From 43a2b720f67c9385dea9106224bb517f2b47be8d Mon Sep 17 00:00:00 2001 From: Valder Gallo Date: Wed, 27 Jun 2018 17:27:42 -0300 Subject: [PATCH 1/9] add staging url for develop --- scripts/util.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/scripts/util.sh b/scripts/util.sh index d7b60e3..4585fa9 100644 --- a/scripts/util.sh +++ b/scripts/util.sh @@ -59,7 +59,18 @@ auto_enable_configs() { # EMAIL environment variable, to register the proper support email address. get_certificate() { echo "Getting certificate for domain $1 on behalf of user $2" + PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory' + STAGING_URL='https://acme-staging.api.letsencrypt.org/directory' + + if [[ ! "${IS_STAGING}" = "1" ]]; then + LETSENCRYPT_URL=STAGING_URL + echo "Staging on" + else + LETSENCRYPT_URL=PRODUCTION_URL + echo "Production on" + fi + certbot certonly --agree-tos --keep -n --text --email $2 --server \ - https://acme-v01.api.letsencrypt.org/directory -d $1 --http-01-port 1337 \ + $LETSENCRYPT_URL -d $1 --http-01-port 1337 \ --standalone --standalone-supported-challenges http-01 --debug } From 91af6eaabc132ccd0f1972f265b412666e40b25d Mon Sep 17 00:00:00 2001 From: Valder Gallo Date: Wed, 27 Jun 2018 20:13:11 -0300 Subject: [PATCH 2/9] update datetime --- scripts/entrypoint.sh | 11 +++++++++++ scripts/util.sh | 6 +++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index b6445bf..0bc1011 100644 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -26,6 +26,17 @@ for f in /scripts/startup/*.sh; do done echo "Done with startup" +now=$(date) +last_sync_file="/etc/letsencrypt/last_sync.txt" + +if [[ ! -e "$last_sync_file" ]]; then + mkdir -p /Scripts + touch "$last_sync_file" +fi + +last_sync=$(stat -c %y "$last_sync_file") +updated_days=$(( ($(date -d now +%s) - $(date -d last_sync +%s) )/(60*60*24) )) + # Instead of trying to run `cron` or something like that, just leep and run `certbot`. while [ true ]; do # Sleep for 1 week diff --git a/scripts/util.sh b/scripts/util.sh index 4585fa9..7e44201 100644 --- a/scripts/util.sh +++ b/scripts/util.sh @@ -63,14 +63,14 @@ get_certificate() { STAGING_URL='https://acme-staging.api.letsencrypt.org/directory' if [[ ! "${IS_STAGING}" = "1" ]]; then - LETSENCRYPT_URL=STAGING_URL + letsencrypt_url=STAGING_URL echo "Staging on" else - LETSENCRYPT_URL=PRODUCTION_URL + letsencrypt_url=PRODUCTION_URL echo "Production on" fi certbot certonly --agree-tos --keep -n --text --email $2 --server \ - $LETSENCRYPT_URL -d $1 --http-01-port 1337 \ + $letsencrypt_url -d $1 --http-01-port 1337 \ --standalone --standalone-supported-challenges http-01 --debug } From cf136e28d8a7b1e97a9b30aaadafc7c493a83cb9 Mon Sep 17 00:00:00 2001 From: Valder Gallo Date: Wed, 27 Jun 2018 21:59:43 -0300 Subject: [PATCH 3/9] stop to reacreate keys on restart --- Dockerfile | 2 +- scripts/entrypoint.sh | 29 ++++++++++++++++++----------- scripts/util.sh | 9 +++++---- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index a8b431f..9ce7362 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ FROM nginx -MAINTAINER Elliot Saba +LABEL maintainer="Valder Gallo " VOLUME /etc/letsencrypt EXPOSE 80 diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 0bc1011..63105f4 100644 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -14,28 +14,26 @@ auto_enable_configs nginx -g "daemon off;" & export NGINX_PID=$! -# Next, run certbot to request all the ssl certs we can find -/scripts/run_certbot.sh - # Lastly, run startup scripts