fossilfranv/nginx_docker-swag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

re-rename

Browse Source
This commit is contained in:
ahgraber 2021-02-15 20:33:26 -05:00
parent 69350f9921
commit a7da3be9ae
9 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
root/app/le_renew.sh → root/app/le-renew.sh
View File

0
root/defaults/deploy/01-deploy_certs.sh → root/defaults/deploy/01_deploy-certs.sh
View File

0
root/etc/cont-init.d/00-s6_secret_init.sh → root/etc/cont-init.d/00_s6-secret-init.sh
View File

0
root/etc/cont-init.d/01-add_user.sh → root/etc/cont-init.d/01_add-user.sh
View File

0
root/etc/cont-init.d/02-set_timezone.sh → root/etc/cont-init.d/02_set-timezone.sh
View File

0
root/etc/cont-init.d/10-permissions.sh → root/etc/cont-init.d/10_permissions.sh
View File

31
root/etc/cont-init.d/50-lets_encrypt.sh → root/etc/cont-init.d/50_lets-encrypt.sh
View File

@ -53,9 +53,9 @@ ln -s /config/crontabs /etc/crontabs
# Copy deploy hook defaults if needed # Copy deploy hook defaults if needed
# [[ -z "$(ls -A /letsencrypt/renewal-hooks/deploy)" ]] && \ # [[ -z "$(ls -A /letsencrypt/renewal-hooks/deploy)" ]] && \
[[ ! -f /config/deploy/01-deploy_certs.sh ]] && \ [[ ! -f /config/deploy/01_deploy-certs.sh ]] && \
echo "Copying deploy hooks..." && \ echo "Copying deploy hooks..." && \
cp -n /defaults/deploy/01-deploy_certs.sh /config/deploy/ cp -n /defaults/deploy/01_deploy-certs.sh /config/deploy/
chmod +x /config/deploy/* chmod +x /config/deploy/*
# Link /config/deploy # Link /config/deploy
echo "Linking /config/deploy -> /etc/letsencrypt/renewal-hooks/deploy ..." echo "Linking /config/deploy -> /etc/letsencrypt/renewal-hooks/deploy ..."
@ -132,14 +132,14 @@ echo "${VALIDATION:="DNS"} validation via ${DNSPLUGIN} plugin is selected"
# NOTE: Skip, handled in deploy hook # NOTE: Skip, handled in deploy hook
# # Set the symlink for key location # # Set the symlink for key location
# rm -rf /letsencrypt/keys # rm -rf /letsencrypt/keys
# if [ "${ONLY_SUBDOMAINS}" = "true" ] && [ ! "${SUBDOMAINS}" = "wildcard" ] ; then if [ "${ONLY_SUBDOMAINS}" = "true" ] && [ ! "${SUBDOMAINS}" = "wildcard" ] ; then
# DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${TLD}" DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${TLD}"
# # LE_LOC="../etc/letsencrypt/live/${DOMAIN}" LINEAGE="../etc/letsencrypt/live/${DOMAIN}"
# ln -s /letsencrypt/live/"${DOMAIN}" /letsencrypt/keys # ln -s /letsencrypt/live/"${DOMAIN}" /letsencrypt/keys
# else else
# # LE_LOC="../etc/letsencrypt/live/${TLD}" LINEAGE="../etc/letsencrypt/live/${TLD}"
# ln -s /letsencrypt/live/"${TLD}" /letsencrypt/keys # ln -s /letsencrypt/live/"${TLD}" /letsencrypt/keys
# fi fi
# # [[ ! -d "${LE_LOC}" ]] && \ # # [[ ! -d "${LE_LOC}" ]] && \
# # mkdir -p ${LE_LOC} # # mkdir -p ${LE_LOC}
# # ln -s ${LE_LOC} /letsencrypt # # ln -s ${LE_LOC} /letsencrypt
@ -147,17 +147,18 @@ echo "${VALIDATION:="DNS"} validation via ${DNSPLUGIN} plugin is selected"
# Check for changes in cert variables; revoke certs if necessary # Check for changes in cert variables; revoke certs if necessary
if [ ! "${TLD}" = "${ORIGTLD}" ] || [ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ] || [ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ] || [ ! "${STAGING}" = "${ORIGSTAGING}" ]; then if [ ! "${TLD}" = "${ORIGTLD}" ] || [ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ] || [ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ] || [ ! "${STAGING}" = "${ORIGSTAGING}" ]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [ "${ORIGONLY_SUBDOMAINS}" = "true" ] && [ ! "${ORIGSUBDOMAINS}" = "wildcard" ]; then # if [ "${ORIGONLY_SUBDOMAINS}" = "true" ] && [ ! "${ORIGSUBDOMAINS}" = "wildcard" ]; then
ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGTLD}" # ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGTLD}"
else # else
ORIGDOMAIN="${ORIGTLD}" # ORIGDOMAIN="${ORIGTLD}"
fi # fi
if [ "${ORIGSTAGING}" = "true" ]; then if [ "${ORIGSTAGING}" = "true" ]; then
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory" REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else else
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi fi
[[ -f /etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]] && certbot revoke --non-interactive --cert-path /etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} # [[ -f /etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]] && certbot revoke --non-interactive --cert-path /etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
[[ -f "${LINEAGE}"/fullchain.pem ]] && certbot revoke --non-interactive --cert-path "${LINEAGE}"/fullchain.pem --server ${REV_ACMESERVER}
rm -rf /etc/letsencrypt rm -rf /etc/letsencrypt
mkdir -p /etc/letsencrypt mkdir -p /etc/letsencrypt
fi fi
@ -170,7 +171,9 @@ if [ ! -f "/letsencrypt/fullchain.pem" ]; then
echo "Generating new certificate" echo "Generating new certificate"
# shellcheck disable=SC2086 # shellcheck disable=SC2086
certbot certonly --non-interactive --force-renewal --server ${ACMESERVER} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${TLD_REAL} certbot certonly --non-interactive --force-renewal --server ${ACMESERVER} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${TLD_REAL}
RENEWED_LINEAGE="/etc/letsencrypt/live/${LINEAGE}"
echo $(printenv) echo $(printenv)
echo "RENEWED_LINEAGE is ${RENEWED_LINEAGE}"
/usr/bin/with-contenv bash /etc/letsencrypt/renewal-hooks/deploy/01-deploy_certs.sh /usr/bin/with-contenv bash /etc/letsencrypt/renewal-hooks/deploy/01-deploy_certs.sh
if [ -f /letsencrypt/fullchain.pem ]; then if [ -f /letsencrypt/fullchain.pem ]; then

2
root/etc/cont-init.d/60-renewal_init.sh → root/etc/cont-init.d/60_renewal-init.sh
View File

@ -10,6 +10,6 @@ if openssl x509 -in /letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null
echo "Letting the cron script handle the renewal attempts overnight (2:08am)." echo "Letting the cron script handle the renewal attempts overnight (2:08am)."
else else
echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes." echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes."
/app/le_renew.sh /app/le-renew.sh
sleep 1 sleep 1
fi fi

0
scripts/archive/01-add_user.sh → scripts/archive/01_add-user.sh
View File