improvements
This commit is contained in:
parent
1092ac4d76
commit
baaed73a91
@ -1,22 +1,21 @@
|
|||||||
# ACME - snippet to obtain let´s encrpyt certificates authenticated by DNS-01
|
# ACME - snippet to obtain let´s encrpyt certificates authenticated by DNS-01
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
* bash
|
||||||
|
* curl
|
||||||
|
* openssl
|
||||||
|
* cron
|
||||||
|
|
||||||
## Dockerfile:
|
## Dockerfile:
|
||||||
```
|
```
|
||||||
ADD ./snippets/acme/dehydrated /dehydrated/
|
ADD ./snippets/acme/dehydrated /dehydrated/
|
||||||
ADD ./snippets/acme/config /dehydrated/config
|
ADD ./snippets/acme/config /dehydrated/config
|
||||||
ADD ./snippets/acme/get_cert_ddns01.sh /app/get_cert_ddns01.sh
|
ADD ./snippets/acme/get_cert_ddns01.sh /app/get_cert_ddns01.sh
|
||||||
ADD ./snippets/acme/zwackl_hook.sh /app/zwackl_hook.sh
|
ADD ./snippets/acme/zwackl_hook.sh /app/zwackl_hook.sh
|
||||||
|
ADD ./snippets/acme/cronjob.daily /etc/periodic/daily/acme
|
||||||
```
|
```
|
||||||
**Do not forget to include the cron snippet!**
|
**Do not forget to include the cron snippet!**
|
||||||
|
|
||||||
## Cronjob
|
|
||||||
`/etc/periodic/daily/acme`:
|
|
||||||
```
|
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
. /cron_env && /dehydrated/dehydrated --cron -t dns-01 -k /app/zwackl_hook.sh && ${ACME_RELOAD_CMD}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Environment
|
## Environment
|
||||||
* ACME_FQDNS (required)
|
* ACME_FQDNS (required)
|
||||||
* ACME_RELOAD_CMD (required)
|
* ACME_RELOAD_CMD (required)
|
||||||
@ -24,3 +23,4 @@ ADD ./snippets/acme/zwackl_hook.sh /app/zwackl_hook.sh
|
|||||||
* STAGING_URI (optional)
|
* STAGING_URI (optional)
|
||||||
* DDNS01URI (required)
|
* DDNS01URI (required)
|
||||||
* DDNS01KEY (required)
|
* DDNS01KEY (required)
|
||||||
|
* DDNS01_ONECERT (optional)
|
||||||
|
|||||||
@ -10,7 +10,7 @@ if [ ! -z "${ACME_FQDNS+x}" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
if [ ! -d /secrets/ssl ]; then
|
if [ ! -d /secrets/ssl ]; then
|
||||||
mkdir -p /secrets/ssl
|
install -d -m 775 /secrets/ssl
|
||||||
fi
|
fi
|
||||||
if [ ! -z "${ACME_STAGING_ENABLED+x}" ]; then
|
if [ ! -z "${ACME_STAGING_ENABLED+x}" ]; then
|
||||||
STAGING_URI='CA="https://acme-staging-v02.api.letsencrypt.org/directory"' \
|
STAGING_URI='CA="https://acme-staging-v02.api.letsencrypt.org/directory"' \
|
||||||
@ -40,18 +40,15 @@ if [ ! -z "${ACME_FQDNS+x}" ]; then
|
|||||||
fi
|
fi
|
||||||
echo -n "" > /dehydrated/domains.txt
|
echo -n "" > /dehydrated/domains.txt
|
||||||
for fqdn in ${ACME_FQDNS}; do
|
for fqdn in ${ACME_FQDNS}; do
|
||||||
echo "${fqdn}"
|
|
||||||
echo "${ONELINE}" "${fqdn} " >> /dehydrated/domains.txt
|
echo "${ONELINE}" "${fqdn} " >> /dehydrated/domains.txt
|
||||||
if [ ! -d "/secrets/ssl/${fqdn}" ]; then
|
if [ ! -d "/secrets/ssl/${fqdn}" ]; then
|
||||||
mkdir -p "/secrets/ssl/${fqdn}"
|
