fossilfranv/nginx_docker-swag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

re-rename

Browse Source
This commit is contained in:
ahgraber 2021-02-15 20:33:26 -05:00
parent 69350f9921
commit a7da3be9ae
9 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
root/app/le_renew.sh → root/app/le-renew.sh
View File

0
root/defaults/deploy/01-deploy_certs.sh → root/defaults/deploy/01_deploy-certs.sh
View File

0
root/etc/cont-init.d/00-s6_secret_init.sh → root/etc/cont-init.d/00_s6-secret-init.sh
View File

0
root/etc/cont-init.d/01-add_user.sh → root/etc/cont-init.d/01_add-user.sh
View File

0
root/etc/cont-init.d/02-set_timezone.sh → root/etc/cont-init.d/02_set-timezone.sh
View File

0
root/etc/cont-init.d/10-permissions.sh → root/etc/cont-init.d/10_permissions.sh
View File

31
root/etc/cont-init.d/50-lets_encrypt.sh → root/etc/cont-init.d/50_lets-encrypt.sh
View File

@ -53,9 +53,9 @@ ln -s /config/crontabs /etc/crontabs
# Copy deploy hook defaults if needed
# [[ -z "$(ls -A /letsencrypt/renewal-hooks/deploy)" ]] && \
[[ ! -f /config/deploy/01-deploy_certs.sh ]] && \
[[ ! -f /config/deploy/01_deploy-certs.sh ]] && \
echo "Copying deploy hooks..." && \
cp -n /defaults/deploy/01-deploy_certs.sh /config/deploy/
cp -n /defaults/deploy/01_deploy-certs.sh /config/deploy/
chmod +x /config/deploy/*
# Link /config/deploy
echo "Linking /config/deploy -> /etc/letsencrypt/renewal-hooks/deploy ..."
@ -132,14 +132,14 @@ echo "${VALIDATION:="DNS"} validation via ${DNSPLUGIN} plugin is selected"
# NOTE: Skip, handled in deploy hook
# # Set the symlink for key location
# rm -rf /letsencrypt/keys
# if [ "${ONLY_SUBDOMAINS}" = "true" ] && [ ! "${SUBDOMAINS}" = "wildcard" ] ; then
# DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${TLD}"
# # LE_LOC="../etc/letsencrypt/live/${DOMAIN}"
if [ "${ONLY_SUBDOMAINS}" = "true" ] && [ ! "${SUBDOMAINS}" = "wildcard" ] ; then
DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${TLD}"
LINEAGE="../etc/letsencrypt/live/${DOMAIN}"
# ln -s /letsencrypt/live/"${DOMAIN}" /letsencrypt/keys
# else
# # LE_LOC="../etc/letsencrypt/live/${TLD}"
else
LINEAGE="../etc/letsencrypt/live/${TLD}"
# ln -s /letsencrypt/live/"${TLD}" /letsencrypt/keys
# fi
fi
# # [[ ! -d "${LE_LOC}" ]] && \
# # mkdir -p ${LE_LOC}
# # ln -s ${LE_LOC} /letsencrypt
@ -147,17 +147,18 @@ echo "${VALIDATION:="DNS"} validation via ${DNSPLUGIN} plugin is selected"
# Check for changes in cert variables; revoke certs if necessary
if [ ! "${TLD}" = "${ORIGTLD}" ] || [ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ] || [ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ] || [ ! "${STAGING}" = "${ORIGSTAGING}" ]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [ "${ORIGONLY_SUBDOMAINS}" = "true" ] && [ ! "${ORIGSUBDOMAINS}" = "wildcard" ]; then
ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGTLD}"
else
ORIGDOMAIN="${ORIGTLD}"
fi
# if [ "${ORIGONLY_SUBDOMAINS}" = "true" ] && [ ! "${ORIGSUBDOMAINS}" = "wildcard" ]; then
# ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGTLD}"
# else
# ORIGDOMAIN="${ORIGTLD}"
# fi
if [ "${ORIGSTAGING}" = "true" ]; then
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi
[[ -f /etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]] && certbot revoke --non-interactive --cert-path /etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
# [[ -f /etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]] && certbot revoke --non-interactive --cert-path /etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
[[ -f "${LINEAGE}"/fullchain.pem ]] && certbot revoke --non-interactive --cert-path "${LINEAGE}"/fullchain.pem --server ${REV_ACMESERVER}
rm -rf /etc/letsencrypt
mkdir -p /etc/letsencrypt
fi
@ -170,7 +171,9 @@ if [ ! -f "/letsencrypt/fullchain.pem" ]; then
echo "Generating new certificate"
# shellcheck disable=SC2086
certbot certonly --non-interactive --force-renewal --server ${ACMESERVER} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${TLD_REAL}
RENEWED_LINEAGE="/etc/letsencrypt/live/${LINEAGE}"
echo $(printenv)
echo "RENEWED_LINEAGE is ${RENEWED_LINEAGE}"
/usr/bin/with-contenv bash /etc/letsencrypt/renewal-hooks/deploy/01-deploy_certs.sh
if [ -f /letsencrypt/fullchain.pem ]; then

2
root/etc/cont-init.d/60-renewal_init.sh → root/etc/cont-init.d/60_renewal-init.sh
View File

@ -10,6 +10,6 @@ if openssl x509 -in /letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null
echo "Letting the cron script handle the renewal attempts overnight (2:08am)."
else
echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes."
/app/le_renew.sh
/app/le-renew.sh
sleep 1
fi

0
scripts/archive/01-add_user.sh → scripts/archive/01_add-user.sh
View File