From cf136e28d8a7b1e97a9b30aaadafc7c493a83cb9 Mon Sep 17 00:00:00 2001 From: Valder Gallo Date: Wed, 27 Jun 2018 21:59:43 -0300 Subject: [PATCH] stop to reacreate keys on restart --- Dockerfile | 2 +- scripts/entrypoint.sh | 29 ++++++++++++++++++----------- scripts/util.sh | 9 +++++---- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index a8b431f..9ce7362 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ FROM nginx -MAINTAINER Elliot Saba +LABEL maintainer="Valder Gallo " VOLUME /etc/letsencrypt EXPOSE 80 diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 0bc1011..63105f4 100644 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -14,28 +14,26 @@ auto_enable_configs nginx -g "daemon off;" & export NGINX_PID=$! -# Next, run certbot to request all the ssl certs we can find -/scripts/run_certbot.sh - # Lastly, run startup scripts for f in /scripts/startup/*.sh; do - if [[ -x "$f" ]]; then + if [ -x "$f" ]; then echo "Running startup script $f" $f fi done echo "Done with startup" -now=$(date) last_sync_file="/etc/letsencrypt/last_sync.txt" -if [[ ! -e "$last_sync_file" ]]; then - mkdir -p /Scripts +if [ ! -e "$last_sync_file" ]; then touch "$last_sync_file" + + # run certbot to request all the ssl certs we can find + echo "Run first time certbot" + /scripts/run_certbot.sh fi -last_sync=$(stat -c %y "$last_sync_file") -updated_days=$(( ($(date -d now +%s) - $(date -d last_sync +%s) )/(60*60*24) )) +one_week_sec=604800 # Instead of trying to run `cron` or something like that, just leep and run `certbot`. while [ true ]; do @@ -43,8 +41,17 @@ while [ true ]; do sleep 604800 & SLEEP_PID=$! - # re-run certbot - /scripts/run_certbot.sh + last_sync_sec=$(stat -c %Y "$last_sync_file") + now_sec=$(date -d now +%s) + runned_sec=$(( ($now_sec - $last_sync_sec) )) + is_finshed_week_sec=$(( ($one_week_sec - $runned_sec) )) + + echo "Not run_certbot.sh" + if [ $is_finshed_week_sec -lt 0 ]; then + # re-run certbot + echo "Run certbot" + /scripts/run_certbot.sh + fi # Wait on sleep so that when we get ctrl-c'ed it kills everything due to our trap wait "$SLEEP_PID" diff --git a/scripts/util.sh b/scripts/util.sh index 7e44201..0be52a6 100644 --- a/scripts/util.sh +++ b/scripts/util.sh @@ -62,14 +62,15 @@ get_certificate() { PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory' STAGING_URL='https://acme-staging.api.letsencrypt.org/directory' - if [[ ! "${IS_STAGING}" = "1" ]]; then + if [ "${IS_STAGING}" = "1" ]; then letsencrypt_url=STAGING_URL - echo "Staging on" - else + echo "Staging ..." + elses letsencrypt_url=PRODUCTION_URL - echo "Production on" + echo "Production ..." fi + echo "running certbot ... $letsencrypt_url" certbot certonly --agree-tos --keep -n --text --email $2 --server \ $letsencrypt_url -d $1 --http-01-port 1337 \ --standalone --standalone-supported-challenges http-01 --debug