IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
Browse Source

Added the pebble example and more or less finished the gateway example.

master
parent
commit
c8428bfc42
9 changed files with 114 additions and 9 deletions
  1. +30
    -0
      example/gateway/certbot/Fockerfile
  2. +24
    -0
      example/gateway/certbot/files/certbot.py
  3. +1
    -0
      example/gateway/certbot/files/crontab_nobody
  4. +18
    -4
      example/gateway/focker-compose.yml
  5. +1
    -1
      example/gateway/nginx-http/Fockerfile
  6. +7
    -1
      example/gateway/nginx-https/Fockerfile
  7. +6
    -3
      example/gateway/nginx-https/files/nginx.conf
  8. +15
    -0
      example/pebble/Fockerfile
  9. +12
    -0
      example/pebble/focker-compose.yml

+ 30
- 0
example/gateway/certbot/Fockerfile View File

@@ -0,0 +1,30 @@
base: freebsd-latest
steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install py37-certbot python3
- mkdir -p /certbot/data
- mkdir -p /certbot/webroot
- mkdir -p /certbot/scripts
- chown -R nobody:nobody /certbot
- chmod 0750 /certbot
- copy:
- [ files/certbot.py,
/certbot/scripts/certbot.py ]
- [ files/crontab_nobody,
/root/crontab_nobody ]
- [ ../files/cookiecutter.json,
/certbot/data/metadata.json ]
- run:
- crontab -u nobody /root/crontab_nobody
- rm -v /root/crontab_nobody
- mkdir -p /usr/local/etc/letsencrypt
- mkdir -p /var/log/letsencrypt
- mkdir -p /var/db/letsencrypt
- chown nobody:nobody /var/log/letsencrypt
- chown nobody:nobody /var/db/letsencrypt
- run:
- sysrc sshd_enable=NO
- sysrc sendmail_enable=NONE
- sysrc clear_tmp_enable=YES
- sysrc syslogd_flags="-ss"

+ 24
- 0
example/gateway/certbot/files/certbot.py View File

@@ -0,0 +1,24 @@
import json
import subprocess
def main():
with open('/certbot/data/metadata.json', 'r') as f:
data = json.load(f)
ips = data['ips'][0]
domains = data['domains'][0]
for ds in domains:
cmd = [ '/usr/local/bin/certbot', 'certonly', '--webroot',
'-w', '/certbot/webroot', '--server', 'https://127.0.11.1:14000/dir',
'--email', 's.adaszewski@gmail.com', '--no-verify-ssl', '-n',
'--agree-tos', '--expand' ]
for d in ds:
cmd.append('-d')
cmd.append(d)
ret = subprocess.run(cmd)
if ret.returncode != 0:
raise RuntimeError('Failed certbot certonly for:', ' '.join(ds))
if __name__ == '__main__':
main()

+ 1
- 0
example/gateway/certbot/files/crontab_nobody View File

@@ -0,0 +1 @@
@weekly /usr/local/bin/certbot renew --webroot -w /certbot/webroot --server https://127.0.11.1:14000 --no-verify-ssl -n --agree-tos >/dev/null 2>&1

+ 18
- 4
example/gateway/focker-compose.yml View File

@@ -3,8 +3,16 @@ prebuild:
volumes:
certbot-data: {}
certbot-webroot: {}
certbot-data:
chown: 65534:65534
chmod: 0750
zfs:
quota: 1G
certbot-webroot:
chown: 65534:65534
chmod: 0750
zfs:
quota: 1G
images:
@@ -17,14 +25,20 @@ jails:
nginx-http:
image: nginx-http
mounts:
certbot-webroot: /srv/certbot-webroot
certbot-webroot: /certbot/webroot
certbot:
image: certbot
depend: nginx-http
mounts:
certbot-data: /
certbot-data: /usr/local/etc/letsencrypt
certbot-webroot: /certbot/webroot
exec.start: |
( /usr/bin/su -m nobody -c "python3 /certbot/scripts/certbot.py" && \
/bin/sh /etc/rc ) &
nginx-https:
image: nginx-https
depend: certbot
mounts:
certbot-data: /usr/local/etc/letsencrypt

+ 1
- 1
example/gateway/nginx-http/Fockerfile View File

@@ -19,4 +19,4 @@ steps:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- mkdir -p /srv/certbot-webroot
- mkdir -p /certbot/webroot

+ 7
- 1
example/gateway/nginx-https/Fockerfile View File

@@ -19,4 +19,10 @@ steps:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- mkdir /certbot-data
- mkdir -p /usr/local/etc/letsencrypt
- mkdir -p /certbot/webroot
- run:
- sysrc sshd_enable=NO
- sysrc sendmail_enable=NONE
- sysrc clear_tmp_enable=YES
- sysrc syslogd_flags="-ss"

+ 6
- 3
example/gateway/nginx-https/files/nginx.conf View File

@@ -12,11 +12,14 @@ http {
server {
listen 443 ssl;
server_name {{ ' '.join(cookiecutter.domains[i]) }};
ssl_certificate /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.crt;
ssl_certificate_key /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.key;
ssl_certificate /usr/local/etc/letsencrypt/live/{{ cookiecutter.domains[i][0] }}/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ cookiecutter.domains[i][0] }}/privkey.pem;

location / {
proxy_pass http://{{ cookiecutter.ips[i] }}/;
proxy_pass http://{{ cookiecutter.ips[i] }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_request_buffering off;
}
}
{% endfor %}


+ 15
- 0
example/pebble/Fockerfile View File

@@ -0,0 +1,15 @@
base: freebsd-latest

steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install go git
- run:
- mkdir /go
- export GOPATH=/go
- go get -u github.com/letsencrypt/pebble/...
- cd $GOPATH/src/github.com/letsencrypt/pebble
- go install ./...
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove go git
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove


+ 12
- 0
example/pebble/focker-compose.yml View File

@@ -0,0 +1,12 @@
image:
pebble: .

jails:
pebble:
image: pebble
ip4.addr: 127.0.11.1
exec.start: |
cd /go/src/github.com/letsencrypt/pebble && \
export PEBBLE_VA_ALWAYS_VALID=1 && \
nohup /go/bin/pebble -config test/config/pebble-config.json &


Loading…
Cancel
Save