diff --git a/Dockerfile b/Dockerfile index 2c64c9d..858e51e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,12 +2,7 @@ FROM jcgruenhage/baseimage-alpine MAINTAINER Jan Christian Grünhage ENV UID=192 \ - GID=192 \ - STAGING=0 \ - CHALLENGE="dns-01" - -# Set STAGING to false(0) by default, set to true(1) to use staging LE-Endpoint -# Set CHALLENGE to "dns-01" (DNS Challenge) by default, set to "http-01" to use the HTTP Challenge + GID=192 RUN apk update \ && apk add --upgrade \ @@ -28,5 +23,3 @@ VOLUME /etc/dehydrated VOLUME /var/www/dehydrated VOLUME /certs -# Execute the setup script -RUN bash /etc/once/setup.sh diff --git a/README.md b/README.md new file mode 100644 index 0000000..b7efaa8 --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +#docker-dehydrated + +This is a docker container that wraps around [dehydrated](https://github.com/lukas2511/dehydrated). + +## Environment variables + +The following environment variables can be set to influence the container's behaviour: + +- $ENDPOINT which ACME-Endpoint you want to use, supported values: "staging", "production" (default). +- $CHALLENGE what type of challenge should be used, supported values: "http-01" (default), "dns-01" diff --git a/root/etc/once/setup.sh b/root/etc/once/setup.sh deleted file mode 100644 index f17af00..0000000 --- a/root/etc/once/setup.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# Copy the example config file to the config location -cp /dehydrated/docs/examples/config /etc/dehydrated/config - -# Use the staging endpoint? -if [ $STAGING -ne 0 ]; then - sed -ie 's/#CA=.*$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory"/g' /etc/dehydrated/config - sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' /etc/dehydrated/config -fi - -# Set the challenge-type -case "$CHALLENGE" in - "http-01") - sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="http-01"/g' /etc/dehydrated/config - ;; - "dns-01") - sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="dns-01"/g' /etc/dehydrated/config - ;; - *) - echo "WARNING: Unknown Challenge type! Using default from dehydrated" - ;; -esac diff --git a/root/etc/s6.d/setup/run b/root/etc/s6.d/setup/run new file mode 100755 index 0000000..f5c0887 --- /dev/null +++ b/root/etc/s6.d/setup/run @@ -0,0 +1,55 @@ +#!/bin/bash +s6-svc -O /etc/s6.d/dehydrated + +# Check if and which configuration file exists +CONFIGFILE="none" +for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do + if [[ -f "${check_config}/config" ]]; then + CONFIGFILE="${check_config}/config" + fi +done + +# At this point, no configuration file exists, so copy the example into /etc/dehydrated +if [[ "$CONFIGFILE" == "none" ]]; then + cp /dehydrated/docs/examples/config /etc/dehydrated/config + CONFIGFILE="/etc/dehydrated/config" +fi + +# Determine if the staging endpoint should be used +case "$ENDPOINT" in + "staging") + # If CA=... is commented, uncomment and set it to staging, if it is set to production, set it to staging + sed -ie 's/#CA=.*$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory/g' $CONFIGFILE + sed -ie 's/CA=.+acme-v01\.api\..+$/CA="https:\/\/acme-staging.api.letsencrypt.org\/directory/g' $CONFIGFILE + # Same procedure for CA_TERMS=... + sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' $CONFIGFILE + sed -ie 's/CA_TERMS=.+acme-v01\.api\..+$/CA_TERMS="https:\/\/acme-staging.api.letsencrypt.org\/terms"/g' $CONFIGFILE + ;; + "production") + # If CA=... is commented, uncomment and set to production, if it was set to staging, set it to production + sed -ie 's/#CA=.*$/CA="https:\/\/acme-v01.api.letsencrypt.org\/directory"/g' $CONFIGFILE + sed -ie 's/CA=.+acme-staging\.api\..+$/https:\/\/acme-v01.api.letsencrypt.org\/directory/g' $CONFIGFILE + # Same thing for CA_TERMS=... + sed -ie 's/#CA_TERMS=.*$/CA_TERMS="https:\/\/acme-v01.api.letsencrypt.org\/terms"/g' $CONFIGFILE + sed -ie 's/CA_TERMS=.+acme-staging\.api\..+$/CA_TERMS="https:\/\/acme-v01.api.letsencrypt.org\/terms"/g' $CONFIGFILE + *) + ;; +esac + +# Determine which type of challenge should be used +case "$CHALLENGE" in + "http-01") + # If we have a "fresh" config, uncomment the challengetype-line and set our value + sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="http-01"/g' $CONFIGFILE + # If a challengetype is already set, overwrite it + sed -ie 's/CHALLENGETYPE=.+$/CHALLENGETYPE="http-01"/g' $CONFIGFILE + ;; + "dns-01") + # If we have the default config, uncomment the line and set our challengetype + sed -ie 's/#CHALLENGETYPE=.*$/CHALLENGETYPE="dns-01"/g' $CONFIGFILE + # If a challengetype was already set, overwrite it with the new value + sed -ie 's/CHALLENGETYPE=.+$/CHALLENGETYPE="dns-01"/g' $CONFIGFILE + ;; + *) + ;; +esac