distribute certificates to other nodes

2020-09-07 20:16:49 -03:00 · 2020-09-07 20:16:49 -03:00 · bab4a36ce4
commit bab4a36ce4
parent c14f785672
3 changed files with 12 additions and 4 deletions
--- a/5
+++ b/5
@ -14,8 +14,9 @@ RUN chmod +x /usr/local/bin/certbot
 # Add ssl group
 RUN addgroup -S -g 777 ssl

-# Check monit's config
-RUN monit -t
+RUN apk add --no-cache openssh-client rsync
+RUN install -dm 2750 -o root -g root /root/.ssh
+COPY ./ssh_config /root/.ssh/config

 # Access to certificates and challenges
 VOLUME /etc/letsencrypt
--- a/certbot.sh
+++ b/certbot.sh
@ -65,7 +65,8 @@ chgrp -R ssl /etc/letsencrypt

 # Push certificates to nodes, we use SSH as a secure transport
 # but this means we're synchronizing from container to host which is
-# awkward.
+# awkward.  A restricted rsync treats / as the remote location for the
+# certificates.
 for NODE in ${NODES}; do
-  rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/srv/sutty/etc/letsencrypt/
+  rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/
 done
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+Host *
+  Protocol 2
+  IdentityFile /root/certbot
+  VerifyHostKeyDNS yes
+  HashKnownHosts yes
+  StrictHostKeyChecking yes