Compare commits
50 commits
d092ee8ecf
...
325ebd3941
Author | SHA1 | Date | |
---|---|---|---|
|
325ebd3941 | ||
|
2c098a03a4 | ||
|
ac86ff8b4b | ||
|
41354bbc95 | ||
|
c0e6b8150b | ||
|
f7da597784 | ||
|
ffed22b2df | ||
|
919706b80e | ||
|
67ca76f7f1 | ||
|
af1549c142 | ||
|
e3bd62e6bd | ||
|
d39cd11605 | ||
|
fb40860f31 | ||
|
e428837559 | ||
|
f1b7533218 | ||
|
cfa66e1387 | ||
|
91f4d3b3c2 | ||
|
b99a8111d8 | ||
|
aa086a76af | ||
|
2a72840be0 | ||
|
397dff920a | ||
|
c7e00ea604 | ||
|
92b8307217 | ||
|
e66b364db7 | ||
|
b921379aa0 | ||
|
8dd7d4605a | ||
|
d11e588f03 | ||
|
9102e82187 | ||
|
5085c7e8df | ||
|
1233c89aff | ||
|
23862852a7 | ||
|
3dde92d4de | ||
|
3e098e8c24 | ||
|
582b83d3fa | ||
|
5d35cad642 | ||
|
5a56ab0bf5 | ||
|
fedf64f2b9 | ||
|
29c0482f29 | ||
|
64b5f71b58 | ||
|
9c1ac56386 | ||
|
aa98a37b8b | ||
|
10f4e97722 | ||
|
ea05dd03e9 | ||
|
f545ef606f | ||
|
4b783cb9f1 | ||
|
24c31e7eb8 | ||
|
da19bd76f8 | ||
|
1068b67884 | ||
|
923d9f1d78 | ||
|
434501ef54 |
3 changed files with 54 additions and 33 deletions
|
@ -1,21 +1,22 @@
|
||||||
pipeline:
|
steps:
|
||||||
publish:
|
publish:
|
||||||
image: "plugins/docker"
|
image: "docker.io/woodpeckerci/plugin-docker-buildx"
|
||||||
settings:
|
settings:
|
||||||
registry: "registry.nulo.in"
|
registry: "https://gitea.nulo.in"
|
||||||
username: "sutty"
|
username: "sutty"
|
||||||
repo: "registry.nulo.in/sutty/certbot-simple"
|
repo: "gitea.nulo.in/sutty/certbot-simple"
|
||||||
tags:
|
tags:
|
||||||
- "${ALPINE_VERSION}"
|
- "${ALPINE_VERSION}"
|
||||||
- "latest"
|
- "latest"
|
||||||
build_args:
|
build_args:
|
||||||
- "ALPINE_VERSION=${ALPINE_VERSION}"
|
- "ALPINE_VERSION=${ALPINE_VERSION}"
|
||||||
- "BASE_IMAGE=registry.nulo.in/sutty/monit"
|
- "BASE_IMAGE=gitea.nulo.in/sutty/monit"
|
||||||
secrets:
|
secrets:
|
||||||
- "docker_password"
|
- "DOCKER_PASSWORD"
|
||||||
when:
|
when:
|
||||||
branch: "antifascista"
|
branch: "antifascista"
|
||||||
event: "push"
|
event: "push"
|
||||||
matrix:
|
matrix:
|
||||||
ALPINE_VERSION:
|
include:
|
||||||
- "3.17.1"
|
- ALPINE_VERSION: "3.20.2"
|
||||||
|
- ALPINE_VERSION: "3.19.3"
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
ARG ALPINE_VERSION=3.13.6
|
ARG ALPINE_VERSION=3.18.3
|
||||||
ARG BASE_IMAGE=sutty/monit
|
ARG BASE_IMAGE=gitea.nulo.in/sutty/monit
|
||||||
FROM ${BASE_IMAGE}:${ALPINE_VERSION}
|
FROM ${BASE_IMAGE}:${ALPINE_VERSION}
|
||||||
MAINTAINER "f <f@sutty.nl>"
|
LABEL org.opencontainers.image.authors="f@sutty.nl"
|
||||||
|
|
||||||
RUN addgroup -S -g 777 ssl
|
RUN addgroup -S -g 777 ssl
|
||||||
RUN apk add --no-cache certbot
|
RUN apk add --no-cache certbot certbot-dns-standalone
|
||||||
|
|
||||||
COPY ./monit.conf /etc/monit.d/certbot.conf
|
COPY ./monit.conf /etc/monit.d/certbot.conf
|
||||||
COPY ./certbotd.sh /usr/local/bin/certbotd
|
COPY ./certbotd.sh /usr/local/bin/certbotd
|
||||||
|
|
50
certbotd.sh
50
certbotd.sh
|
@ -1,46 +1,66 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
ok() {
|
||||||
|
echo "ok - $@" >&2
|
||||||
|
}
|
||||||
|
|
||||||
|
not_ok() {
|
||||||
|
echo "not ok - $@" >&2
|
||||||
|
}
|
||||||
|
|
||||||
lock=/tmp/certbot.lck
|
lock=/tmp/certbot.lck
|
||||||
updated=/tmp/certbot.updated
|
updated=/tmp/certbot.updated
|
||||||
|
|
||||||
ensure() {
|
ensure() {
|
||||||
test -n "$1" && echo "$1 received, exiting gracefully..."
