IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
소스 검색

Added the pebble example and more or less finished the gateway example.

master
부모
커밋
c8428bfc42
9개의 변경된 파일114개의 추가작업 그리고 9개의 파일을 삭제
  1. +30
    -0
      example/gateway/certbot/Fockerfile
  2. +24
    -0
      example/gateway/certbot/files/certbot.py
  3. +1
    -0
      example/gateway/certbot/files/crontab_nobody
  4. +18
    -4
      example/gateway/focker-compose.yml
  5. +1
    -1
      example/gateway/nginx-http/Fockerfile
  6. +7
    -1
      example/gateway/nginx-https/Fockerfile
  7. +6
    -3
      example/gateway/nginx-https/files/nginx.conf
  8. +15
    -0
      example/pebble/Fockerfile
  9. +12
    -0
      example/pebble/focker-compose.yml

+ 30
- 0
example/gateway/certbot/Fockerfile 파일 보기

@@ -0,0 +1,30 @@
base: freebsd-latest
steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install py37-certbot python3
- mkdir -p /certbot/data
- mkdir -p /certbot/webroot
- mkdir -p /certbot/scripts
- chown -R nobody:nobody /certbot
- chmod 0750 /certbot
- copy:
- [ files/certbot.py,
/certbot/scripts/certbot.py ]
- [ files/crontab_nobody,
/root/crontab_nobody ]
- [ ../files/cookiecutter.json,
/certbot/data/metadata.json ]
- run:
- crontab -u nobody /root/crontab_nobody
- rm -v /root/crontab_nobody
- mkdir -p /usr/local/etc/letsencrypt
- mkdir -p /var/log/letsencrypt
- mkdir -p /var/db/letsencrypt
- chown nobody:nobody /var/log/letsencrypt
- chown nobody:nobody /var/db/letsencrypt
- run:
- sysrc sshd_enable=NO
- sysrc sendmail_enable=NONE
- sysrc clear_tmp_enable=YES
- sysrc syslogd_flags="-ss"

+ 24
- 0
example/gateway/certbot/files/certbot.py 파일 보기

@@ -0,0 +1,24 @@
import json
import subprocess
def main():
with open('/certbot/data/metadata.json', 'r') as f:
data = json.load(f)
ips = data['ips'][0]
domains = data['domains'][0]
for ds in domains:
cmd = [ '/usr/local/bin/certbot', 'certonly', '--webroot',
'-w', '/certbot/webroot', '--server', 'https://127.0.11.1:14000/dir',
'--email', 's.adaszewski@gmail.com', '--no-verify-ssl', '-n',
'--agree-tos', '--expand' ]
for d in ds:
cmd.append('-d')
cmd.append(d)
ret = subprocess.run(cmd)
if ret.returncode != 0:
raise RuntimeError('Failed certbot certonly for:', ' '.join(ds))
if __name__ == '__main__':
main()

+ 1
- 0
example/gateway/certbot/files/crontab_nobody 파일 보기

@@ -0,0 +1 @@
@weekly /usr/local/bin/certbot renew --webroot -w /certbot/webroot --server https://127.0.11.1:14000 --no-verify-ssl -n --agree-tos >/dev/null 2>&1

+ 18
- 4
example/gateway/focker-compose.yml 파일 보기

@@ -3,8 +3,16 @@ prebuild:
volumes:
certbot-data: {}
certbot-webroot: {}
certbot-data:
chown: 65534:65534
chmod: 0750
zfs:
quota: 1G
certbot-webroot:
chown: 65534:65534
chmod: 0750
zfs:
quota: 1G
images:
@@ -17,14 +25,20 @@ jails:
nginx-http:
image: nginx-http
mounts:
certbot-webroot: /srv/certbot-webroot
certbot-webroot: /certbot/webroot
certbot:
image: certbot
depend: nginx-http
mounts:
certbot-data: /
certbot-data: /usr/local/etc/letsencrypt
certbot-webroot: /certbot/webroot
exec.start: |
( /usr/bin/su -m nobody -c "python3 /certbot/scripts/certbot.py" && \
/bin/sh /etc/rc ) &
nginx-https:
image: nginx-https
depend: certbot
mounts:
certbot-data: /usr/local/etc/letsencrypt

+ 1
- 1
example/gateway/nginx-http/Fockerfile 파일 보기

@@ -19,4 +19,4 @@ steps:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- mkdir -p /srv/certbot-webroot
- mkdir -p /certbot/webroot

+ 7
- 1
example/gateway/nginx-https/Fockerfile 파일 보기

@@ -19,4 +19,10 @@ steps:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- mkdir /certbot-data
- mkdir -p /usr/local/etc/letsencrypt
- mkdir -p /certbot/webroot
- run:
- sysrc sshd_enable=NO
- sysrc sendmail_enable=NONE
- sysrc clear_tmp_enable=YES
- sysrc syslogd_flags="-ss"

+ 6
- 3
example/gateway/nginx-https/files/nginx.conf 파일 보기

@@ -12,11 +12,14 @@ http {
server {
listen 443 ssl;
server_name {{ ' '.join(cookiecutter.domains[i]) }};
ssl_certificate /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.crt;
ssl_certificate_key /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.key;
ssl_certificate /usr/local/etc/letsencrypt/live/{{ cookiecutter.domains[i][0] }}/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ cookiecutter.domains[i][0] }}/privkey.pem;

location / {
proxy_pass http://{{ cookiecutter.ips[i] }}/;
proxy_pass http://{{ cookiecutter.ips[i] }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_request_buffering off;
}
}
{% endfor %}


+ 15
- 0
example/pebble/Fockerfile 파일 보기

@@ -0,0 +1,15 @@
base: freebsd-latest

steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install go git
- run:
- mkdir /go
- export GOPATH=/go
- go get -u github.com/letsencrypt/pebble/...
- cd $GOPATH/src/github.com/letsencrypt/pebble
- go install ./...
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove go git
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove


+ 12
- 0
example/pebble/focker-compose.yml 파일 보기

@@ -0,0 +1,12 @@
image:
pebble: .

jails:
pebble:
image: pebble
ip4.addr: 127.0.11.1
exec.start: |
cd /go/src/github.com/letsencrypt/pebble && \
export PEBBLE_VA_ALWAYS_VALID=1 && \
nohup /go/bin/pebble -config test/config/pebble-config.json &


불러오는 중...
취소
저장