Implements custom ACME servers #371
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Thanks for opening this pull request! Be sure to follow the pull request template!
Code mostly taken from: tashian@564e0d8 Co-authored-by: Carl Tashian <[email protected]>
andrewmzhang
force-pushed
the
custom-acme-server
branch
from
34157ae to
4d46d70
Compare
|
I am a bot, here are the test results for this PR:
|
1 similar comment
|
I am a bot, here are the test results for this PR:
|
|
I'm not opposed to the intention to allow custom acme servers, but I'd like to get #339 merged first. |
|
Apologies, I didn't see that there was already a PR (#204) that was closed for inactivity. I mistakenly thought that tashian just never made a PR. |
|
#339 has been merged, so this will need to be rebased. |
|
This pull request has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This pull request is locked due to inactivity |
Code mostly taken from: tashian@564e0d8
Description:
Implements custom ACME server. This PR introduces 2 environment variables that will allow you to point swag towards a custom ACME server (as opposed to Let's Encrypt or ZeroSSL) and to trust the custom ACME's root certificate.
Benefits of this PR and context:
Swag's ACME process is designed for issuing SSL certs to publicly available domains. With this PR, users with internal/private domains can issue SSL certs by pointing swag towards their own ACME servers. This functionality is impossible with Lets Encrypt or ZeroSSL since internal domains cannot be resolved or reached outside of their private networks.
How Has This Been Tested?
I setup a Step ACME server following the guide here[1]. Then I setup a swag docker instance on a separate device with my changes to the code. I also tested running a portainer docker instance via an nginx subdomain proxy to make sure SSL worked for both the my internal domain and internal subdomain.
Source / References: