add dockerfile and scripts
This commit is contained in:
14
Dockerfile
Normal file
14
Dockerfile
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
FROM certbot/certbot:latest
|
||||||
|
|
||||||
|
#SHELL ["/bin/ash", "-ex", "-c"]
|
||||||
|
|
||||||
|
# Install socat
|
||||||
|
RUN apk --no-cache add socat
|
||||||
|
|
||||||
|
# Copy scripts
|
||||||
|
COPY ./docker/scripts/ /etc/scripts/
|
||||||
|
RUN chmod 755 /etc/scripts/*.sh
|
||||||
|
|
||||||
|
# Expose port 380
|
||||||
|
EXPOSE 380
|
||||||
|
|
||||||
30
scripts/0-create-cert.sh
Normal file
30
scripts/0-create-cert.sh
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ ! -f /etc/certificates/site.pem ]; then
|
||||||
|
# Generate self-signed certificate
|
||||||
|
openssl genrsa -out site.key 2048
|
||||||
|
openssl req -new -key site.key -out site.csr -batch
|
||||||
|
openssl x509 -req -days 365 -in site.csr -signkey site.key -out site.crt
|
||||||
|
cat site.key site.crt >> /etc/certificates/site.pem
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ -n "$DOMAIN" -a -n "$EMAIL" ]; then
|
||||||
|
|
||||||
|
# Request certificate
|
||||||
|
certbot certonly --standalone \
|
||||||
|
--non-interactive --agree-tos --http-01-port=380 \
|
||||||
|
--email "$EMAIL" \
|
||||||
|
--cert-name "$DOMAIN" \
|
||||||
|
-d "$DOMAIN"
|
||||||
|
|
||||||
|
# Concatenate certificates
|
||||||
|
. /etc/scripts/2-concatenate-cert.sh
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Update certificates in HAProxy
|
||||||
|
. /etc/scripts/3-update-haproxy-cert.sh
|
||||||
|
|
||||||
19
scripts/1-renew-cert.sh
Normal file
19
scripts/1-renew-cert.sh
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Certificates exist
|
||||||
|
if [ -n "$DOMAIN" -a -d /etc/letsencrypt/live/"$DOMAIN" ]; then
|
||||||
|
# Check certificates and renew them
|
||||||
|
certbot renew --http-01-port=380
|
||||||
|
|
||||||
|
# Concatenate certificates
|
||||||
|
. /etc/scripts/2-concatenate-cert.sh
|
||||||
|
|
||||||
|
# Update certificates in HAProxy
|
||||||
|
. /etc/scripts/3-update-haproxy-cert.sh
|
||||||
|
|
||||||
|
# Certificates don't exist
|
||||||
|
else
|
||||||
|
# Execute certificate creation script
|
||||||
|
. /etc/scripts/0-create-cert.sh
|
||||||
|
fi
|
||||||
|
|
||||||
8
scripts/2-concatenate-cert.sh
Normal file
8
scripts/2-concatenate-cert.sh
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
cd /etc/letsencrypt/live/"$DOMAIN"
|
||||||
|
|
||||||
|
if [ -f fullchain.pem -a -f privkey.pem ]; then
|
||||||
|
cat fullchain.pem privkey.pem > /etc/certificates/site.pem
|
||||||
|
fi
|
||||||
|
|
||||||
11
scripts/3-update-haproxy-cert.sh
Normal file
11
scripts/3-update-haproxy-cert.sh
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Start transaction
|
||||||
|
echo -e "set ssl cert /usr/local/etc/haproxy/certificates/site.pem <<\n$(cat /etc/certificates/site.pem)\n" | socat tcp-connect:haproxy:9999 -
|
||||||
|
|
||||||
|
# Commit transaction
|
||||||
|
echo "commit ssl cert /usr/local/etc/haproxy/certificates/site.pem" | socat tcp-connect:haproxy:9999 -
|
||||||
|
|
||||||
|
# Show certification info (not essential)
|
||||||
|
echo "show ssl cert /usr/local/etc/haproxy/certificates/site.pem" | socat tcp-connect:haproxy:9999 -
|
||||||
|
|
||||||
Reference in New Issue
Block a user