GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mesosphere → letsencrypt-dcos

mesosphere / letsencrypt-dcos

Licence: other
Let's Encrypt DC/OS!

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects
shell
77523 projects

Labels

letsencryptmarathonhaproxydcosmarathon-lbdcos-networking-guild

Projects that are alternatives of or similar to letsencrypt-dcos

Marathon Lb
Marathon-lb is a service discovery & load balancing tool for DC/OS
Stars: ✭ 449 (+1051.28%)
Mutual labels:  letsencrypt, marathon, haproxy, dcos
docker-haproxy-certbot
Dockerized HAProxy with Let's Encrypt certificates automatic renewal
Stars: ✭ 28 (-28.21%)
Mutual labels:  letsencrypt, haproxy
Dcos
DC/OS - The Datacenter Operating System
Stars: ✭ 2,316 (+5838.46%)
Mutual labels:  marathon, dcos
Traefik
The Cloud Native Application Proxy
Stars: ✭ 36,089 (+92435.9%)
Mutual labels:  letsencrypt, marathon
Linkerdcosdockerfile
Linker Dcos DockerFile&DockerCompose yml file
Stars: ✭ 8 (-79.49%)
Mutual labels:  marathon, dcos
Docker Cloud Platform
使用Docker构建云平台,Docker云平台系列共三讲,Docker基础、Docker进阶、基于Docker的云平台方案。OpenStack+Docker+RestAPI+OAuth/HMAC+RabbitMQ/ZMQ+OpenResty/HAProxy/Nginx/APIGateway+Bootstrap/AngularJS+Ansible+K8S/Mesos/Marathon构建/探索微服务最佳实践。
Stars: ✭ 86 (+120.51%)
Mutual labels:  marathon, haproxy
resty-marathon-lb
基于 OpenResty 的 Marathon 服务发现 & 路由
Stars: ✭ 13 (-66.67%)
Mutual labels:  marathon, marathon-lb
drax
DC/OS Resilience Automated Xenodiagnosis tool
Stars: ✭ 42 (+7.69%)
Mutual labels:  dcos, dcos-networking-guild
dklb
Expose Kubernetes services and ingresses through EdgeLB.
Stars: ✭ 13 (-66.67%)
Mutual labels:  dcos, dcos-networking-guild
dcos-oauth
DC/OS OAuth Service (only used up to DC/OS version 1.12)
Stars: ✭ 22 (-43.59%)
Mutual labels:  dcos, dcos-networking-guild
etcd-top
etcd realtime workload analyzer
Stars: ✭ 34 (-12.82%)
Mutual labels:  dcos, dcos-networking-guild
dcos-autoscaler
Autoscaler for DC/OS hosted in a cloud provider
Stars: ✭ 12 (-69.23%)
Mutual labels:  marathon, dcos
dcos-deploy
Deploy, manage and orchestrate services and apps on DC/OS
Stars: ✭ 21 (-46.15%)
Mutual labels:  marathon, dcos
Panteras
PanteraS - PaaS - Platform as a Service in a box
Stars: ✭ 189 (+384.62%)
Mutual labels:  marathon, haproxy
net-modules
Apache Mesos modules for network isolation.
Stars: ✭ 56 (+43.59%)
Mutual labels:  dcos, dcos-networking-guild
marathon-slack
Integration for Marathon's Event Bus with Slack
Stars: ✭ 42 (+7.69%)
Mutual labels:  marathon, dcos
dcos-openvpn
No description or website provided.
Stars: ✭ 14 (-64.1%)
Mutual labels:  dcos, dcos-networking-guild
star
Test program for network policies.
Stars: ✭ 19 (-51.28%)
Mutual labels:  dcos, dcos-networking-guild
micro-service-practice
OpenStack+Docker+RestAPI+OAuth/HMAC+RabbitMQ/ZMQ+OpenResty/HAProxy/Nginx/APIGateway+Bootstrap/AngularJS+Ansible+K8S/Mesos/Marathon构建/探索微服务最佳实践。
Stars: ✭ 25 (-35.9%)
Mutual labels:  marathon, haproxy
dcos-net
A networking layer of DC/OS
Stars: ✭ 44 (+12.82%)
Mutual labels:  dcos, dcos-networking-guild
View All Similar Projects ➔

Let's Encrypt DC/OS!

This repository is now deprecated, and this project has moved to https://github.com/dcos-labs/letsencrypt-dcos

This is a sample Marathon app for encrypting your Marathon-lb HAProxy endpoints using Let's Encrypt. With this, you can automatically generate and renew valid SSL certs with Marathon-lb.

Getting started

Clone (or manually copy) this repo, and modify the letsencrypt-dcos.json file to include:

  • The list of hostnames (must be FQDNs) for which you want to generate SSL certs (in HAPROXY_0_VHOST)
  • An admin email address for your certificate (in LETSENCRYPT_EMAIL)
  • The Marathon API endpoint (in MARATHON_URL)
  • The Marathon-lb app ID (in MARATHON_LB_ID)
  • Ensure you have at least 2 or more public agents in your DC/OS cluster, and that marathon-lb is scaled out to more than 1 public agent. Deploying this app requires this since it entails restarting marathon-lb.

Now launch the letsencrypt-dcos Marathon app:

$ dcos marathon app add letsencrypt-dcos.json

There are 2 test apps included, based on openresty, which you can use to test everything. Have a look in the test/ directory within the repo.

How does it work?

The app includes 2 scripts: run.sh and post_cert.py. The first script (run.sh) will generate the initial SSL cert and POST the cert to Marathon for Marathon-lb. It will then attempt to renew & update the cert every 24 hours. The post_cert.py script will compare the current cert in Marathon to the current live cert, and update it as necessary. post_cert.py is called after the initial cert is generated, and again every 24 hours after a renewal attempt.

A persistent volume called data is mounted inside the container at /etc/letsencrypt which contains the certificates and other generated state.

Limitations

  • You may only have up to 100 domains per cert.
  • Let's Encrypt currently has rate limits, such as issuing a maximum of 5 certs per set of domains per week.
  • Currently, when the cert is updated, it requires a full redeploy of Marathon-lb. This means there may be a few seconds of downtime as the deployment occurs. This can be mitigated by placing another LB (such as an ELB or F5) in front of HAProxy.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].