IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
Sfoglia il codice sorgente

Added the pebble example and more or less finished the gateway example.

master
parent
commit
c8428bfc42
9 ha cambiato i file con 114 aggiunte e 9 eliminazioni
  1. +30
    -0
      example/gateway/certbot/Fockerfile
  2. +24
    -0
      example/gateway/certbot/files/certbot.py
  3. +1
    -0
      example/gateway/certbot/files/crontab_nobody
  4. +18
    -4
      example/gateway/focker-compose.yml
  5. +1
    -1
      example/gateway/nginx-http/Fockerfile
  6. +7
    -1
      example/gateway/nginx-https/Fockerfile
  7. +6
    -3
      example/gateway/nginx-https/files/nginx.conf
  8. +15
    -0
      example/pebble/Fockerfile
  9. +12
    -0
      example/pebble/focker-compose.yml

+ 30
- 0
example/gateway/certbot/Fockerfile Vedi File

@@ -0,0 +1,30 @@
base: freebsd-latest
steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install py37-certbot python3
- mkdir -p /certbot/data
- mkdir -p /certbot/webroot
- mkdir -p /certbot/scripts
- chown -R nobody:nobody /certbot
- chmod 0750 /certbot
- copy:
- [ files/certbot.py,
/certbot/scripts/certbot.py ]
- [ files/crontab_nobody,
/root/crontab_nobody ]
- [ ../files/cookiecutter.json,
/certbot/data/metadata.json ]
- run:
- crontab -u nobody /root/crontab_nobody
- rm -v /root/crontab_nobody
- mkdir -p /usr/local/etc/letsencrypt
- mkdir -p /var/log/letsencrypt
- mkdir -p /var/db/letsencrypt
- chown nobody:nobody /var/log/letsencrypt
- chown nobody:nobody /var/db/letsencrypt
- run:
- sysrc sshd_enable=NO
- sysrc sendmail_enable=NONE
- sysrc clear_tmp_enable=YES
- sysrc syslogd_flags="-ss"

+ 24
- 0
example/gateway/certbot/files/certbot.py Vedi File

@@ -0,0 +1,24 @@
import json
import subprocess
def main():
with open('/certbot/data/metadata.json', 'r') as f:
data = json.load(f)
ips = data['ips'][0]
domains = data['domains'][0]
for ds in domains:
cmd = [ '/usr/local/bin/certbot', 'certonly', '--webroot',
'-w', '/certbot/webroot', '--server', 'https://127.0.11.1:14000/dir',
'--email', 's.adaszewski@gmail.com', '--no-verify-ssl', '-n',
'--agree-tos', '--expand' ]
for d in ds:
cmd.append('-d')
cmd.append(d)
ret = subprocess.run(cmd)
if ret.returncode != 0:
raise RuntimeError('Failed certbot certonly for:', ' '.join(ds))
if __name__ == '__main__':
main()

+ 1
- 0
example/gateway/certbot/files/crontab_nobody Vedi File

@@ -0,0 +1 @@
@weekly /usr/local/bin/certbot renew --webroot -w /certbot/webroot --server https://127.0.11.1:14000 --no-verify-ssl -n --agree-tos >/dev/null 2>&1

+ 18
- 4
example/gateway/focker-compose.yml Vedi File

@@ -3,8 +3,16 @@ prebuild:
volumes:
certbot-data: {}
certbot-webroot: {}
certbot-data:
chown: 65534:65534
chmod: 0750
zfs:
quota: 1G
certbot-webroot:
chown: 65534:65534
chmod: 0750
zfs:
quota: 1G
images:
@@ -17,14 +25,20 @@ jails:
nginx-http:
image: nginx-http
mounts:
certbot-webroot: /srv/certbot-webroot
certbot-webroot: /certbot/webroot
certbot:
image: certbot
depend: nginx-http
mounts:
certbot-data: /
certbot-data: /usr/local/etc/letsencrypt
certbot-webroot: /certbot/webroot
exec.start: |
( /usr/bin/su -m nobody -c "python3 /certbot/scripts/certbot.py" && \
/bin/sh /etc/rc ) &
nginx-https:
image: nginx-https
depend: certbot
mounts:
certbot-data: /usr/local/etc/letsencrypt

+ 1
- 1
example/gateway/nginx-http/Fockerfile Vedi File

@@ -19,4 +19,4 @@ steps:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- mkdir -p /srv/certbot-webroot
- mkdir -p /certbot/webroot

+ 7
- 1
example/gateway/nginx-https/Fockerfile Vedi File

@@ -19,4 +19,10 @@ steps:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- mkdir /certbot-data
- mkdir -p /usr/local/etc/letsencrypt
- mkdir -p /certbot/webroot
- run:
- sysrc sshd_enable=NO
- sysrc sendmail_enable=NONE
- sysrc clear_tmp_enable=YES
- sysrc syslogd_flags="-ss"

+ 6
- 3
example/gateway/nginx-https/files/nginx.conf Vedi File

@@ -12,11 +12,14 @@ http {
server {
listen 443 ssl;
server_name {{ ' '.join(cookiecutter.domains[i]) }};
ssl_certificate /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.crt;
ssl_certificate_key /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.key;
ssl_certificate /usr/local/etc/letsencrypt/live/{{ cookiecutter.domains[i][0] }}/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ cookiecutter.domains[i][0] }}/privkey.pem;

location / {
proxy_pass http://{{ cookiecutter.ips[i] }}/;
proxy_pass http://{{ cookiecutter.ips[i] }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_request_buffering off;
}
}
{% endfor %}


+ 15
- 0
example/pebble/Fockerfile Vedi File

@@ -0,0 +1,15 @@
base: freebsd-latest

steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install go git
- run:
- mkdir /go
- export GOPATH=/go
- go get -u github.com/letsencrypt/pebble/...
- cd $GOPATH/src/github.com/letsencrypt/pebble
- go install ./...
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove go git
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove


+ 12
- 0
example/pebble/focker-compose.yml Vedi File

@@ -0,0 +1,12 @@
image:
pebble: .

jails:
pebble:
image: pebble
ip4.addr: 127.0.11.1
exec.start: |
cd /go/src/github.com/letsencrypt/pebble && \
export PEBBLE_VA_ALWAYS_VALID=1 && \
nohup /go/bin/pebble -config test/config/pebble-config.json &


Loading…
Annulla
Salva