π DeploymentΒΆ
π³ DockerΒΆ
Docker imageΒΆ
To deploy the CA, use the following Docker image:
harbor.confirm.ch/ca/ca
Docker commandΒΆ
To deploy the CA service via a simple docker command, use the following CLI arguments:
docker run -d \
--name ca \
-e CA_DNS=ca.example.net \
-e CA_NAME="Example CA" \
-e CA_PROVISIONER=admin \
-p 8443:8443 \
-v ca:/ca \
harbor.confirm.ch/ca/ca
Hint
Itβs recommended to deploy the CA service via Docker Compose.
Docker ComposeΒΆ
Use the following docker-compose.yml file to start the CA:
---
services:
ca:
image: harbor.confirm.ch/ca/ca
environment:
CA_DNS: ca.example.net
CA_NAME: Example CA
CA_PROVISIONER: admin
ports:
- '8443:8443'
volumes:
- ca:/ca
restart: unless-stopped
volumes:
ca:
Then bring the stack up with:
docker compose up -d
Test deploymentΒΆ
To test the deployment, check if you can get the root certificate via step, curl, or wget:
# Get CA certificate via step CLI (on your client).
step ca roots --ca-url https://{FQDN}
# Get CA certificate via curl.
curl --insecure https://{CA FQDN}/roots.pem
# Get CA certificate via wget.
wget --no-check-certificate -O - https://{CA FQDN}/roots.pem
After that, try to get your first certificate via π£ step CLI.
π‘οΈ Reverse proxy deploymentΒΆ
Important
When deploying the CA behind a reverse proxy, please check out the π‘οΈ Reverse proxy chapter.