From b89af421f6bf4610b4c02f5cf32477ac264c4148 Mon Sep 17 00:00:00 2001 From: David Parrish Date: Sat, 21 Nov 2015 00:27:45 -0500 Subject: [PATCH] Use simp_le client. Use docker-gen to gather data for simp_le --- Dockerfile | 11 +++++++-- Procfile | 1 + letsencrypt_service | 45 +++++++++++++++++++++-------------- letsencrypt_service_data.tmpl | 10 ++++++++ 4 files changed, 47 insertions(+), 20 deletions(-) create mode 100644 letsencrypt_service_data.tmpl diff --git a/Dockerfile b/Dockerfile index 29e4cec..eb65b94 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,9 +11,16 @@ RUN apt-get update \ && rm -r /var/lib/apt/lists/* # Get Let's Encrypt client source -RUN git -C /opt clone https://github.com/letsencrypt/letsencrypt +#RUN git -C /opt clone https://github.com/letsencrypt/letsencrypt +# Get Let's Encrypt simp_le client source +RUN git -C /opt clone https://github.com/kuba/simp_le.git # Install letsencrypt -RUN cd /opt/letsencrypt && ./letsencrypt-auto --help +#RUN cd /opt/letsencrypt && ./letsencrypt-auto --help +# Install simp_le +RUN cd /opt/simp_le && ./bootstrap.sh && ./venv.sh +#&& \ +#RUN /opt/simp_le/venv.sh +# . venv/bin/activate # Testing directory RUN mkdir -p /usr/share/nginx/html/.well-known \ diff --git a/Procfile b/Procfile index 24198b0..e18d1d3 100644 --- a/Procfile +++ b/Procfile @@ -1,3 +1,4 @@ nginx: nginx dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf +letsencrypt_dockergen: docker-gen -watch -only-exposed /app/letsencrypt_service_data.tmpl /app/letsencrypt_service_data letsencrypt: /app/letsencrypt_service diff --git a/letsencrypt_service b/letsencrypt_service index 5ea66a7..ab10618 100755 --- a/letsencrypt_service +++ b/letsencrypt_service @@ -1,31 +1,40 @@ #!/bin/bash +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" echo 'Waiting' sleep 10 # Wait some amount of time -seconds_to_wait=100; +seconds_to_wait=10; while true; do - # for each configuration file, - for f in "/etc/letsencrypt/*.ini"; do - [[ -f "$f" ]] || continue - echo "letsencrypt ${f%.ini}" - domain="${f%.ini}" + # Load relevant conatiner settings + source $DIR/letsencrypt_service_data + + for lec in "${LETSENCRYPT_CONTAINERS[@]}"; do + host_varname="LETSENCRYPT_""$lec""_HOST" + # Array variable indirection hack: http://stackoverflow.com/a/25880676/350221 + hosts_array=$host_varname[@]; echo ${!hosts_array} + + email_varname="LETSENCRYPT_""$lec""_EMAIL"; echo ${!email_varname} # Wait until the threshold is reached for renewing certificate # cat /etc/nginx/certs/ftl3.local.crt | openssl x509 -noout -dates # Or if the certificate doesn't exist - /opt/letsencrypt/letsencrypt-auto certonly --authenticator webroot \ - --webroot-path /usr/share/nginx/html -d $domain - done - date - sleep $seconds_to_wait -done + domain_params="" + for domain in "${!hosts_array}"; do + domain_params+="-d $domain " + done -# Date difference in days -datediff() { - d1=$(date -d "$1" +%s) - d2=$(date -d "$2" +%s) - echo $(( (d1 - d2) / 86400 )) -} + /opt/simp_le/venv/bin/simp_le $domain_params -f fullchain.pem -f key.pem --email ${!email_varname} --default_root /usr/share/nginx/html/ + + # Copy certificates into /etc/nginx/certs + #cp /etc/letsencrypt/live/ + + unset $host_varname; unset $email_varname; unset $hosts_array + done + unset LETSENCRYPT_CONTAINERS + + date + echo "Waiting $seconds_to_wait seconds"; sleep $seconds_to_wait +done diff --git a/letsencrypt_service_data.tmpl b/letsencrypt_service_data.tmpl new file mode 100644 index 0000000..32133c1 --- /dev/null +++ b/letsencrypt_service_data.tmpl @@ -0,0 +1,10 @@ +LETSENCRYPT_CONTAINERS=({{ range $host, $containers := groupBy $ "Env.LETSENCRYPT_HOST" }}{{ range $container := $containers }} '{{ $container.ID }}' {{ end }}{{ end }}) + +{{ range $hosts, $containers := groupBy $ "Env.LETSENCRYPT_HOST" }} + +{{ range $container := $containers }} +LETSENCRYPT_{{ $container.ID }}_HOST=( {{ range $host := split $hosts " " }}'{{ $host }}' {{ end }}) +LETSENCRYPT_{{ $container.ID }}_EMAIL="{{ $container.Env.LETSENCRYPT_EMAIL }}" +{{ end }} + +{{ end }}