for f in /scripts/startup/*.sh; do - if [[ -x "$f" ]]; then + if [ -x "$f" ]; then echo "Running startup script $f" $f fi done echo "Done with startup" -now=$(date) last_sync_file="/etc/letsencrypt/last_sync.txt" -if [[ ! -e "$last_sync_file" ]]; then - mkdir -p /Scripts +if [ ! -e "$last_sync_file" ]; then touch "$last_sync_file" + + # run certbot to request all the ssl certs we can find + echo "Run first time certbot" + /scripts/run_certbot.sh fi -last_sync=$(stat -c %y "$last_sync_file") -updated_days=$(( ($(date -d now +%s) - $(date -d last_sync +%s) )/(60*60*24) )) +one_week_sec=604800 # Instead of trying to run `cron` or something like that, just leep and run `certbot`. while [ true ]; do @@ -43,8 +41,17 @@ while [ true ]; do sleep 604800 & SLEEP_PID=$! - # re-run certbot - /scripts/run_certbot.sh + last_sync_sec=$(stat -c %Y "$last_sync_file") + now_sec=$(date -d now +%s) + runned_sec=$(( ($now_sec - $last_sync_sec) )) + is_finshed_week_sec=$(( ($one_week_sec - $runned_sec) )) + + echo "Not run_certbot.sh" + if [ $is_finshed_week_sec -lt 0 ]; then + # re-run certbot + echo "Run certbot" + /scripts/run_certbot.sh + fi # Wait on sleep so that when we get ctrl-c'ed it kills everything due to our trap wait "$SLEEP_PID" diff --git a/scripts/util.sh b/scripts/util.sh index 7e44201..0be52a6 100644 --- a/scripts/util.sh +++ b/scripts/util.sh @@ -62,14 +62,15 @@ get_certificate() { PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory' STAGING_URL='https://acme-staging.api.letsencrypt.org/directory' - if [[ ! "${IS_STAGING}" = "1" ]]; then + if [ "${IS_STAGING}" = "1" ]; then letsencrypt_url=STAGING_URL - echo "Staging on" - else + echo "Staging ..." + elses letsencrypt_url=PRODUCTION_URL - echo "Production on" + echo "Production ..." fi + echo "running certbot ... $letsencrypt_url" certbot certonly --agree-tos --keep -n --text --email $2 --server \ $letsencrypt_url -d $1 --http-01-port 1337 \ --standalone --standalone-supported-challenges http-01 --debug From b5b887d8af9e4711baf65f9d457928ffa5f4aeed Mon Sep 17 00:00:00 2001 From: Valder Gallo Date: Wed, 27 Jun 2018 22:05:20 -0300 Subject: [PATCH 4/9] add old manteiner --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9ce7362..93126d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ FROM nginx -LABEL maintainer="Valder Gallo " +LABEL maintainer="Elliot Saba , Valder Gallo " VOLUME /etc/letsencrypt EXPOSE 80 From 418560a7bed4ee188e5678e25b18e6e981ecdab0 Mon Sep 17 00:00:00 2001 From: Valder Gallo Date: Wed, 27 Jun 2018 22:19:19 -0300 Subject: [PATCH 5/9] fix util sh --- scripts/util.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/util.sh b/scripts/util.sh index 0be52a6..68f4a8d 100644 --- a/scripts/util.sh +++ b/scripts/util.sh @@ -63,15 +63,15 @@ get_certificate() { STAGING_URL='https://acme-staging.api.letsencrypt.org/directory' if [ "${IS_STAGING}" = "1" ]; then - letsencrypt_url=STAGING_URL + letsencrypt_url=$STAGING_URL echo "Staging ..." - elses - letsencrypt_url=PRODUCTION_URL + else + letsencrypt_url=$PRODUCTION_URL echo "Production ..." fi - echo "running certbot ... $letsencrypt_url" + echo "running certbot ... $letsencrypt_url $1 $2" certbot certonly --agree-tos --keep -n --text --email $2 --server \ $letsencrypt_url -d $1 --http-01-port 1337 \ - --standalone --standalone-supported-challenges http-01 --debug + --standalone --preferred-challenges http-01 --debug } From d9ba3628330397c65dab50c86cd25050edc539c1 Mon Sep 17 00:00:00 2001 From: Valder Gallo Date: Wed, 27 Jun 2018 23:34:43 -0300 Subject: [PATCH 6/9] add register script bash --- scripts/register.