acme.sh
caddy-docker-proxy
Our great sponsors
acme.sh | caddy-docker-proxy | |
---|---|---|
276 | 52 | |
36,065 | 2,284 | |
2.5% | - | |
8.8 | 7.6 | |
1 day ago | 7 days ago | |
Shell | Go | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
acme.sh
-
Why Certificate Lifecycle Automation Matters
Huh, the environment variable thing was specifically aimed at acme.sh which rather arbitrarily changed the config value from ACMEDNS_UPDATE_URL to ACMEDNS_BASE_URL, never acknowledged this in a changelog and then silently failed after an automatic upgrade as recommended by the default install:
https://github.com/acmesh-official/acme.sh/commit/2ce145f359...
It's also cleared out my .account.conf files when run on the suggested cron.
I've started using updown which also monitors my TLS certs simply because I no longer trust the process to work as documented.
-
The Bureau of Meteorology website does not support connections via HTTPS
It depends on your provider though. I can tell from experience that with OVH and their API, it's been easy to set up the automatic renewal via DNS verification. Apparently, the official client has support for the DNS API of 159 providers: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
-
I made a tool for automatically updating the current and next (rollover) TLSA DNS records with acme.sh and the Cloudflare API
For the few people here that happen to run a self-hosted email server with acme.sh for TLS key/cert generation and Cloudflare for DNS management, I have made a tool that i personally use to get a perfect 100% score on Internet.nl's email test.
-
IT Pro Tuesday #276 - Cert Automation, Packet Analysis, Vim Cheatsheet & More
acme.sh is a lightweight Unix shell script for automatic issuance and renewal of free certificates in a Unix environment. It's compatible with Bash, dash, and sh; Docker/IPv6 ready; requires no external dependencies; and can issue, renew, and install certificates without the need for root or sudoer access. Thanks for this recommendation go to blitznogger.
-
Cannot install with mack-a's v2ray-agent script
Error troubleshooting: 1.Failed to obtain Github files, please wait for Github to recover and try, the recovery progress can be viewed at [https://www.githubstatus.com/] There is a bug in the 2.acme.sh script, see [https://github.com/acmesh-official/acme.sh] issues
My vps is located in Japan so there shouldn't be any trouble grabbing files from github and such but it obviously timed out every time the script tried to grab acme.sh's repository. Has anyone tried this script lately with success?
-
HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
you may wish to use certbot instead:
-
Caddy is the first and only web server to use HTTPS automatically and by default
like https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mo...
If DNS-01 is not an option or to complicated, this saves you from exposing a host to the internet for no good reason.
-
Where do you get/setup certificates from for your https/ssl?
Caddy where possible, and acme.sh or lego where not.
-
Internal Server Error when proxy host directs to router
The SSL certificate for my wildcard domain is currently managed by the acme.sh script running as a Docker container until the issue with NPM and Azure DNS certificate management is resolved.
caddy-docker-proxy
-
Keycloak SSO with Docker Compose and Nginx
My go to is always this instead:
https://github.com/lucaslorentz/caddy-docker-proxy
Single label to a docker container and with correct DNS you’ll have an automatically managed certificate right away.
-
Working on Multiple Web Projects with Docker Compose and Traefik
I have had a great experience with using this: https://github.com/lucaslorentz/caddy-docker-proxy
It combines caddy with docker-compose labels, making it super easy to spin up new projects that can immediately be exposed.
-
Caddy is the first and only web server to use HTTPS automatically and by default
If you want a slightly heavier but more robust solution, caddy-docker-proxy[0] is a plugin that listens to the Docker socket and automatically updates the Caddy configuration based on Docker labels you add to containers.
I.e. it makes Caddy act a bit more like Traefik. Most of the time, you'll just add the label `caddy.reverse_proxy={{upstreams http 8080}}` to your containers and the plugin will regenerate Caddy's configuration whenever the container is modified.
-
Nginx Development Guide
I disagree, Caddy works great in Docker. See https://caddyserver.com/docs/running#docker-compose, and CDP is a project that autoconfigures Caddy from labels https://github.com/lucaslorentz/caddy-docker-proxy. Regarding plugins, it's super simple to write a Dockerfile to add plugins, we ship a builder image variant that can be used to compile in any plugins you want.
-
How I run my servers
````
This way, Caddy will buffer the request and give 30 seconds for your new service to get online when you're deploying a new version.
Ideally, during deployment of a new version the new version should go live and healthy before caddy starts using it (and kills the old container). I've looked at https://github.com/Wowu/docker-rollout and https://github.com/lucaslorentz/caddy-docker-proxy but haven't had time to prioritize it yet.
-
Which reverse proxy are you using?
And if you're using Docker then you can use Caddy Docker Proxy to configure Caddy directly in your Docker compose files:
Docker labels support is available via a plugin https://github.com/lucaslorentz/caddy-docker-proxy
-
My repository of the week: NGINX Proxy - Automated nginx for your containers
Or caddy-docker-proxy: https://github.com/lucaslorentz/caddy-docker-proxy
-
Ask HN: What's on Your Home Server?
- zwave-js-ui (manages the zwave based smart home devices I have...about 20 or so)
My router/firewall is a separate devices running OPNsense.
I run all the services with docker-compose. The server itself is a bit of a snowflake but all the critical parts of the services are in their respective docker directories so backup is a snap (aside from postgres which has a separate backup process).
Currently I'm working on documenting a recovery procedure for Vaultwarden from our Backblaze backups so that in the event something happens to me my wife will be able to recover the Vaultwarden instance and our passwords. That's a fun exercise in documentation and simplifying the process.
Snapcast has really been a dream for multi-room audio setup. It presents a Spotify Connect device to anyone on my wifi. It has a separate stream which comes from whatever is being played on MPD and it is easily configured to play audio from whichever of those two streams is actively playing music...so I don't have to manually switch between them.
Caddy has been great for organizing everything and ensuring each service has HTTPS. I understand Traefik is somewhat more purpose built for doing this with a bunch of containers but I haven't had a need to switch.
I do use https://github.com/lucaslorentz/caddy-docker-proxy for letting the containers themselves describe their respective domains and mapping.
I do have a VPS and use it for the occasional site that needs to be more reliable than my home internet (which itself is quite reliable but I'm not counting 9s there). More and more I find I'm comfortable putting random static sites on my machine at home, though.
- Most used selfhosted services in 2022?
What are some alternatives?
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
dehydrated - letsencrypt/acme client implemented as a shell-script – just add water
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
traefik - The Cloud Native Application Proxy
Portainer - Making Docker and Kubernetes management easy.
lego - Let's Encrypt/ACME client and library written in Go
pterodactyl-installer - :bird: Unofficial installation scripts for Pterodactyl Panel
jellyfin-media-player - Jellyfin Desktop Client based on Plex Media Player
docker-pi-hole - Pi-hole in a docker container
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.