Merge pull request #1 from jreichmann/master
Environment Variables can be passed in to give more precise control over dehydrated
This commit is contained in:
commit
7b9bc1af6e
|
@ -14,11 +14,11 @@ RUN apk update \
|
||||||
bash \
|
bash \
|
||||||
su-exec \
|
su-exec \
|
||||||
libxml2-utils \
|
libxml2-utils \
|
||||||
&& git clone https://github.com/lukas2511/dehydrated /dehydrated
|
&& git clone https://github.com/lukas2511/dehydrated /dehydrated
|
||||||
|
|
||||||
|
# Add the files in the 'root' folder to the images filesystem
|
||||||
ADD root /
|
ADD root /
|
||||||
|
|
||||||
|
|
||||||
VOLUME /etc/dehydrated
|
VOLUME /etc/dehydrated
|
||||||
VOLUME /var/www/dehydrated
|
VOLUME /var/www/dehydrated
|
||||||
VOLUME /certs
|
VOLUME /certs
|
||||||
|
|
18
README.md
Normal file
18
README.md
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# docker-dehydrated
|
||||||
|
|
||||||
|
This is a docker container that wraps around [dehydrated](https://github.com/lukas2511/dehydrated).
|
||||||
|
|
||||||
|
## Environment variables
|
||||||
|
|
||||||
|
The following environment variables can be set to influence the container's behaviour:
|
||||||
|
|
||||||
|
- `$ENDPOINT` which ACME-Endpoint you want to use, supported values: "staging", "production" (default).
|
||||||
|
- `$CHALLENGE` what type of challenge should be used, supported values: "http-01" (default), "dns-01"
|
||||||
|
|
||||||
|
If the environment variables were not explicitely set, no modification to the configuration file is made
|
||||||
|
|
||||||
|
## Behaviour on startup
|
||||||
|
|
||||||
|
When the container is started, a script is run which looks for the configuration file in the places supported by dehydrated,
|
||||||
|
and if no configuration file is found, it will copy the [example configuration file](https://github.com/lukas2511/dehydrated/docs/examples/config)
|
||||||
|
into `/etc/dehydrated/config`.
|
|
@ -1,3 +1,4 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
chown -R ${UID}:${GID} /etc/dehydrated /certs /var/www/dehydrated
|
chown -R ${UID}:${GID} /etc/dehydrated /certs /var/www/dehydrated
|
||||||
su-exec ${UID}:${GID} /dehydrated/dehydrated -c
|
# Run dehydrated
|
||||||
|
su-exec ${UID}:${GID} /dehydrated/dehydrated --cron --keep-going
|
||||||
|
|
|
@ -1,3 +1,11 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
s6-svc -O /etc/s6.d/dehydrated
|
s6-svc -O /etc/s6.d/dehydrated
|
||||||
|
|
||||||
|
# Set ownership to dehydrated on the relevant folders
|
||||||
|
chown -R ${UID}:${GID} /etc/dehydrated /certs /var/www/dehydrated
|
||||||
|
|
||||||
|
# Register to the CA
|
||||||
|
su-exec ${UID}:${GID} /dehydrated/dehydrated --register --accept-terms
|
||||||
|
|
||||||
|
# Run the weekly script once
|
||||||
/etc/periodic/weekly/dehydrated
|
/etc/periodic/weekly/dehydrated
|
||||||
|
|
58
root/etc/s6.d/setup/run
Executable file
58
root/etc/s6.d/setup/run
Executable file
|
@ -0,0 +1,58 @@
|
||||||
|
#!/bin/bash
|
||||||
|
s6-svc -O /etc/s6.d/setup
|
||||||
|
|
||||||
|
# Check if and which configuration file exists
|
||||||
|
CONFIGFILE="none"
|
||||||
|
for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do
|
||||||
|
if [[ -f "${check_config}/config" ]]; then
|
||||||
|
CONFIGFILE="${check_config}/config"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# At this point, if no configuration file exists, copy the example into /etc/dehydrated
|
||||||
|
if [[ "$CONFIGFILE" == "none" ]]; then
|
||||||
|
cp /dehydrated/docs/examples/config /etc/dehydrated/config
|
||||||
|
CONFIGFILE="/etc/dehydrated/config"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Determine if the staging endpoint should be used
|
||||||
|
case "$ENDPOINT" in
|
||||||
|
"staging")
|
||||||
|
# If CA=... is commented, uncomment and set it to staging, if it is set to production, set it to staging
|
||||||
|
sed -ie 's/#CA=.*$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory"/g' $CONFIGFILE
|
||||||
|
sed -ie 's/CA=.+acme-v01\.api\..+$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory"/g' $CONFIGFILE
|
||||||
|
# Same procedure for CA_TERMS=...
|
||||||
|
sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||||
|
sed -ie 's/CA_TERMS=.+acme-v01\.api\..+$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||||
|
;;
|
||||||
|
"production")
|
||||||
|
# If CA=... is commented, uncomment and set to production, if it was set to staging, set it to production
|
||||||
|
sed -ie 's/#CA=.*$/CA="https:\/\/acme-v01.api.letsencrypt.org\/directory"/g' $CONFIGFILE
|
||||||
|
sed -ie 's/CA=.+acme-staging\.api\..+$/https:\/\/acme-v01.api.letsencrypt.org\/directory"/g' $CONFIGFILE
|
||||||
|
# Same thing for CA_TERMS=...
|
||||||
|
sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-v01.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||||
|
sed -ie 's/CA_TERMS=.+acme-staging\.api\..+$/CA_TERMS="https:\/\/acme-v01.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "INFO: No endpoint was specifically set, dehydrated will use its default"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Determine which type of challenge should be used
|
||||||
|
case "$CHALLENGE" in
|
||||||
|
"http-01")
|
||||||
|
# If we have a "fresh" config, uncomment the challengetype-line and set our value
|
||||||
|
sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="http-01"/g' $CONFIGFILE
|
||||||
|
# If a challengetype is already set, overwrite it
|
||||||
|
sed -ie 's/CHALLENGETYPE=.+$/CHALLENGETYPE="http-01"/g' $CONFIGFILE
|
||||||
|
;;
|
||||||
|
"dns-01")
|
||||||
|
# If we have the default config, uncomment the line and set our challengetype
|
||||||
|
sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="dns-01"/g' $CONFIGFILE
|
||||||
|
# If a challengetype was already set, overwrite it with the new value
|
||||||
|
sed -ie 's/CHALLENGETYPE=.+$/CHALLENGETYPE="dns-01"/g' $CONFIGFILE
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "INFO: No challenge-type was specified, the default from dehydrated will be used"
|
||||||
|
;;
|
||||||
|
esac
|
Loading…
Reference in a new issue