commit a09ac126d7835aa9d394106b39a56efb4ab6f3af
Author: status404 <temp@mailchuck.com>
Date:   Sat Nov 2 13:09:02 2024 +0300

    add dockerfile and scripts

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..eda3036
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,14 @@
+FROM certbot/certbot:latest
+
+#SHELL ["/bin/ash", "-ex", "-c"]
+
+# Install socat
+RUN apk --no-cache add socat
+
+# Copy scripts
+COPY ./docker/scripts/ /etc/scripts/
+RUN chmod 755 /etc/scripts/*.sh
+
+# Expose port 380
+EXPOSE 380
+
diff --git a/scripts/0-create-cert.sh b/scripts/0-create-cert.sh
new file mode 100644
index 0000000..f5a270b
--- /dev/null
+++ b/scripts/0-create-cert.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+if [ ! -f /etc/certificates/site.pem ]; then
+  # Generate self-signed certificate
+  openssl genrsa -out site.key 2048
+  openssl req -new -key site.key -out site.csr -batch
+  openssl x509 -req -days 365 -in site.csr -signkey site.key -out site.crt
+  cat site.key site.crt >> /etc/certificates/site.pem
+fi
+
+
+if [ -n "$DOMAIN" -a -n "$EMAIL" ]; then
+
+  # Request certificate
+  certbot certonly --standalone \
+    --non-interactive --agree-tos --http-01-port=380 \
+    --email "$EMAIL" \
+    --cert-name "$DOMAIN" \
+    -d "$DOMAIN"
+
+  # Concatenate certificates
+  . /etc/scripts/2-concatenate-cert.sh
+
+fi
+
+# Update certificates in HAProxy
+. /etc/scripts/3-update-haproxy-cert.sh
+
diff --git a/scripts/1-renew-cert.sh b/scripts/1-renew-cert.sh
new file mode 100644
index 0000000..eb8724e
--- /dev/null
+++ b/scripts/1-renew-cert.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# Certificates exist
+if [ -n "$DOMAIN" -a -d /etc/letsencrypt/live/"$DOMAIN" ]; then
+  # Check certificates and renew them
+  certbot renew --http-01-port=380
+
+  # Concatenate certificates
+  . /etc/scripts/2-concatenate-cert.sh
+
+  # Update certificates in HAProxy
+  . /etc/scripts/3-update-haproxy-cert.sh
+
+# Certificates don't exist
+else
+  #  Execute certificate creation script
+  . /etc/scripts/0-create-cert.sh
+fi
+
diff --git a/scripts/2-concatenate-cert.sh b/scripts/2-concatenate-cert.sh
new file mode 100644
index 0000000..1cf5652
--- /dev/null
+++ b/scripts/2-concatenate-cert.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+cd /etc/letsencrypt/live/"$DOMAIN"
+
+if [ -f fullchain.pem -a -f privkey.pem ]; then
+  cat fullchain.pem privkey.pem > /etc/certificates/site.pem
+fi
+
diff --git a/scripts/3-update-haproxy-cert.sh b/scripts/3-update-haproxy-cert.sh
new file mode 100644
index 0000000..74fe3a6
--- /dev/null
+++ b/scripts/3-update-haproxy-cert.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Start transaction
+echo -e "set ssl cert /usr/local/etc/haproxy/certificates/site.pem <<\n$(cat /etc/certificates/site.pem)\n" | socat tcp-connect:haproxy:9999 -
+
+# Commit transaction
+echo "commit ssl cert /usr/local/etc/haproxy/certificates/site.pem" | socat tcp-connect:haproxy:9999 -
+
+# Show certification info (not essential)
+echo "show ssl cert /usr/local/etc/haproxy/certificates/site.pem" | socat tcp-connect:haproxy:9999 -
+