This Docker image provides CloudFlare CFSSL based on Alpine Linux
The following volumes are exposed:
| Name | Value | Description |
|---|---|---|
| Cert Store | /etc/cfssl | All of the certificates generated by the server. |
| Trusted Certs | /cfssl_trust | Trusted certificate store. Defaults to certs provided in CFSSL repo. |
The following ports are exposed:
| Name | Value |
|---|---|
| Web | 8080 |
The following environment variables are available for your configuration pleasure:
| Name | Default | Description |
|---|---|---|
| CA_ROOT_URI | URI to root CA API. If blank, the new server will be setup as the root CA. Make sure to include the protocol (such as https://) | |
| CFSSL_CSR | csr_root_ca.json | CSR config file to initialize new server with. This should be in root of the /etc/cfssl mount. |
| CFSSL_CONFIG | ca_root_config.json | Signing profile for the new server. This should be in root of the /etc/cfssl mount. |
| DB_CONFIG | db_config.json | Database configuration file for the new server. This should be in root of the /etc/cfssl mount. |
| DB_ENVIRONMENT | production | Name of database environment. One of development, test, staging, or production, unless you are using a custom Goose dbconf.yml |
| DB_DESTROY | 0 | Will destroy any existing database if set to 1. Forces DB_INIT to 1 |
| DB_INIT | 1 | Will run database migration scripts if set to 1. |
- Add usage instructions
- Lack of HTTPS for API - https://github.com/cloudflare/cfssl/wiki/Add-HTTPS-endpoints-to-CFSSL
Bugs are tracked on GitHub Issues. In case of trouble, please check there to see if your issue has already been reported. If you spotted it first, help us smash it by providing detailed and welcomed feedback.
- Dave Lasley dave@laslabs.com
This module is maintained by LasLabs Inc.