From 1a4422ecb37ecc10db351528783fce79f05c23f6 Mon Sep 17 00:00:00 2001
From: JrCs <90z7oey02@sneakemail.com>
Date: Sun, 22 Nov 2015 16:34:28 +0100
Subject: [PATCH] Enhance update of certificates

Update or create the certificates as soon as possible
---
 Procfile            |  5 ++-
 letsencrypt_service | 78 ++++++++++++++++++++++++---------------------
 update_certs        |  3 ++
 update_nginx        |  8 +++++
 4 files changed, 55 insertions(+), 39 deletions(-)
 create mode 100755 update_certs
 create mode 100755 update_nginx

diff --git a/Procfile b/Procfile
index e18d1d3..e76aad9 100644
--- a/Procfile
+++ b/Procfile
@@ -1,4 +1,3 @@
-nginx: nginx
-dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
-letsencrypt_dockergen: docker-gen -watch -only-exposed /app/letsencrypt_service_data.tmpl /app/letsencrypt_service_data
+nginx: /usr/sbin/nginx
+dockergen: /usr/local/bin/docker-gen -watch -only-exposed -notify "/app/update_nginx" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
 letsencrypt: /app/letsencrypt_service
diff --git a/letsencrypt_service b/letsencrypt_service
index 17c74d3..b0f240b 100755
--- a/letsencrypt_service
+++ b/letsencrypt_service
@@ -2,50 +2,56 @@
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
-echo 'Waiting'
-sleep 10
-
-# Wait some amount of time
 seconds_to_wait=3600
 
-while true; do
-  # Load relevant container settings
-  source "$DIR"/letsencrypt_service_data
+update_certs() {
+    [[ ! -f "$DIR"/letsencrypt_service_data ]] && return
 
-  for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
-    # Derive host and email variable names
-    host_varname="LETSENCRYPT_${cid}_HOST"
-    # Array variable indirection hack: http://stackoverflow.com/a/25880676/350221
-    hosts_array=$host_varname[@]
-    email_varname="LETSENCRYPT_${cid}_EMAIL"
+    # Load relevant container settings
+    source "$DIR"/letsencrypt_service_data
 
-    for domain in "${!hosts_array}"; do
+    for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
+        # Derive host and email variable names
+        host_varname="LETSENCRYPT_${cid}_HOST"
+        # Array variable indirection hack: http://stackoverflow.com/a/25880676/350221
+        hosts_array=$host_varname[@]
+        email_varname="LETSENCRYPT_${cid}_EMAIL"
 
-        # Create the domain directory
-        mkdir -p /etc/nginx/certs/$domain
-        cd /etc/nginx/certs/$domain
+        for domain in "${!hosts_array}"; do
 
-        /opt/simp_le/venv/bin/simp_le \
-         -d "$domain" \
-         -f fullchain.pem -f key.pem \
-         --email "${!email_varname}" \
-         --server=https://acme-v01.api.letsencrypt.org/directory \
-         --default_root /usr/share/nginx/html/
+            # Create the domain directory
+            mkdir -p /etc/nginx/certs/$domain
+            cd /etc/nginx/certs/$domain
 
-        simp_le_return=$?
+            /opt/simp_le/venv/bin/simp_le \
+             -d "$domain" \
+             -f fullchain.pem -f key.pem \
+             --email "${!email_varname}" \
+             --server=https://acme-v01.api.letsencrypt.org/directory \
+             --default_root /usr/share/nginx/html/
 
-        if [[ $simp_le_return -eq 0 ]]; then
-            # Symlink to created certificate and key.
-            ln -sf ./$domain/fullchain.pem /etc/nginx/certs/$domain".crt"
-            ln -sf ./$domain/key.pem       /etc/nginx/certs/$domain".key"
-        fi
+            simp_le_return=$?
 
-        # TODO: Regenerate nginx config if simp_le created a certificate and key
-        #if [ "$simp_le_return" -eq 0 ]; then nginx -s reload; fi
+            if [[ $simp_le_return -eq 0 ]]; then
+                # Symlink to created certificate and key.
+                ln -sf ./$domain/fullchain.pem /etc/nginx/certs/$domain".crt"
+                ln -sf ./$domain/key.pem       /etc/nginx/certs/$domain".key"
+            fi
+        done
     done
-  done
-  unset LETSENCRYPT_CONTAINERS
+    unset LETSENCRYPT_CONTAINERS
+}
 
-  date
-  echo "Waiting $seconds_to_wait seconds"; sleep $seconds_to_wait
-done
+pid=
+trap '[[ $pid ]] && kill $pid; exec $0' EXIT
+trap 'trap - EXIT' INT TERM
+
+echo 'Waiting 10s before updating certs...'
+sleep 10
+
+update_certs
+
+# Wait some amount of time
+sleep $seconds_to_wait & pid=$!
+wait
+pid=
diff --git a/update_certs b/update_certs
new file mode 100755
index 0000000..40fc0e6
--- /dev/null
+++ b/update_certs
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+pkill -f -SIGUSR1 /app/letsencrypt_service
diff --git a/update_nginx b/update_nginx
new file mode 100755
index 0000000..91c10e9
--- /dev/null
+++ b/update_nginx
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+docker-gen \
+ -only-exposed \
+ -notify '/app/update_certs' \
+ /app/letsencrypt_service_data.tmpl /app/letsencrypt_service_data
+
+nginx -s reload