This is a container that helps host a website.

Configuration

Requires the following mounts:

• /etc/ssl/certs/<domain>: For certificates, fullchain.pem and privkey.pem. Also includes the control domain. Can be read-only if you don't use the built-in (control server) certificate management.
• /var/www/html/<domain>: Website files, index.html goes right here, mount this read-only

Requires the following environment variables:

• DOMAINS: One or more domains to handle, separated with ,s or spaces
• ACME_CHALLENGE_HOST: The source of .well-known/acme-challenge. Proxied, may be internal. Don't forget to add
• CONTROL_DOMAIN: Domain to access the control server
• CONTROL_TOKEN: Token to access the control server

You're also encouraged to provide your own:

• /etc/ssl/dhparam.pem (read-only), generated with:

  openssl dhparam -out dhparam.pem 4096
  

• /etc/ssl/snakeoil.key (read-only) & /etc/ssl/snakeoil.pem (read-only), generated with:

  openssl req -new -x509 -days 398 -noenc -out snakeoil.pem -keyout snakeoil.key -subj "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
  

• SERVER_ID: Label this server (informational, not used currently)

Control server

Authorize as you normally do with a Bearer token.

If you get an empty response, watch the status code!

Response format:

{
   "status": "ok|client_error|server_error",
   "message": "Optional, human-readable feedback message"
}

Endpoints:

• /: Health check
• /reload: Reloads nginx
• /certificate/<domain>: Uploads a certificate (POST, upload like a form with field names certificate and private_key)

Custom nginx configs

Put custom configuration templates in the /templates/ directory

Stock config files, mount (read-only) to replace:

• Control: control.conf.template (default)
• Website: website.conf.btemplate (default) (not used hence diff extension)
• Specific website: website-$DOMAIN.conf.template (generated)

TODO

• support for multiple domains