install -d -m 775 "/secrets/ssl/${fqdn}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ ! -z "${ONELINE}" ]; then
|
if [ ! -z "${ONELINE}" ]; then
|
||||||
echo "" >> /dehydrated/domains.txt
|
echo "" >> /dehydrated/domains.txt
|
||||||
fi
|
fi
|
||||||
chmod +x /app/zwackl_hook.sh
|
chmod +x /app/zwackl_hook.sh
|
||||||
# chmod +x /dehydrated/renew_certs
|
|
||||||
# ln -f -s /dehydrated/renew_certs /etc/periodic/daily/renew_certs
|
|
||||||
if [ -z "$(ls -A /dehydrated/accounts)" ]; then
|
if [ -z "$(ls -A /dehydrated/accounts)" ]; then
|
||||||
cd /dehydrated && /dehydrated/dehydrated --register --accept-terms
|
cd /dehydrated && /dehydrated/dehydrated --register --accept-terms
|
||||||
fi
|
fi
|
||||||
@ -66,7 +63,7 @@ if [ ! -z "${ACME_FQDNS+x}" ]; then
|
|||||||
if [ ! -z "${RUN_DEHYDRATED}" ]; then
|
if [ ! -z "${RUN_DEHYDRATED}" ]; then
|
||||||
/dehydrated/dehydrated --cron -t dns-01 -k /app/zwackl_hook.sh
|
/dehydrated/dehydrated --cron -t dns-01 -k /app/zwackl_hook.sh
|
||||||
fi
|
fi
|
||||||
export CROND_ENABLE='acme'
|
chmod -R +x /dehydrated/certs
|
||||||
else
|
else
|
||||||
echo "Directory /dehydrated not found!"
|
echo "Directory /dehydrated not found!"
|
||||||
exit 1
|
exit 1
|
||||||
|
|||||||
@ -1,29 +1,27 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ ! -z "${CROND_ENABLE+x}" ]; then
|
# serialize ENV for cron-jobs
|
||||||
# serialize ENV for cron-jobs
|
TMP_FILE=/tmp/cron_env
|
||||||
TMP_FILE=/tmp/cron_env
|
OUT_FILE=/cron_env
|
||||||
OUT_FILE=/cron_env
|
echo -n '' > "${OUT_FILE}"
|
||||||
echo -n '' > "${OUT_FILE}"
|
env > "${TMP_FILE}"
|
||||||
env > "${TMP_FILE}"
|
while read -r line; do
|
||||||
while read -r line; do
|
echo "${line}" | grep -q "^PWD="
|
||||||
echo "${line}" | grep -q "^PWD="
|
if [ $? = 0 ]; then
|
||||||
if [ $? = 0 ]; then
|
continue
|
||||||
continue
|
fi
|
||||||
fi
|
echo "${line}" | grep -q "\s"
|
||||||
echo "${line}" | grep -q "\s"
|
if [ $? = 0 ]; then
|
||||||
if [ $? = 0 ]; then
|
# double-quote blank separated values for $(export)
|
||||||
# double-quote blank separated values for $(export)
|
# 1. awk: replace first(!) appearance of = with ="
|
||||||
# 1. awk: replace first(!) appearance of = with ="
|
# 2. awk: replace end of line with double-quotes
|
||||||
# 2. awk: replace end of line with double-quotes
|
QUOTED=$(echo "${line}" | awk '{sub(/=/,"=\"");}1'| awk '{sub(/$/,"\"");}1')
|
||||||
QUOTED=$(echo "${line}" | awk '{sub(/=/,"=\"");}1'| awk '{sub(/$/,"\"");}1')
|
echo "export ${QUOTED}" >> "${OUT_FILE}"
|
||||||
echo "export ${QUOTED}" >> "${OUT_FILE}"
|
else
|
||||||
else
|
echo "export ${line}" >> "${OUT_FILE}"
|
||||||
echo "export ${line}" >> "${OUT_FILE}"
|
fi
|
||||||
fi
|
done <"${TMP_FILE}"
|
||||||
done <"${TMP_FILE}"
|
unlink "${TMP_FILE}"
|
||||||
unlink "${TMP_FILE}"
|
# start crond in background
|
||||||
# start crond in background
|
/usr/sbin/crond -b -S
|
||||||
/usr/sbin/crond -b -S
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user