freshen run scripts
Build Container Image / build_amd64 (push) Successful in 1m27s
Details
Build Container Image / publish_amd64 (push) Successful in 38s
Details
Build Container Image / build_arm64 (push) Successful in 3m43s
Details
Build Container Image / publish_arm64 (push) Successful in 25s
Details
Build Container Image / build_armhf (push) Successful in 6m40s
Details
Build Container Image / build_riscv64 (push) Successful in 6m57s
Details
Build Container Image / build_manifest (push) Successful in 4s
Details
Build Container Image / publish_armhf (push) Successful in 59s
Details
Build Container Image / publish_riscv64 (push) Successful in 53s
Details
Build Container Image / publish_manifest (push) Successful in 25s
Details
Build Container Image / build_amd64 (push) Successful in 1m27s
Details
Build Container Image / publish_amd64 (push) Successful in 38s
Details
Build Container Image / build_arm64 (push) Successful in 3m43s
Details
Build Container Image / publish_arm64 (push) Successful in 25s
Details
Build Container Image / build_armhf (push) Successful in 6m40s
Details
Build Container Image / build_riscv64 (push) Successful in 6m57s
Details
Build Container Image / build_manifest (push) Successful in 4s
Details
Build Container Image / publish_armhf (push) Successful in 59s
Details
Build Container Image / publish_riscv64 (push) Successful in 53s
Details
Build Container Image / publish_manifest (push) Successful in 25s
Details
This commit is contained in:
parent
84fdcad3c4
commit
5212f5545d
|
@ -1,14 +1,18 @@
|
|||
#!/command/with-contenv /bin/bash
|
||||
|
||||
B_RSA=${B_RSA:-4096}
|
||||
B_ECDSA=${B_ECDSA:-384}
|
||||
if [[ -z "${SSLDOMAINS}" && ! -d /mnt/config/ssl ]]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
export HOME=/mnt/config/home
|
||||
export B_RSA=${B_RSA:-4096}
|
||||
export B_ECDSA=${B_ECDSA:-384}
|
||||
|
||||
cd /mnt/config/home || exit 1
|
||||
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
|
||||
if [[ ${B_ECDSA} -gt 0 ]]; then
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --key-type ecdsa --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
|
||||
else
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size ${B_RSA} --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size "${B_RSA}" --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -1,41 +1,38 @@
|
|||
#!/command/with-contenv /bin/bash
|
||||
|
||||
DOMAINNAME=${SSLPRIMARY:-"example.net"}
|
||||
export HOME=/mnt/config/home
|
||||
export DOMAINNAME=${SSLPRIMARY:-"example.net"}
|
||||
export ADMINIP=${ADMINIP:-"127.0.0.1"}
|
||||
export DNSADDR=${DNSADDR:-"8.8.8.8 8.8.4.4"}
|
||||
export TRUSTSN=${TRUSTSN:-"192.168.0.0/16"}
|
||||
export THISIP=$(/sbin/ifconfig | /bin/grep 'inet addr' | /usr/bin/head -1 | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $3}')
|
||||
export THISSN=$(/sbin/ifconfig | /bin/grep 'inet addr' | /usr/bin/head -1 | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $7}')
|
||||
export TRSTIP=$(/bin/ipcalc -n "$THISIP" "$THISSN" | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}')
|
||||
export TRSTPF=$(/bin/ipcalc -p "$THISIP" "$THISSN" | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}')
|
||||
export SSLPRIMARY=$(/bin/echo "$SSLDOMAINS" | /usr/bin/tr ',' ' ' | /usr/bin/awk '{print $1}')
|
||||
export B_MODULI=${B_MODULI:-4096}
|
||||
|
||||
ADMINIP=${ADMINIP:-"127.0.0.1"}
|
||||
DNSADDR=${DNSADDR:-"8.8.8.8 8.8.4.4"}
|
||||
TRUSTSN=${TRUSTSN:-"192.168.0.0/16"}
|
||||
|
||||
THISIP=`/sbin/ifconfig eth0 | /bin/grep 'inet addr' | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $3}'`
|
||||
THISSN=`/sbin/ifconfig eth0 | /bin/grep 'inet addr' | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $7}'`
|
||||
TRSTIP=`/bin/ipcalc -n $THISIP $THISSN | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}'`
|
||||
TRSTPF=`/bin/ipcalc -p $THISIP $THISSN | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}'`
|
||||
|
||||
