME Image =
+
= Releasing Container Image =
  
 
<pre>
 
<pre>
$ docker tag acme:latest <username>/acme:latest
+
$ podman tag pki-acme:latest quay.io/<username>/pki-acme:latest
$ docker push <username>/acme:latest
+
$ podman push quay.io/<username>/pki-acme:latest
 
</pre>
 
</pre>
  
= Available Images =
+
= Deployment =
  
* [https://cloud.docker.com/u/edewata/repository/docker/edewata/acme edewata/acme]
+
* [https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Deploying_ACME_on_Podman.md Deploying ACME on Podman]
  
 
= See Also =
 
= See Also =

Revision as of 19:45, 29 June 2020

Overview

This page describes the procedure to install PKI ACME responder as a container on Podman.

Development branch: https://github.com/edewata/pki/commits/acme

Dockerfile

Building Container Image

$ mkdir -p RPMS
$ podman build \
  -t pki-acme \
  --build-arg COPR_REPO=@pki/master \
  .

Releasing Container Image

$ podman tag pki-acme:latest quay.io/<username>/pki-acme:latest
$ podman push quay.io/<username>/pki-acme:latest

Deployment

See Also