compose-spec
letsencrypt
compose-spec | letsencrypt | |
---|---|---|
24 | 21 | |
2,064 | 30,850 | |
2.2% | 0.3% | |
8.3 | 9.0 | |
5 days ago | 23 days ago | |
Dockerfile | Python | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
compose-spec
-
One Minute: Compose
Specification: https://compose-spec.io
-
Podman Desktop v1.5 with Compose onboarding and enhanced Kubernetes pod data
https://github.com/compose-spec/compose-spec/blob/master/spe...
-
How “It works in my machine” turns to “It works in my container”
There are a number of incorrect statements in this post.
1) One should neither be using the "latest" nor just the "version" tag as the version can still vary depending on when it is pulled.
Instead, one should use a combination of version + hash, say alpine:3.18.2@sha256:82d1e9d7ed48a7523bdebc18cf6290bdb97b82302a8a9c27d4fe885949ea94d1 for reproducibility reasons. This provides for human readable versions as well as the specific hash.
2) Next, afaik, Compose has removed the need for version tags. All of the compose.yml files that I now use do not specify versions.
See https://github.com/compose-spec/compose-spec/blob/master/04-...
-
Telegraf Deployment Strategies with Docker Compose
Docker Compose v2 specifications provide a useful Secrets feature which may also be used for standalone Compose Application Stacks and not just in Docker Swarm mode. With Docker Secrets the environment variables that contain credentials for other subsystems are mounted into the Telegraf Container as files. These secret files are read through the Docker Secret Store plugin and passed to the respective plugins in a relatively safe manner. By using the Docker Secret Store Plugin, one can also avoid credentials that were previously visible via environment variables, to be now hidden behind runtime secret files within the container. Standard Method with Environment Variables As an example, it is possible to pass the credentials to a plugin via the environment variable placeholder in a telegraf configuration file where the credentials for a plugin exist in a .env file (e.g. MQTT input Plugin)
-
Some options missing for me.
also the docker-compose.yml file is very picky about what you have in it and where. Please read this so you know how to format it https://github.com/compose-spec/compose-spec/blob/master/spec.md
-
Persistent Volume Claim Volume Specific Options?
As part my quadlet helper tool, podlet, I'm adding functionality to convert compose files into k8s yaml to use with quadlet as an alternative to creating a bunch of separate quadlet files, which I've also added functionality for. So I would like to be able to transform the options on compose volumes into k8s yaml. For example, using the volume.podman.io/driver annotation to change the volume driver for a specific volume if possible.
-
New Docker Goodies: Init and Watch
If you find this helpful feature, please leave your feedback and suggestions here.
-
When I create a docker-compose file to deploy multiple containers, do the different versions of each compose file matter?
The compose spec will give what you need. https://github.com/compose-spec/compose-spec/blob/master/spec.md
-
Why Does Everything Say Docker Compose is Deprecated / Dead?
Indeed, as per the compose-spec a lot of what was version specific is going away
-
A compose file visualization tool that follows compose-spec and allows you to gernerate graph in several formats.
Hello everyone, I just made a tool to visualize compose files, and all the parsing rules follow the [compose-spec](https://github.com/compose-spec/compose-spec/blob/master/spec.md). I hope this tool will help you :D
letsencrypt
-
ACME with Google Domains using a DNS Zone in GCS DNS
This seems to be not implemented in certbot, yet: https://github.com/certbot/certbot/issues/6566
-
OpenSpeedTest in docker through DSM Reverse Proxy - incorrect upload speeds
If you do go with NPM or Traefik, under the covers it's using certbot to request/renew your certificates through Let's Encrypt using the DNS-01 challenge, meaning you can get wildcard certs and don't have to futz around with port forwards. Again I'd think Caddy has similar functionality, I just have not used it personally. Raw NGINX you probably don't want to try out yet considering it requires manually doing the configs
- Certbot run.bat file identified as batloader trojan by windows defender. Windows defender alerted me of a trojan which appears to simply be the startup batch script for certbot. Currently running full system scan, but I suspect it to be a false positive. Any ideas?
-
Snap Store administrators removed signal-desktop from Ubuntu Snap
certbot won't be missed. The code quality is pretty poor.
https://github.com/certbot/certbot/issues 5000 bugs and it most of it can be replaced by much smaller tools
-
Good Use Of Golang?
Here’s a good code reference (Python and rust): https://github.com/certbot/certbot
-
Let's Encrypt Certbot Not Working on FreeBSD
I am trying to migrate off of Linux and back to FreeBSD, but I hit a problem today. The Let's Encrypt Certbot is not installing. A bit surprising, given how important it is. So I thought I would notify the community Here is my bug report. https://github.com/certbot/certbot/issues/9394
-
How to update Certbot on Debian 11
Last release: https://github.com/certbot/certbot/releases (on 28th August 2022 = 1.29.0)
-
Uacme: ACMEv2 client written in plain C with minimal dependencies
Right? It’s so ridiculous how you’re supposed to use Snap to install certbot. The (well, one of..) GitHub discussion is just beyond the pale:
https://github.com/certbot/certbot/issues/8345#issuecomment-...
-
Let’s Encrypt Receives the Levchin Prize for Real-World Cryptography
It goes way beyond, since Let's Encrypt influence the ecosystem a lot and the standards that are used.
If you use Let's Encrypt, you are likely using Certbot, which means that everybody uses a tool that a central authority strongly recommends to you.
I wonder how they generate the key, for example, it may be using secp256r1: https://github.com/certbot/certbot/blob/5c111d0bd1206d864d7c...
-
Setting up nginx+letsencrypt as a reverse proxy
# nginx-ingress-https.conf events { } http { include mime.types; server { listen 443 ssl; listen [::]:443 ssl; server_name sg.horlick.me; ssl_certificate /etc/letsencrypt/live/sg.horlick.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sg.horlick.me/privkey.pem; # taken from https://github.com/certbot/certbot/blob/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1440m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; ssl_dhparam /etc/ssl/certs/dhparam.pem; sendfile on; tcp_nopush on; tcp_nodelay on; location / { proxy_pass http://host.docker.internal:9090/; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } } }
What are some alternatives?
docker-pi-hole - Pi-hole in a docker container
acme.sh - A pure Unix shell script implementing ACME client protocol
psutil - Cross-platform lib for process and system monitoring in Python
lego - Let's Encrypt/ACME client and library written in Go
pexpect - A Python module for controlling interactive programs in a pseudo-terminal
dehydrated - letsencrypt/acme client implemented as a shell-script – just add water
SaltStack - Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
Cloud-Init - unofficial mirror of Ubuntu's cloud-init
Fabtools - Tools for writing awesome Fabric files
dehydrated-bigip-ansible - Ansible based hooks for dehydrated to enable ACME certificate automation for F5 BIG-IP systems
Docker Compose - Define and run multi-container applications with Docker