Added PKCS12_PASSWORD description in readme
Updated readme-vars.yml to include description about the PKCS12_PASSWORD option.
This commit is contained in:
beredim
GitHub
parent
02b1ff03e1
commit
ca3f7fc972
@ -58,6 +58,7 @@ opt_param_env_vars:
|
|||||||
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
||||||
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
|
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
|
||||||
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
|
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
|
||||||
|
- { env_var: "PKCS12_PASSWORD", env_value: "", desc: "Optional password for the PKCS12 privkey.pfx. If not set, privkey.pfx is generated without a password." }
|
||||||
opt_param_usage_include_vols: false
|
opt_param_usage_include_vols: false
|
||||||
opt_param_volumes:
|
opt_param_volumes:
|
||||||
- { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." }
|
- { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." }
|
||||||
@ -115,7 +116,7 @@ app_setup_block: |
|
|||||||
2. *(More secure)* Mount the SWAG folder `etc` that resides under `/config` in other containers (ie. `-v /path-to-le-config/etc:/le-ssl`) and in the other containers, use the cert location `/le-ssl/letsencrypt/live/<your.domain.url>/` (This is more secure because the first method shares the entire SWAG config folder with other containers, including the www files, whereas the second method only shares the ssl certs)
|
2. *(More secure)* Mount the SWAG folder `etc` that resides under `/config` in other containers (ie. `-v /path-to-le-config/etc:/le-ssl`) and in the other containers, use the cert location `/le-ssl/letsencrypt/live/<your.domain.url>/` (This is more secure because the first method shares the entire SWAG config folder with other containers, including the www files, whereas the second method only shares the ssl certs)
|
||||||
* These certs include:
|
* These certs include:
|
||||||
1. `cert.pem`, `chain.pem`, `fullchain.pem` and `privkey.pem`, which are generated by Certbot and used by nginx and various other apps
|
1. `cert.pem`, `chain.pem`, `fullchain.pem` and `privkey.pem`, which are generated by Certbot and used by nginx and various other apps
|
||||||
2. `privkey.pfx`, a format supported by Microsoft and commonly used by dotnet apps such as Emby Server (no password)
|
2. `privkey.pfx`, a format supported by Microsoft and commonly used by dotnet apps such as Emby Server (default: no password)
|
||||||
3. `priv-fullchain-bundle.pem`, a pem cert that bundles the private key and the fullchain, used by apps like ZNC
|
3. `priv-fullchain-bundle.pem`, a pem cert that bundles the private key and the fullchain, used by apps like ZNC
|
||||||
|
|
||||||
### Using fail2ban
|
### Using fail2ban
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user