mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-12-12 14:06:05 +01:00
add lego example
parent
8499bbaf59
commit
de5e7e8a3b
@ -109,6 +109,25 @@ export WEBSOCKET_ENABLED=true
|
||||
|
||||
You should now be able to reach your bitwarden_rs instance at https://bwrs.example.com.
|
||||
|
||||
## Getting certs using the `lego` CLI
|
||||
|
||||
In the DuckDNS example above, Caddy used the [`lego`](https://github.com/go-acme/lego) library to get certs via DNS challenge.
|
||||
`lego` also has a CLI that you can use to get certs directly, e.g. if you want to a reverse proxy other than Caddy.
|
||||
|
||||
Here's an example of how to do this:
|
||||
|
||||
1. Download a pre-built `lego` binary for your system from https://github.com/go-acme/lego. Extract the contents to some directory, say, `/usr/local/lego`.
|
||||
2. From that directory, run `DUCKDNS_TOKEN=<token> ./lego -a --dns duckdns -d my-bwrs.duckdns.org -m me@example.com run`,
|
||||
substituting appropriate values for the token, domain, and email address. This registers you with Let's Encrypt and
|
||||
fetches a certificate for your domain.
|
||||
3. Set up a weekly cron job to run `DUCKDNS_TOKEN=<token> ./lego --dns duckdns -d my-bwrs.duckdns.org -m me@example.com renew`.
|
||||
This renews your certificate as it nears expiration.
|
||||
|
||||
In this example, the generated outputs you need to configure your reverse proxy with are:
|
||||
|
||||
* `/usr/local/lego/.lego/certificates/my-bwrs.duckdns.org.crt` (certificate)
|
||||
* `/usr/local/lego/.lego/certificates/my-bwrs.duckdns.org.key` (private key)
|
||||
|
||||
## References
|
||||
|
||||
### DNS Challenge
|
||||
|
Loading…
Reference in New Issue
Block a user