fossilfranv/nginx_docker-swag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added PKCS12_PASSWORD description in readme

Browse Source 
Updated readme-vars.yml to include description about the PKCS12_PASSWORD option.
This commit is contained in:
beredim 2022-07-07 00:42:37 +03:00 committed by GitHub
parent 02b1ff03e1
commit ca3f7fc972
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
readme-vars.yml
View File

@ -58,6 +58,7 @@ opt_param_env_vars:
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
- { env_var: "PKCS12_PASSWORD", env_value: "", desc: "Optional password for the PKCS12 privkey.pfx. If not set, privkey.pfx is generated without a password." }
opt_param_usage_include_vols: false
opt_param_volumes:
- { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." }
@ -115,7 +116,7 @@ app_setup_block: |
2. *(More secure)* Mount the SWAG folder `etc` that resides under `/config` in other containers (ie. `-v /path-to-le-config/etc:/le-ssl`) and in the other containers, use the cert location `/le-ssl/letsencrypt/live/<your.domain.url>/` (This is more secure because the first method shares the entire SWAG config folder with other containers, including the www files, whereas the second method only shares the ssl certs)
* These certs include:
1. `cert.pem`, `chain.pem`, `fullchain.pem` and `privkey.pem`, which are generated by Certbot and used by nginx and various other apps
2. `privkey.pfx`, a format supported by Microsoft and commonly used by dotnet apps such as Emby Server (no password)
2. `privkey.pfx`, a format supported by Microsoft and commonly used by dotnet apps such as Emby Server (default: no password)
3. `priv-fullchain-bundle.pem`, a pem cert that bundles the private key and the fullchain, used by apps like ZNC
### Using fail2ban