Skip to content

Latest commit

 

History

History

Docker

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
est_proxy
est_proxy
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

README.md

Containerized installation

This should be the fastest and most convenient way to deploy est_proxy.

Est_proxy needs to store its configuration file (est_proxy.cfg), certificates, keys and ca_handler handler related files on a persistent data-storage. This datastorage must be mounted inside the container as /usr/local/est_proxy/data.

Installation via dockerhub or ghcr.io

There are ready made images available at dockerhub and ghcr.io which can be installed via regular docker pull command.

user@docker-host:~$ docker pull grindsa/est_proxy

The container can be started with the following command

user@docker-host:~$ mkdir data
user@docker-host:~$ docker network create est
<some random id>
user@docker-host:~$ docker run -d -p 17443:17443 --rm -id --network est --name=est_proxy -v "$(pwd)/data":/usr/local/est_proxy/data/ est_proxy

BYOC

There is also the option to build your own container by using a docker compose file stored in example/Dockerdirectory).

user@docker-host:~/est_proxy/examples/Docker$ docker-compose build --no-cache
Building srv
Step 1/17 : FROM ubuntu:20.04
 ---> 1d622ef86b13
Step 2/17 : LABEL maintainer="[email protected]"
 ---> Running in 03f043052bc9
Removing intermediate container 03f043052bc9
...

After completion est_proxy can be started with.

user@docker-host:~/est_proxy/examples/Docker$ docker-compose up -d

Initial Configuration

The container requires a configuration file est_proxy.cfg stored in the rood of the above mentioned data store. If this file does not exist a default one with the following gets created.

[DEFAULT]
debug: False
connection_log: False

[LOGGING]
log_format: '%(asctime)s - est_proxy - %(levelname)s - %(message)s'

[Daemon]
address = 0.0.0.0
port = 17443
key_file = /usr/local/est_proxy/data/certs/est-srv.key.pem
cert_file = /usr/local/est_proxy/data/certs/est-srv.crt.pem

Both key_file and cert_file will be autogenerated; cert_file will be a self-signed certificate with a validity of 30days. The default configuration must be completed with a CA-Handler configuration; both key_file and cert_file should be replaced.

The container should be visible in the list of active containers

user@docker-host:~$ docker ps
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS              PORTS                                            NAMES
c2560b3cef05        grindsa/est_proxy        "/docker-entrypoint.…"   24 minutes ago      Up 23 minutes       0.0.0.0:17443->17443/tcp                         est_proxy