diff --git a/blueprints/certmate/docker-compose.yml b/blueprints/certmate/docker-compose.yml new file mode 100644 index 00000000..d7dde9dc --- /dev/null +++ b/blueprints/certmate/docker-compose.yml @@ -0,0 +1,33 @@ +version: "3.8" + +services: + certmate: + image: fabriziosalmi/certmate:2.21.3 + environment: + - FLASK_ENV=production + - SECRET_KEY=${SECRET_KEY} # 🔐 Flask session secret + - API_BEARER_TOKEN=${API_BEARER_TOKEN} # 🔐 API / web UI token + - BEHIND_PROXY=${BEHIND_PROXY} + - CLOUDFLARE_TOKEN=${CLOUDFLARE_TOKEN} + - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} + - LOG_LEVEL=${LOG_LEVEL} + ports: + - 8000 + volumes: + - certmate_certificates:/app/certificates + - certmate_data:/app/data + - certmate_logs:/app/logs + - certmate_backups:/app/backups + restart: unless-stopped + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + +volumes: + certmate_certificates: + certmate_data: + certmate_logs: + certmate_backups: diff --git a/blueprints/certmate/instructions.md b/blueprints/certmate/instructions.md new file mode 100644 index 00000000..6a048e3c --- /dev/null +++ b/blueprints/certmate/instructions.md @@ -0,0 +1,13 @@ +# CertMate + +## Getting started + +1. Deploy the template and open the app domain. +2. Log in with the **API bearer token**: it is auto-generated by the template and stored in the `API_BEARER_TOKEN` environment variable (Dokploy → your service → Environment). The same token authenticates REST API requests (`Authorization: Bearer `). +3. In **Settings**, set your Let's Encrypt email and add credentials for your DNS provider (Cloudflare, Route53, etc.) to issue certificates through DNS-01 challenges. + +## Notes + +- `CLOUDFLARE_TOKEN` can optionally be set as an environment variable instead of configuring it in the UI. +- Certificates, application data and backups are persisted in the `certmate_certificates`, `certmate_data` and `certmate_backups` volumes. +- API documentation is available at `/docs/` (Swagger) and `/redoc/` on your domain. diff --git a/blueprints/certmate/logo.png b/blueprints/certmate/logo.png new file mode 100644 index 00000000..1a7b3418 Binary files /dev/null and b/blueprints/certmate/logo.png differ diff --git a/blueprints/certmate/meta.json b/blueprints/certmate/meta.json new file mode 100644 index 00000000..f8be746c --- /dev/null +++ b/blueprints/certmate/meta.json @@ -0,0 +1,18 @@ +{ + "id": "certmate", + "name": "CertMate", + "version": "2.21.3", + "description": "CertMate is an SSL certificate management system with a web UI and REST API. It automates issuing and renewing Let's Encrypt certificates via DNS-01 challenges across 20+ DNS providers, with unified backups and multi-account support.", + "logo": "logo.png", + "links": { + "github": "https://github.com/fabriziosalmi/certmate", + "website": "https://www.certmate.org/", + "docs": "https://www.certmate.org/docs/" + }, + "tags": [ + "ssl", + "certificates", + "security", + "self-hosted" + ] +} diff --git a/blueprints/certmate/template.toml b/blueprints/certmate/template.toml new file mode 100644 index 00000000..48d6228d --- /dev/null +++ b/blueprints/certmate/template.toml @@ -0,0 +1,20 @@ +[variables] +main_domain = "${domain}" +SECRET_KEY = "${password:32}" +API_BEARER_TOKEN = "${password:32}" + +[config] +mounts = [] + +[[config.domains]] +serviceName = "certmate" +port = 8000 +host = "${main_domain}" + +[config.env] +SECRET_KEY = "${SECRET_KEY}" # 🔐 Flask session secret +API_BEARER_TOKEN = "${API_BEARER_TOKEN}" # 🔐 API / web UI token +BEHIND_PROXY = "true" +CLOUDFLARE_TOKEN = "" +LETSENCRYPT_EMAIL = "" +LOG_LEVEL = "INFO"