parsedmarc-dockerized
parsedmarc-dockerized copied to clipboard
dragoangel
Simplify deployment process
My 2cents to simplify building service. Includes
- acme.sh certificates generation
- htpass done within containers
- geoip service as a part of docker-compose
Thank you for your PR, but I do not want put acme stuff here as not everyone will host that on public network or even has option to do so, or use another proxy in front of it. If people want acme sh they can do this by acme on host and do postdeploy to restart docker container. I think this not much hard and provide freedom for both cases to coexist.
About password and readme stuff - I not had time to update this repo, but locally I had success with configuring security pack so Kibana had properly working authorization. Just need find time to automate creation of all nessesary staff in docker entrypoint and this httpdpass will be removed with nicely working user auth :)
About geoip, yes I will change this as well with time. I know about this option.
not everyone will host that on public network
That is why solution designed to work from entirely from internal network. That is how I run it. My setup can be accessed only from my hope network and not from the outside.
If people want acme sh they can do this by acme on host and do postdeploy to restart docker container.
that makes the service dependable on the local configuration. From what I met in the other projects it is fairly common practice to include acme.sh to the stack. And user still have this flexibility to do everything manually, it's just a matter of deleting container.
Just need find time to automate creation of all nessesary staff in docker entrypoint and this httpdpass will be removed with nicely working user auth
Well, you can always delete that once you did that. In the mean time it will help people who are less familiar with the stack to deploy with fewer frictions, and not polluting the host OS (this is what docker for on the first place, right? Ok not just for that but still).
About geoip, yes I will change this as well with time. I know about this option.
I really appreciate your efforts. I can't see how I would have pulled this off. But look, my solution might be not ideal, but my point is again, if it helps people to onboard with the project easier, community is going to grow faster right now. And you can throw away all my crap by a single git revert once you have much greater implementation.
not sure what will be in case when user will recreate (rebuild) container with nginx and there no volume to store acme.sh account and cron to reissue new cert, etc. It should be rechecked.