ruhnet
/
leapi
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 2 Wiki Activity
Lets Encrypt certificate renewal API for server cluster and getssl.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
3 Branches
248 KiB
 
Branch: multicert
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'multicert'
${ noResults }
leapi/leapi_config.json.sample

29 lines
2.0 KiB
Raw Permalink Blame History

//RuhNet LEAPI Config file
//configDir set by environment variable LEAPI_CONFDIR, otherwise assumed to be /opt/leapi or ./
{
"hostname":"web1.mydomain.net", //hostname or IP of this particular server; MUST match the server you add to LEAPI. You can use "-" to use the system hostname (must be resolvable by other LEAPI systems).
"primary_domain":"mydomain.net", //the main base domain that is always present
"srv_dir":"/opt/leapi", //LEAPI installed directory
"sync_type":"https", //method of transferring files between LEAPI hosts. "ssh" or "https"
"username":"leapi", //the username to use for file transfer (applies to either http or ssh)
"log_file":"/var/log/leapi.log",
"debug":false,
"frontend_url":"admin.mydomain.net", //the frontend URL, if any (for CORS). Use "-" if none.
"http_server_port":"80", //set to 80 if you are not using a separate web server or proxy. "-" will assume port 80.
"https_server_enable":false, //set to false to disable HTTPS listener (for initial setup, or for using a separate web server/proxy)
"https_server_port":"-", //the port your HTTPS server is running on, whether LEAPI or an external web server/proxy. Set to "-" for default (port 443)
"tls_cert_path_prefix":"/etc/ssl/cert", //file paths DO NOT INCLUDE EXTENSION. "/etc/ssl/cert" will write files "/etc/ssl/cert01.crt", "/etc/ssl/cert02.crt", etc.
"tls_key_path_prefix":"/etc/ssl/privkey",
"tls_chain_path_prefix":"/etc/ssl/chain",
"tls_pem_path_prefix":"/etc/ssl/domain",
"tls_ca_path_prefix":"/etc/ssl/ca",
"max_domains_per_cert":100, //100 max
"letsencrypt_validation_path":"-", //if "-", LEAPI handles this and you don't use a separate web server
"renew_allow_days":"70",
"reload_command":"systemctl reload leapi ; systemctl restart nginx",
"check_port":"443", //the port/service to check to verify cert installation (https/imap/imaps/xmpp/ftp/smtp)
"production":false, //if false, the staging LE server will be used. Set true to use the rate limited real server.
"secret_key":"SecReT_KeY-4API-AuThenTiCaTiON"
}