github.com/mikenomitch/caddy-tlsnomad

Release v0.0.2

Caddy TLS Certmagic support for Consul K/V

Homepage Go Go Documentation

License
Apache-2.0
Install
go get github.com/mikenomitch/caddy-tlsnomad

Documentation

TO DOs

  • Test manually locally
  • Clean up

Caddy Certmagic TLS cluster support for Nomad Variables

Nomad Variable Storage for Caddy TLS data.

This cluster plugin enables Caddy 2 to store TLS data like keys and certificates as Nomad Variables so you don't have to rely on a shared filesystem. This allows you to use Caddy 2 in distributed environment and use a centralized storage for auto-generated certificates that is shared between all Caddy instances.

The version of this plugin in the master branch supports Caddy 2.0.0+ using CertMagic's Storage Interface

Older versions

This will only work with Caddy 2.

Configuration

Caddy configuration

You need to specify nomad as the storage module in Caddy's configuration. This can be done in the config file of using the admin API.

JSON (reference)

{
  "admin": {
    "listen": "0.0.0.0:2019"
  },
  "storage": {
    "module": "nomad",
    "address": "localhost:4646",
    "prefix": "caddytls",
    "token": "nomad-access-token",
  }
}

Caddyfile (reference)

{
    storage nomad {
           address      "127.0.0.1:4646"
           token        "nomad-access-token"
           timeout      10
           prefix       "caddytls"
           value_prefix "myprefix"
           aes_key      "nomadtls-1234567890-caddytls-32"
           tls_enabled  "false"
           tls_insecure "true"
    }
}

Nomad configuration

Because this plugin uses the official Nomad API client you can use all ENV variables like nomad_HTTP_ADDR or nomad_HTTP_TOKEN to define your Nomad address and token. For more information see https://github.com/hashicorp/nomad/blob/master/api/api.go

Without any further configuration a running Nomad on 127.0.0.1:4646 is assumed.

There are additional ENV variables for this plugin:

  • CADDY_CLUSTERING_nomad_PREFIX defines the prefix for the keys in the Variable. Default is caddytls

Nomad ACL Policy

To access Nomad you need a token with a valid ACL policy. Assuming you configured cadytls as your Variable path prefix you can use the following settings:

namespace "default" {
  variables {
    path "cadytls/*" {
      capabilities = ["write", "read", "destroy"]
    }
  }
}

Acknowledgements

This plugin code is based off of pteich/caddy-tlsconsul, big thanks to pteich for that.

Stats

Dependencies
49
Dependent packages
0
Dependent repositories
0
Total releases
2
Latest release
First release
Stars
8
Forks
0
Watchers
1
Contributors
1
Repository size
118 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

v0.0.2
v0.0.1

Contributors

Mike Nomitch


See all contributors

Login to resync this project