{"id":31132378,"url":"https://github.com/gocom/self-signer","last_synced_at":"2026-05-08T06:53:21.930Z","repository":{"id":301437740,"uuid":"1009259012","full_name":"gocom/self-signer","owner":"gocom","description":"Docker image for generating self-signed certificates","archived":false,"fork":false,"pushed_at":"2025-07-17T19:30:24.000Z","size":15,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-05-08T06:52:59.383Z","etag":null,"topics":["certificate-authority","certificate-generator","docker-container","docker-image","self-signed-certificate","signer"],"latest_commit_sha":null,"homepage":"https://github.com/gocom/self-signer/pkgs/container/self-signer","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gocom.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-26T20:50:35.000Z","updated_at":"2025-07-17T19:49:42.000Z","dependencies_parsed_at":"2025-06-26T22:46:45.881Z","dependency_job_id":"107424bc-3d82-4d35-ad4d-ef3cbb4e447e","html_url":"https://github.com/gocom/self-signer","commit_stats":null,"previous_names":["gocom/self-signer"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/gocom/self-signer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocom%2Fself-signer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocom%2Fself-signer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocom%2Fself-signer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocom%2Fself-signer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gocom","download_url":"https://codeload.github.com/gocom/self-signer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocom%2Fself-signer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32770544,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T02:36:36.067Z","status":"ssl_error","status_checked_at":"2026-05-08T02:36:07.210Z","response_time":54,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate-authority","certificate-generator","docker-container","docker-image","self-signed-certificate","signer"],"created_at":"2025-09-18T04:59:48.903Z","updated_at":"2026-05-08T06:53:21.895Z","avatar_url":"https://github.com/gocom.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"Self-signer\n=====\n\nImage: `ghcr.io/gocom/self-signer` | [Container Registry](https://github.com/gocom/self-signer/pkgs/container/self-signer)\n\nDocker image that generates a self-signed root and matching server certificate. This can be used for local development\nenvironments to easily provide self-signed certificates for your web server. The root certificate can be imported\nto OS' or browser's trusted certificates to allow HTTPS testing.\n\nThe generated server certificate is granted against the generated root certificate, which then can be loaded in\na web server or other server client. The server certificate is a wildcard certificate that is valid for the domain set\nwith `DOMAIN` environment variable, and it's subdomains.\n\n⚡ Setup\n-----\n\nThe **self-signer** image generates certificates to `/certificates` directory within the container, when the service\nis started. New certificates are only generated, if the directory does not already contain the certificate files. The\ndirectory can be mounted to the host system and from there to any other containers that would need the certificates. The\ngenerated certificates can be configured with environment variables passed down to the container.\n\n### With Docker Compose\n\nDocker Compose is a common way to orchestrate containers in local development environments. When using Docker Compose,\nthe **self-signer** service and the generated certificates can be configured from your project's `compose.yml`\nconfiguration file. For example:\n\n```yml\nservices:\n self-signer:\n image: ghcr.io/gocom/self-signer:0.1.0\n volumes:\n - ./certificates:/certificates\n environment:\n - DOMAIN=example.test\n```\n\nIn the above, replace `0.1.0` with the version tag you want to use. It is recommended that you reference specific\nversion or hash. The image follows [Semantic Versioning](https://semver.org/).\n\nWhen the project's services are started with Docker Compose, the **self-signer** service creates certificate files\nto the mounted `certificates` directory, located in the project's root directory. The server certificate will be valid\nfor `example.test` domain, and it's subdomains.\n\nIf other services depend on the self-signer's certificates, try to add `depends_on`\ndeclaration to the other dependant service. The `service_completed_successfully` condition can be used here, as by\ndefault, the self-signer container only runs once, creating the certificates and then shutting down.\n\n```yml\nservices:\n # ...\n nginx:\n # ...\n volumes:\n # ...\n - ./certificates:/certificates\n depends_on:\n # ...\n self-signer:\n condition: service_completed_successfully\n```\n\nAlternative, one could run the `self-signer` manually before starting other services:\n\n```shell\n$ docker compose run --rm self-signer\n```\n\n### Excluding files from version control\n\nIt is recommended that you exclude the root certificate key and pem from version control, so that unwanted parties can\nnot grant fraudulent signed certificates using it. For instance, if you are using git as the version control system, you\ncould add the following to your repository's root `.gitignore` file:\n\n```gitignore\n/certificates/*\n!