Sutty/containers-certbot
5
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages 1 Wiki Activity

distribute certificates to other nodes

Browse source
This commit is contained in:
f 2020-09-07 20:16:49 -03:00
parent c14f785672
commit bab4a36ce4
3 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Dockerfile
View file

@ -14,8 +14,9 @@ RUN chmod +x /usr/local/bin/certbot
# Add ssl group # Add ssl group
RUN addgroup -S -g 777 ssl RUN addgroup -S -g 777 ssl
# Check monit's config RUN apk add --no-cache openssh-client rsync
RUN monit -t RUN install -dm 2750 -o root -g root /root/.ssh
COPY ./ssh_config /root/.ssh/config
# Access to certificates and challenges # Access to certificates and challenges
VOLUME /etc/letsencrypt VOLUME /etc/letsencrypt

5
certbot.sh
View file

@ -65,7 +65,8 @@ chgrp -R ssl /etc/letsencrypt
# Push certificates to nodes, we use SSH as a secure transport # Push certificates to nodes, we use SSH as a secure transport
# but this means we're synchronizing from container to host which is # but this means we're synchronizing from container to host which is
# awkward. # awkward. A restricted rsync treats / as the remote location for the
# certificates.
for NODE in ${NODES}; do for NODE in ${NODES}; do
rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/srv/sutty/etc/letsencrypt/ rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/
done done

6
ssh_config Normal file
View file

@ -0,0 +1,6 @@
Host *
Protocol 2
IdentityFile /root/certbot
VerifyHostKeyDNS yes
HashKnownHosts yes
StrictHostKeyChecking yes