Refactor config-modification into a service, document the optional environment variables so not setting them will not modify the configuration file, introduce check to see if config file exists before blindly copying one
This commit is contained in:
jreichmann
parent
29618dab22
commit
ee8e15944f
|
|
@ -2,12 +2,7 @@ FROM jcgruenhage/baseimage-alpine
|
|||
MAINTAINER Jan Christian Grünhage <jan.christian@gruenhage.xyz>
|
||||
|
||||
ENV UID=192 \
|
||||
GID=192 \
|
||||
STAGING=0 \
|
||||
CHALLENGE="dns-01"
|
||||
|
||||
# Set STAGING to false(0) by default, set to true(1) to use staging LE-Endpoint
|
||||
# Set CHALLENGE to "dns-01" (DNS Challenge) by default, set to "http-01" to use the HTTP Challenge
|
||||
GID=192
|
||||
|
||||
RUN apk update \
|
||||
&& apk add --upgrade \
|
||||
|
|
@ -28,5 +23,3 @@ VOLUME /etc/dehydrated
|
|||
VOLUME /var/www/dehydrated
|
||||
VOLUME /certs
|
||||
|
||||
# Execute the setup script
|
||||
RUN bash /etc/once/setup.sh
|
||||
|
|
|
|||
10
README.md
Normal file
10
README.md
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
#docker-dehydrated
|
||||
|
||||
This is a docker container that wraps around [dehydrated](https://github.com/lukas2511/dehydrated).
|
||||
|
||||
## Environment variables
|
||||
|
||||
The following environment variables can be set to influence the container's behaviour:
|
||||
|
||||
- $ENDPOINT which ACME-Endpoint you want to use, supported values: "staging", "production" (default).
|
||||
- $CHALLENGE what type of challenge should be used, supported values: "http-01" (default), "dns-01"
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Copy the example config file to the config location
|
||||
cp /dehydrated/docs/examples/config /etc/dehydrated/config
|
||||
|
||||
# Use the staging endpoint?
|
||||
if [ $STAGING -ne 0 ]; then
|
||||
sed -ie 's/#CA=.*$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory"/g' /etc/dehydrated/config
|
||||
sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' /etc/dehydrated/config
|
||||
fi
|
||||
|
||||
# Set the challenge-type
|
||||
case "$CHALLENGE" in
|
||||
"http-01")
|
||||
sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="http-01"/g' /etc/dehydrated/config
|
||||
;;
|
||||
"dns-01")
|
||||
sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="dns-01"/g' /etc/dehydrated/config
|
||||
;;
|
||||
*)
|
||||
echo "WARNING: Unknown Challenge type! Using default from dehydrated"
|
||||
;;
|
||||
esac
|
||||
55
root/etc/s6.d/setup/run
Executable file
55
root/etc/s6.d/setup/run
Executable file
|
|
@ -0,0 +1,55 @@
|
|||
#!/bin/bash
|
||||
s6-svc -O /etc/s6.d/dehydrated
|
||||
|
||||
# Check if and which configuration file exists
|
||||
CONFIGFILE="none"
|
||||
for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do
|
||||
if [[ -f "${check_config}/config" ]]; then
|
||||
CONFIGFILE="${check_config}/config"
|
||||
fi
|
||||
done
|
||||
|
||||
# At this point, no configuration file exists, so copy the example into /etc/dehydrated
|
||||
if [[ "$CONFIGFILE" == "none" ]]; then
|
||||
cp /dehydrated/docs/examples/config /etc/dehydrated/config
|
||||
CONFIGFILE="/etc/dehydrated/config"
|
||||
fi
|
||||
|
||||
# Determine if the staging endpoint should be used
|
||||
case "$ENDPOINT" in
|
||||
"staging")
|
||||
# If CA=... is commented, uncomment and set it to staging, if it is set to production, set it to staging
|
||||
sed -ie 's/#CA=.*$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory/g' $CONFIGFILE
|
||||
sed -ie 's/CA=.+acme-v01\.api\..+$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory/g' $CONFIGFILE
|
||||
# Same procedure for CA_TERMS=...
|
||||
sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||
sed -ie 's/CA_TERMS=.+acme-v01\.api\..+$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||
;;
|
||||
"production")
|
||||
# If CA=... is commented, uncomment and set to production, if it was set to staging, set it to production
|
||||
sed -ie 's/#CA=.*$/CA="https:\/\/acme-v01.api.letsencrypt.org\/directory"/g' $CONFIGFILE
|
||||
sed -ie 's/CA=.+acme-staging\.api\..+$/https:\/\/acme-v01.api.letsencrypt.org\/directory/g' $CONFIGFILE
|
||||
# Same thing for CA_TERMS=...
|
||||
sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-v01.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||
sed -ie 's/CA_TERMS=.+acme-staging\.api\..+$/CA_TERMS="https:\/\/acme-v01.api.letsencrypt.org\/terms"/g' $CONFIGFILE
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
# Determine which type of challenge should be used
|
||||
case "$CHALLENGE" in
|
||||
"http-01")
|
||||
# If we have a "fresh" config, uncomment the challengetype-line and set our value
|
||||
sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="http-01"/g' $CONFIGFILE
|
||||
# If a challengetype is already set, overwrite it
|
||||
sed -ie 's/CHALLENGETYPE=.+$/CHALLENGETYPE="http-01"/g' $CONFIGFILE
|
||||
;;
|
||||
"dns-01")
|
||||
# If we have the default config, uncomment the line and set our challengetype
|
||||
sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="dns-01"/g' $CONFIGFILE
|
||||
# If a challengetype was already set, overwrite it with the new value
|
||||
sed -ie 's/CHALLENGETYPE=.+$/CHALLENGETYPE="dns-01"/g' $CONFIGFILE
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
Loading…
Reference in a new issue