Updated renew, added new.sh

This commit is contained in:
Deon George 2020-12-07 17:01:40 +11:00
parent e51ad7a7da
commit 1eae86dc9e
3 changed files with 83 additions and 9 deletions

View File

@ -24,8 +24,8 @@ RUN curl -sL https://github.com/go-acme/lego/releases/download/v4.1.3/lego_v4.1.
EXPOSE 80 443
COPY renew.sh /usr/local/sbin
LABEL cron.container.weekly root#/usr/local/sbin/renew.sh certbot
COPY new.sh renew.sh /usr/local/sbin/
LABEL cron.container.weekly root#/usr/local/sbin/renew.sh lego
# Expose our web root and log directories log.
#VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d" ]

57
new.sh Executable file
View File

@ -0,0 +1,57 @@
#!/bin/bash
CERTDIR=/etc/nginx/conf.d
RELOAD="/tmp/nginx.reload"
if [ "$1" == "certbot" ]; then
echo "! WARNING - untested"
CERTFILE=${CERTDIR}/certbot-cert.ssl
[ -r ${CERTFILE} ] || exit 1
[ -d ${CERTDIR}/ssl/letsencrypt ] || mkdir ${CERTDIR}/ssl/letsencrypt
cat ${CERTFILE} | while read line; do
echo " - line is [${line}]"
LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
DOMAINS=$(echo ${line} | cut -d':' -f 2)
LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
certbot certonly --webroot --config-dir ${CERTDIR}/ssl/letsencrypt/ -w /tmp --agree-tos --email ${LEGO_ACCOUNT_EMAIL} -n${LEGO_CERT_DOMAIN}
touch ${RELOAD}
done
elif [ "$1" == "lego" ]; then
CERTFILE=${CERTDIR}/lego-cert.ssl
[ -r ${CERTFILE} ] || exit 1
[ -d ${CERTDIR}/ssl/lego ] || mkdir ${CERTDIR}/ssl/lego
TLS_PORT=444
cat ${CERTFILE} | while read line; do
echo " - line is [${line}]"
LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
DOMAINS=$(echo ${line} | cut -d':' -f 2)
LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
lego -m ${LEGO_ACCOUNT_EMAIL} ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego -a --tls --tls.port :${TLS_PORT} run && touch ${RELOAD}
done
else
echo "! ERROR: Unknown certbot method [$1]"
fi
if [ -r ${RELOAD} ]; then
echo "Reloading NGINX"
/usr/sbin/nginx -s reload
rm -f ${RELOAD}
fi

View File

@ -4,15 +4,32 @@ if [ "$1" == "certbot" ]; then
certbot renew -q --config-dir /etc/nginx/conf.d/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload"
elif [ "$1" == "lego" ]; then
CERTDIR=/etc/nginx/conf.d
CERTFILE=${CERTDIR}/lego-cert.ssl
RELOAD="/tmp/nginx.reload"
TLS_PORT=444
[ -r ${CERTFILE} ] || exit 1
cat ${CERTFILE} | while read line; do
echo " - line is [${line}]"
LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
DOMAINS=$(echo ${line} | cut -d':' -f 2)
LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
LEGO_CERT_DOMAIN=("${LEGO_CERT_DOMAIN[@]/#/--domains=\"}")
if [ -n "${LEGO_CERT_DOMAIN}" ]; then
LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:+"${LEGO_CERT_DOMAIN[@]/%/\"}"}
fi
LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
echo lego --email="mail@gmail.com" ${LEGO_CERT_DOMAIN} --tls --tls.port 444 renew --renew-hook="/usr/sbin/nginx -s reload"
lego --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego --tls --tls.port :${TLS_PORT} renew --renew-hook="touch $RELOAD"
done
if [ -r ${RELOAD} ]; then
echo "Reloading NGINX"
/usr/sbin/nginx -s reload
rm -f ${RELOAD}
fi
else
echo "! ERROR: Unknown certbot method [$1]"