distribute certificates to other nodes

This commit is contained in:
f 2020-09-07 20:16:49 -03:00
parent c14f785672
commit bab4a36ce4
3 changed files with 12 additions and 4 deletions

View file

@ -14,8 +14,9 @@ RUN chmod +x /usr/local/bin/certbot
# Add ssl group
RUN addgroup -S -g 777 ssl
# Check monit's config
RUN monit -t
RUN apk add --no-cache openssh-client rsync
RUN install -dm 2750 -o root -g root /root/.ssh
COPY ./ssh_config /root/.ssh/config
# Access to certificates and challenges
VOLUME /etc/letsencrypt

View file

@ -65,7 +65,8 @@ chgrp -R ssl /etc/letsencrypt
# Push certificates to nodes, we use SSH as a secure transport
# but this means we're synchronizing from container to host which is
# awkward.
# awkward. A restricted rsync treats / as the remote location for the
# certificates.
for NODE in ${NODES}; do
rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/srv/sutty/etc/letsencrypt/
rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/
done

6
ssh_config Normal file
View file

@ -0,0 +1,6 @@
Host *
Protocol 2
IdentityFile /root/certbot
VerifyHostKeyDNS yes
HashKnownHosts yes
StrictHostKeyChecking yes