diff options
| -rw-r--r-- | docker/auto-certbot/Dockerfile | 5 | ||||
| -rwxr-xr-x[-rw-r--r--] | docker/auto-certbot/daemon.bash | 62 | ||||
| -rw-r--r-- | template/docker-compose.yaml.template | 4 |
3 files changed, 71 insertions, 0 deletions
diff --git a/docker/auto-certbot/Dockerfile b/docker/auto-certbot/Dockerfile new file mode 100644 index 0000000..345682c --- /dev/null +++ b/docker/auto-certbot/Dockerfile @@ -0,0 +1,5 @@ +FROM certbot/certbot:latest +ARG CRUPEST_DOMAIN +ARG CRUPEST_CERTBOT_RENEW_COMMAND +COPY daemon.bash /daemon.bash +CMD [ "/daemon.bash" ] diff --git a/docker/auto-certbot/daemon.bash b/docker/auto-certbot/daemon.bash index e69de29..8927c4a 100644..100755 --- a/docker/auto-certbot/daemon.bash +++ b/docker/auto-certbot/daemon.bash @@ -0,0 +1,62 @@ +#!/usr/bin/env bash + +# Check I'm root. +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" 1>&2 + exit 1 +fi + +# Check CRUPEST_CERTBOT_RENEW_COMMAND is defined. +if [ -z "$CRUPEST_CERTBOT_RENEW_COMMAND" ]; then + echo "CRUPEST_CERTBOT_RENEW_COMMAND must be defined." + exit 1 +fi + +# Check CRUPEST_CERT_PATH, default to /etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem +if [ -z "$CRUPEST_CERT_PATH" ]; then + CRUPEST_CERT_PATH="/etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem" +fi + +function check_and_renew_cert() { + expire_info=$(openssl x509 -enddate -noout -in "$CRUPEST_CERT_PATH") + + # Get ssl certificate expire date. + expire_date=$(echo "$expire_info" | cut -d= -f2) + + echo "SSL certificate expire date: $expire_date" + + # Convert expire date to UNIX timestamp. + expire_timestamp="$(date -d "$expire_date" +%s)" + + # Minus expire timestamp with 30 days in UNIX timestamp. + renew_timestamp="$((expire_timestamp - 2592000))" + echo "Renew SSL certificate at: $(date -d @$renew_timestamp)" + + # Get rest time til renew. + rest_time="$((renew_timestamp - $(date +%s)))" + echo "Rest time til renew: $rest_time seconds" + + # Do we have rest time? + if [ "$rest_time" -gt 0 ]; then + # Check CRUPEST_GREEDY_CHECK is defined. + if [ -z "$CRUPEST_GREEDY_CHECK" ]; then + # Sleep til renew. + echo "Sleeping til renew..." + sleep "$rest_time" + else + # Sleep 1 hour. + echo "Seems like CRUPEST_GREEDY_CHECK is defined, sleep 1 day and check again..." + sleep 86400 + fi + else + # No, renew now. + echo "Renewing now..." + # Run CRUPEST_CERTBOT_RENEW_COMMAND + $CRUPEST_CERTBOT_RENEW_COMMAND + fi +} + +# Run check_and_renew_cert in infinate loop. +while true; do + check_and_renew_cert +done diff --git a/template/docker-compose.yaml.template b/template/docker-compose.yaml.template index 8cb617a..431cdaf 100644 --- a/template/docker-compose.yaml.template +++ b/template/docker-compose.yaml.template @@ -24,6 +24,10 @@ services: image: crupest/timeline:latest container_name: timeline restart: on-failure:3 + environment: + - TIMELINE_DisableAutoBackup=true + - TIMELINE_EnableForwardedHeaders=true + - TIMELINE_ForwardedHeadersAllowedProxyHosts=nginx volumes: - ./data/timeline:/root/timeline ports: |