Enhance update of certificates

Update or create the certificates as soon as possible

Procfile

@@ -1,4 +1,3 @@
-nginx: nginx
+nginx: /usr/sbin/nginx
-dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
+dockergen: /usr/local/bin/docker-gen -watch -only-exposed -notify "/app/update_nginx" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
-letsencrypt_dockergen: docker-gen -watch -only-exposed /app/letsencrypt_service_data.tmpl /app/letsencrypt_service_data
 letsencrypt: /app/letsencrypt_service

letsencrypt_service

@@ -2,50 +2,56 @@
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
-echo 'Waiting'
-sleep 10
-
-# Wait some amount of time
 seconds_to_wait=3600
 
-while true; do
+update_certs() {
-  # Load relevant container settings
+    [[ ! -f "$DIR"/letsencrypt_service_data ]] && return
-  source "$DIR"/letsencrypt_service_data
 
-  for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
+    # Load relevant container settings
-    # Derive host and email variable names
+    source "$DIR"/letsencrypt_service_data
-    host_varname="LETSENCRYPT_${cid}_HOST"
-    # Array variable indirection hack: http://stackoverflow.com/a/25880676/350221
-    hosts_array=$host_varname[@]
-    email_varname="LETSENCRYPT_${cid}_EMAIL"
 
-    for domain in "${!hosts_array}"; do
+    for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
+        # Derive host and email variable names
+        host_varname="LETSENCRYPT_${cid}_HOST"
+        # Array variable indirection hack: http://stackoverflow.com/a/25880676/350221
+        hosts_array=$host_varname[@]
+        email_varname="LETSENCRYPT_${cid}_EMAIL"
 
-        # Create the domain directory
+        for domain in "${!hosts_array}"; do
-        mkdir -p /etc/nginx/certs/$domain
-        cd /etc/nginx/certs/$domain
 
-        /opt/simp_le/venv/bin/simp_le \
+            # Create the domain directory
-         -d "$domain" \
+            mkdir -p /etc/nginx/certs/$domain
-         -f fullchain.pem -f key.pem \
+            cd /etc/nginx/certs/$domain
-         --email "${!email_varname}" \
-         --server=https://acme-v01.api.letsencrypt.org/directory \
-         --default_root /usr/share/nginx/html/
 
-        simp_le_return=$?
+            /opt/simp_le/venv/bin/simp_le \
+             -d "$domain" \
+             -f fullchain.pem -f key.pem \
+             --email "${!email_varname}" \
+             --server=https://acme-v01.api.letsencrypt.org/directory \
+             --default_root /usr/share/nginx/html/
 
-        if [[ $simp_le_return -eq 0 ]]; then
+            simp_le_return=$?
-            # Symlink to created certificate and key.
-            ln -sf ./$domain/fullchain.pem /etc/nginx/certs/$domain".crt"
-            ln -sf ./$domain/key.pem       /etc/nginx/certs/$domain".key"
-        fi
 
-        # TODO: Regenerate nginx config if simp_le created a certificate and key
+            if [[ $simp_le_return -eq 0 ]]; then
-        #if [ "$simp_le_return" -eq 0 ]; then nginx -s reload; fi
+                # Symlink to created certificate and key.
+                ln -sf ./$domain/fullchain.pem /etc/nginx/certs/$domain".crt"
+                ln -sf ./$domain/key.pem       /etc/nginx/certs/$domain".key"
+            fi
+        done
     done
-  done
+    unset LETSENCRYPT_CONTAINERS
-  unset LETSENCRYPT_CONTAINERS
+}
 
-  date
+pid=
-  echo "Waiting $seconds_to_wait seconds"; sleep $seconds_to_wait
+trap '[[ $pid ]] && kill $pid; exec $0' EXIT
-done
+trap 'trap - EXIT' INT TERM
+
+echo 'Waiting 10s before updating certs...'
+sleep 10
+
+update_certs
+
+# Wait some amount of time
+sleep $seconds_to_wait & pid=$!
+wait
+pid=

update_certs

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+pkill -f -SIGUSR1 /app/letsencrypt_service

update_nginx

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+docker-gen \
+ -only-exposed \
+ -notify '/app/update_certs' \
+ /app/letsencrypt_service_data.tmpl /app/letsencrypt_service_data
+
+nginx -s reload