PKI ACME Container

From Dogtag
Jump to: navigation, search

Code Changes

The code for PKI ACME responder is available in this branch:

PKI ACME Dockerfile

FROM fedora:30

EXPOSE 8080

RUN dnf install -y dnf-plugins-core && dnf copr enable -y edewata/pki
RUN dnf install -y pki-server && dnf clean all

# Create Tomcat instance
RUN pki-server create tomcat@acme

# Deploy PKI ACME responder
RUN pki-server acme-create -i tomcat@acme
RUN pki-server acme-deploy -i tomcat@acme

# Configure permission for OpenShift
RUN chgrp -Rf root /var/lib/tomcats/acme && chmod -Rf g+w /var/lib/tomcats/acme

USER tomcat

CMD [ "pki-server", "run", "tomcat@acme", "--as-current-user" ]

Building PKI ACME Image

$ docker build -t acme .

Running PKI ACME Container

$ docker run \
    --name acme \
    --tmpfs /tmp \
    --tmpfs /run \
    --publish 8080:8080 \
    -ti \
    acme

Testing with an ACME Client

$ certbot certonly --manual \
    -d server.example.com \
    --register-unsafely-without-email \
    --preferred-challenges dns \
    --server http://localhost:8080/acme/directory

Releasing PKI ACME Image

$ docker tag acme:latest <username>/acme:latest
$ docker push <username>/acme:latest

Available Images

See Also