diff options
| author | crupest <crupest@outlook.com> | 2022-11-23 11:39:43 +0800 |
|---|---|---|
| committer | crupest <crupest@outlook.com> | 2022-11-23 11:39:43 +0800 |
| commit | 8d225386793ae68292308f4c5b429df40b67adb3 (patch) | |
| tree | f228dd85e6c0ac92c6268bc46d72e210987cee2b /docker | |
| parent | 6b6f5f78558938284984879bd2f86e4e1f2a45c3 (diff) | |
| download | crupest-8d225386793ae68292308f4c5b429df40b67adb3.tar.gz crupest-8d225386793ae68292308f4c5b429df40b67adb3.tar.bz2 crupest-8d225386793ae68292308f4c5b429df40b67adb3.zip | |
Fix auto-certbot.
Diffstat (limited to 'docker')
| -rw-r--r-- | docker/auto-certbot/Dockerfile | 10 | ||||
| -rwxr-xr-x | docker/auto-certbot/daemon.bash | 31 |
2 files changed, 31 insertions, 10 deletions
diff --git a/docker/auto-certbot/Dockerfile b/docker/auto-certbot/Dockerfile index 53ab077..e37057b 100644 --- a/docker/auto-certbot/Dockerfile +++ b/docker/auto-certbot/Dockerfile @@ -1,8 +1,14 @@ FROM certbot/certbot:latest ARG CRUPEST_DOMAIN -ARG CRUPEST_CERTBOT_RENEW_COMMAND="" +ARG CRUPEST_AUTO_CERTBOT_ADDITIONAL_PACKAGES="" +ARG CRUPEST_AUTO_CERTBOT_POST_HOOK="" +ARG CRUPEST_AUTO_CERTBOT_RENEW_COMMAND="" # install bash -RUN apk add --no-cache bash +ENV CRUPEST_DOMAIN=${CRUPEST_DOMAIN} +ENV CRUPEST_AUTO_CERTBOT_ADDITIONAL_PACKAGES=${CRUPEST_AUTO_CERTBOT_ADDITIONAL_PACKAGES} +ENV CRUPEST_AUTO_CERTBOT_POST_HOOK=${CRUPEST_AUTO_CERTBOT_POST_HOOK} +ENV CRUPEST_AUTO_CERTBOT_RENEW_COMMAND=${CRUPEST_AUTO_CERTBOT_RENEW_COMMAND} +RUN apk add --no-cache bash ${CRUPEST_AUTO_CERTBOT_ADDITIONAL_PACKAGES} COPY daemon.bash /daemon.bash VOLUME ["/var/www/certbot", "/etc/letsencrypt", "/var/lib/letsencrypt"] ENTRYPOINT [ "/daemon.bash" ] diff --git a/docker/auto-certbot/daemon.bash b/docker/auto-certbot/daemon.bash index de21ba8..10b2a25 100755 --- a/docker/auto-certbot/daemon.bash +++ b/docker/auto-certbot/daemon.bash @@ -1,18 +1,23 @@ #!/usr/bin/env bash +set -e + # Check I'm root. if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi -# Check CRUPEST_CERTBOT_RENEW_COMMAND is defined. -if [ -z "$CRUPEST_CERTBOT_RENEW_COMMAND" ]; then - echo "CRUPEST_CERTBOT_RENEW_COMMAND is not defined or empty" - CRUPEST_CERTBOT_RENEW_COMMAND="certbot renew --webroot -w /var/www/certbot" - printf "Will use:\n%s\n" "$CRUPEST_CERTBOT_RENEW_COMMAND" +# Check certbot version. +certbot --version + +# Check CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined. +if [ -z "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" ]; then + echo "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is not defined or empty" + CRUPEST_AUTO_CERTBOT_RENEW_COMMAND="certbot renew --webroot -w /var/www/certbot" + printf "Will use:\n%s\n" "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" else - printf "CRUPEST_CERTBOT_RENEW_COMMAND is defined as:\n%s\n" "$CRUPEST_CERTBOT_RENEW_COMMAND" + printf "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined as:\n%s\n" "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" fi # Check CRUPEST_CERT_PATH, default to /etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem @@ -20,6 +25,12 @@ if [ -z "$CRUPEST_CERT_PATH" ]; then CRUPEST_CERT_PATH="/etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem" fi +# Check CRUPEST_CERT_PATH exists. +if [ ! -f "$CRUPEST_CERT_PATH" ]; then + echo "Cert file does not exist" + exit 1 +fi + function check_and_renew_cert { expire_info=$(openssl x509 -enddate -noout -in "$CRUPEST_CERT_PATH") @@ -48,8 +59,12 @@ function check_and_renew_cert { else # No, renew now. echo "Renewing now..." - # Run CRUPEST_CERTBOT_RENEW_COMMAND - $CRUPEST_CERTBOT_RENEW_COMMAND + # Run CRUPEST_AUTO_CERTBOT_RENEW_COMMAND + if [ -n "$CRUPEST_AUTO_CERTBOT_POST_HOOK" ]; then + $CRUPEST_AUTO_CERTBOT_RENEW_COMMAND --post-hook "$CRUPEST_AUTO_CERTBOT_POST_HOOK" + else + $CRUPEST_AUTO_CERTBOT_RENEW_COMMAND + fi fi } |