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 scripts/register.sh diff --git a/scripts/register.sh b/scripts/register.sh new file mode 100644 index 0000000..61ab856 --- /dev/null +++ b/scripts/register.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory' +STAGING_URL='https://acme-staging.api.letsencrypt.org/directory' + +if [ "${IS_STAGING}" = "1" ]; then + letsencrypt_url=$STAGING_URL + echo "Staging ..." +else + letsencrypt_url=$PRODUCTION_URL + echo "Production ..." +fi + +echo "running certbot ... $letsencrypt_url $1 $2" +certbot certonly --agree-tos --keep -n --text --email $2 --server \ + $letsencrypt_url -d $1 --http-01-port 1337 \ + --standalone --preferred-challenges http-01 --debug From b120666a600a683bbf423fabc914d9804447b9e7 Mon Sep 17 00:00:00 2001 From: Valder Gallo Date: Thu, 28 Jun 2018 08:28:40 -0300 Subject: [PATCH 7/9] missing recreate the file for the next week --- scripts/entrypoint.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 63105f4..5f4aa6a 100644 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -48,6 +48,9 @@ while [ true ]; do echo "Not run_certbot.sh" if [ $is_finshed_week_sec -lt 0 ]; then + # recreate the file + touch "$last_sync_file" + # re-run certbot echo "Run certbot" /scripts/run_certbot.sh From 87730d6a2db93bf6749c19fcc2d5ab33cc38eaf5 Mon Sep 17 00:00:00 2001 From: Valder Gallo Date: Thu, 28 Jun 2018 12:19:02 -0300 Subject: [PATCH 8/9] sleep for more 10 sec --- scripts/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 5f4aa6a..ba6f2c1 100644 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -38,7 +38,7 @@ one_week_sec=604800 # Instead of trying to run `cron` or something like that, just leep and run `certbot`. while [ true ]; do # Sleep for 1 week - sleep 604800 & + sleep 604810 & SLEEP_PID=$! last_sync_sec=$(stat -c %Y "$last_sync_file") From 5aa7438c46cd996043ab6ed494cd624a4dfabf3f Mon Sep 17 00:00:00 2001 From: Bruno Zell Date: Fri, 28 Sep 2018 14:53:48 +0200 Subject: [PATCH 9/9] create src folder --- {nginx_conf.d => src/nginx_conf.d}/certbot.conf | 0 {scripts => src/scripts}/entrypoint.sh | 0 {scripts => src/scripts}/register.sh | 0 {scripts => src/scripts}/run_certbot.sh | 0 {scripts => src/scripts}/util.sh | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename {nginx_conf.d => src/nginx_conf.d}/certbot.conf (100%) rename {scripts => src/scripts}/entrypoint.sh (100%) rename {scripts => src/scripts}/register.sh (100%) rename {scripts => src/scripts}/run_certbot.sh (100%) mode change 100755 => 100644 rename {scripts => src/scripts}/util.sh (100%) diff --git a/nginx_conf.d/certbot.conf b/src/nginx_conf.d/certbot.conf similarity index 100% rename from nginx_conf.d/certbot.conf rename to src/nginx_conf.d/certbot.conf diff --git a/scripts/entrypoint.sh b/src/scripts/entrypoint.sh similarity index 100% rename from scripts/entrypoint.sh rename to src/scripts/entrypoint.sh diff --git a/scripts/register.sh b/src/scripts/register.sh similarity index 100% rename from scripts/register.sh rename to src/scripts/register.sh diff --git a/scripts/run_certbot.sh b/src/scripts/run_certbot.sh old mode 100755 new mode 100644 similarity index 100% rename from scripts/run_certbot.sh rename to src/scripts/run_certbot.sh diff --git a/scripts/util.sh b/src/scripts/util.sh similarity index 100% rename from scripts/util.sh rename to src/scripts/util.sh