Deploy to Nomad
Aleff was designed specifically for this architecture so it's the easiest confguration to deploy.
- Nomad configured to register services with Consul.
- Fabio deployed to proxy HTTP access to the services, listening on both port
- Services with
urlprefix-(or similar) tags specifying domain-based routing for Fabio.
- The main aleff processor job requires access to both Consul and Nomad, and the aleff-challenge-responder job requires access to Consul. For more details see the technical architecture section.
Whether you use an external timer or the internal timer (see below) it's important to think about the best interval to use.
Once certificates have been initially obtained the ideal frequency is daily. However, new domains added will then take up to a day to be detected and SSL-enabled. If this is too long you can always force an execution of the job when you add a new domain via the Nomad API or UI.
Aleff can be deployed as either a periodic batch job or a long-running service. The container itself has a very small footprint, only requiring 8Mhz of CPU and 16MB of memory. The only advantage to running as a batch job is that you can set the Docker image to
force_pull = true with the
latest tag to automatically use the latest stable release on each execution.