|
test -n "$1" && ok "$1 received, exiting gracefully..."
|
||||||
|
|
||||||
rm -f "${lock}"
|
|
||||||
|
|
||||||
test -f "${updated}" || exit 0
|
|
||||||
|
|
||||||
|
if test -f "${updated}" ; then
|
||||||
rm -f "${updated}"
|
rm -f "${updated}"
|
||||||
|
|
||||||
# Fix permissions, users in group ssl have read access
|
# Fix permissions, users in group ssl have read access
|
||||||
find /etc/letsencrypt -type d | xargs -r chmod 2750
|
find /etc/letsencrypt -type d | xargs -r chmod 2750
|
||||||
find /etc/letsencrypt -type f | xargs -r chmod 640
|
find /etc/letsencrypt -type f | xargs -r chmod 640
|
||||||
chgrp -R ssl /etc/letsencrypt
|
chgrp -R ssl /etc/letsencrypt
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove the lock after synchronization
|
||||||
|
rm -f "${lock}"
|
||||||
|
|
||||||
|
# Exit with the error code
|
||||||
|
exit $1
|
||||||
}
|
}
|
||||||
|
|
||||||
for SIG in TERM QUIT INT HUP; do
|
for SIG in 1 2 3 6 9 14 15; do
|
||||||
trap "ensure ${SIG}" ${SIG}
|
trap "ensure ${SIG}" ${SIG}
|
||||||
done
|
done
|
||||||
|
|
||||||
set -e
|
set -E
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
# Renew certificates, trust in certbot's algorithms
|
# Renew certificates, trust in certbot's algorithms
|
||||||
renew)
|
renew)
|
||||||
/usr/bin/certbot renew --quiet --agree-tos
|
if /usr/bin/certbot renew --quiet --agree-tos ; then
|
||||||
|
ok "Renewed certificates"
|
||||||
touch "${updated}"
|
touch "${updated}"
|
||||||
|
else
|
||||||
|
ret=$?
|
||||||
|
not_ok "Certificate renewal failed"
|
||||||
|
exit $ret
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
bootstrap)
|
bootstrap)
|
||||||
for site in ${SUTTY} ${DOMAINS}; do
|
for site in ${SUTTY} ${DOMAINS}; do
|
||||||
test -d "/etc/letsencrypt/live/${site}" && exit 0
|
test -d "/etc/letsencrypt/live/${site}" && exit 0
|
||||||
|
|
||||||
# Get the certificate for the domain, the webserver will need
|
/usr/bin/certbot \
|
||||||
# access to this directory
|
certonly \
|
||||||
/usr/bin/certbot certonly --email "certbot@${SUTTY}" \
|
--non-interactive \
|
||||||
--webroot \
|
--authenticator "dns-standalone" \
|
||||||
|
--email "certbot@${SUTTY}" \
|
||||||
--agree-tos \
|
--agree-tos \
|
||||||
--webroot-path /var/lib/letsencrypt \
|
-d "${SUTTY}" \
|
||||||
-d "${site}"
|
-d "*.${SUTTY}" \
|
||||||
|
&& touch "${updated}"
|
||||||
|
|
||||||
cd /etc/letsencrypt/live
|
cd /etc/letsencrypt/live
|
||||||
ln -s ${SUTTY} default
|
ln -s ${SUTTY} default
|
||||||
|
@ -55,4 +75,4 @@ case $1 in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
ensure
|
ensure 0
|
||||||
|
|
Loading…
Reference in a new issue