/certificates/root-ca.crt\n!/certificates/certificate.crt\n!/certificates/certificate.key\n!/certificates/certificate.pem\n```\n\nThe above will ignore all files under `certificates` directory, except the actual root certificate file,\nand all server certificate files including the key. You can also ignore the root certificate and all server certificate\nfiles, but the actual root certificate, the server certificate, and it's key are theoretically safe to commit to the\nrepository as long as you do not add the server certificate to your trusted certificates, but do trusting only using the\nroot certificate. Generally, no one will be able to generate new certificates validated by the root certificate as long\nas they do not have the root certificate's key.\n\n🫧 Environment variables\n-----\n\nThe following environment variables can be used to customize the generated certificates.\n\n| Variable | Default Value | Description |\n|----------------------------|---------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `DOMAIN` | _empty_ | Defines which domains the certificate is generated for. The generated certificate is valid for the given domain and it's subdomains. |\n| `CERTIFICATE_DAYS` | `3650` | How many days the generated root and server certificates are valid for. |\n| `CERTIFICATE_COUNTRY` | `US` | Certificate country code. |\n| `CERTIFICATE_STATE` | `CA` | Certificate state code. |\n| `CERTIFICATE_ORGANIZATION` | `Self-signed Local Certificate` | Certificate organization. |\n| `HOST_UID` | `1000` | If the service is started as root, maps the default start up command's user to the specified UID. Generated files will be owned by the specified user. |\n| `HOST_GID` | `1000` | If the service is started as root, maps the default start up command's group as the specified GID. Generated files will be owned by the specified group. |\n\n📁 Generated files\n-----\n\nThe image will generate the following files into the `/certificates` directory inside the container, from where they can\nbe mounted to the host system:\n\n| Filename | Description |\n|-------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `certificate.crt` | Generated server certificate. If neither `certificate.crt` and `certificate.key` exist, they are generated on the container startup, if the start up command is not overridden. |\n| `certificate.key` | Generated unencrypted key for the server certificate. The key is not encrypted to allow easier use in local development environment's server clients. |\n| `certificate.pem` | Generated server certificate in PEM format, containing both the key and the certificate. |\n| `root-ca.crt` | Generated root certificate, that could be imported to host OS' trusted certificates. |\n| `root-ca.key` | Generated unencrypted key for the root certificate. Please avoid sharing or committing the root certificate key to your source repository. If both the `root-ca.crt` and `root-ca.key` exist, new server certificate is generated using the existing root certificate. |\n| `root-ca.pem` | Generated server certificate in PEM format, containing both the key and the certificate. Please avoid sharing or committing the PEM file to your source repository. |\n\n🥈 Advanced usage\n-----\n\n### Manually conditionally generating certificate, if it does not exist\n\nIf you need to manually invoke certificate generation, it can be performed by running the included `create-certificate`\nutility. It will create new certificate, if one does not already exist:\n\n```shell\ndocker run --rm --volume ./certificates:/certificates create-certificate\n```\n\n### Manually generating new certificates\n\nIf you need to manually generate new certificates, overwriting any existing ones, it can be performed by running\nthe included `create-root-certificate` and `create-server-certificate` utilities:\n\n```shell\ndocker run --rm --volume ./certificates:/certificates create-root-certificate\ndocker run --rm --volume ./certificates:/certificates create-server-certificate\n```\n\nPlease note that the above will overwrite any existing certificate files.\n\n### Health check\n\nThe image also contains `health-check` utility, which can be used in cases where you need a long-running service,\nor if you want to build conditional restarting based on whether the certificates still exist. An illustrative example\nusing Docker Compose:\n\n```yml\nservices:\n # ...\n self-signer:\n image: ghcr.io/gocom/self-signer:0.1.0\n volumes:\n - ./certificates:/certificates\n environment:\n - DOMAIN=example.test\n command: /bin/sh -c 'create-certificate \u0026\u0026 tail -f /dev/null'\n healthcheck:\n test: [\"CMD-SHELL\", \"health-check\"]\n interval: 10s\n retries: 5\n start_period: 30s\n timeout: 10s\n```\n\nThe `tail -f /dev/null` start up command override will make so that the service keeps running, allowing other service to\ncheck the healthcheck status of the self-signer service.\n\n🛠️ Development\n-----\n\nSee [CONTRIBUTING.md](https://raw.github.com/gocom/self-signer/master/CONTRIBUTING.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgocom%2Fself-signer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgocom%2Fself-signer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgocom%2Fself-signer/lists"}