SSLPRIMARY=`echo $SSLDOMAINS | /usr/bin/tr ',' ' ' | /usr/bin/awk '{print $1}'`
|
||||
B_MODULI=${B_MODULI:-4096}
|
||||
cd /mnt/config/home || exit 1
|
||||
|
||||
# Build Configuration
|
||||
|
||||
if [[ ! -d /mnt/config/etc/nginx.d ]]; then
|
||||
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/etc/nginx.d
|
||||
fi
|
||||
|
||||
for NGF in /etc/nginx/nginx.d/*; do
|
||||
NGE="/mnt/config/etc/nginx.d/$(/usr/bin/basename -- $NGF)"
|
||||
NGE=/mnt/config/etc/nginx.d/$(/usr/bin/basename -- "$NGF")
|
||||
if [[ ! -f ${NGE} ]]; then
|
||||
/command/s6-setuidgid guardian /bin/cp ${NGF} ${NGE}
|
||||
|
||||
/bin/sed -i -e "s/127.0.0.1/${ADMINIP}/g" ${NGE}
|
||||
/bin/sed -i -e "s/example.net/${DOMAINNAME}/g" ${NGE}
|
||||
/bin/sed -i -e "s~ip_from 192.168.0.0/16~ip_from ${TRSTIP}/${TRSTPF}~g" ${NGE}
|
||||
/bin/sed -i -e "s~allow 192.168.0.0/16~allow ${TRUSTSN}~g" ${NGE}
|
||||
|
||||
if [[ ! -z "${SSLPRIMARY}" ]]; then
|
||||
/bin/sed -i -e 's/#NOSSL:/#/g' ${NGE}
|
||||
/bin/sed -i -e 's/#SSL://g' ${NGE}
|
||||
/command/s6-setuidgid guardian /bin/cp "${NGF}" "${NGE}"
|
||||
/bin/sed -i -e "s/127.0.0.1/${ADMINIP}/g" "${NGE}"
|
||||
/bin/sed -i -e "s/example.net/${DOMAINNAME}/g" "${NGE}"
|
||||
/bin/sed -i -e "s~ip_from 192.168.0.0/16~ip_from ${TRSTIP}/${TRSTPF}~g" "${NGE}"
|
||||
/bin/sed -i -e "s~allow 192.168.0.0/16~allow ${TRUSTSN}~g" "${NGE}"
|
||||
if [[ -n "${SSLPRIMARY}" ]]; then
|
||||
/bin/sed -i -e 's/#NOSSL:/#/g' "${NGE}"
|
||||
/bin/sed -i -e 's/#SSL://g' "${NGE}"
|
||||
else
|
||||
/bin/sed -i -e 's/#NOSSL://g' ${NGE}
|
||||
/bin/sed -i -e 's/#SSL:/#/g' ${NGE}
|
||||
/bin/sed -i -e 's/#NOSSL://g' "${NGE}"
|
||||
/bin/sed -i -e 's/#SSL:/#/g' "${NGE}"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
@ -43,8 +40,7 @@ done
|
|||
if [[ ! -f /mnt/config/etc/nginx.conf ]]; then
|
||||
/command/s6-setuidgid guardian /bin/cp /etc/nginx/nginx.conf /mnt/config/etc/nginx.conf
|
||||
/bin/sed -i -e "s~8.8.8.8 8.8.4.4~${DNSADDR}~g" /mnt/config/etc/nginx.conf
|
||||
|
||||
if [[ ! -z "${SSLPRIMARY}" ]]; then
|
||||
if [[ -n "${SSLPRIMARY}" ]]; then
|
||||
/bin/sed -i -e 's/#NOSSL:/#/g' /mnt/config/etc/nginx.conf
|
||||
/bin/sed -i -e 's/#SSL://g' /mnt/config/etc/nginx.conf
|
||||
else
|
||||
|
@ -53,14 +49,13 @@ if [[ ! -f /mnt/config/etc/nginx.conf ]]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
if [[ ! -z "${SSLPRIMARY}" ]]; then
|
||||
if [[ -n "${SSLPRIMARY}" ]]; then
|
||||
if [[ ! -d /mnt/config/ssl ]]; then
|
||||
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/ssl
|
||||
/command/s6-setuidgid guardian /bin/chmod 700 /mnt/config/ssl
|
||||
fi
|
||||
if [[ ! -f /mnt/config/ssl/dhparam.pem ]]; then
|
||||
export HOME=/mnt/config/home
|
||||
/command/s6-setuidgid guardian /usr/bin/openssl dhparam -out /mnt/config/ssl/dhparam.pem ${B_MODULI}
|
||||
/command/s6-setuidgid guardian /usr/bin/openssl dhparam -out /mnt/config/ssl/dhparam.pem "${B_MODULI}"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -83,19 +78,20 @@ if [[ -f /mnt/config/log/nginx-error.log ]]; then
|
|||
else
|
||||
/command/s6-setuidgid guardian /bin/touch /mnt/config/log/nginx-error.log
|
||||
fi
|
||||
if [[ -f /var/log/nginx/error.log ]]; then
|
||||
/bin/cat /var/log/nginx/error.log | /command/s6-setuidgid guardian /usr/bin/tee -a /mnt/config/log/nginx-error.log
|
||||
/bin/rm -f /var/log/nginx/error.log
|
||||
fi
|
||||
|
||||
# Create Web Directory
|
||||
|
||||
if [[ ! -d /mnt/config/www ]]; then
|
||||
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/www/default
|
||||
/command/s6-setuidgid guardian /bin/cp -Rn /var/www/html/* /mnt/config/www/default/
|
||||
if [[ -d /mnt/config/www ]]; then
|
||||
/command/s6-setuidgid guardian /bin/cp -Rn /var/www/html/* /mnt/config/www/default/
|
||||
fi
|
||||
fi
|
||||
|
||||
# Start Service
|
||||
|
||||
export HOME=/mnt/config/home
|
||||
exec /usr/sbin/nginx -c /mnt/config/etc/nginx.conf;
|
||||
if [[ -f /var/log/nginx/error.log ]]; then
|
||||
/bin/cat /var/log/nginx/error.log | /usr/bin/tee -a /mnt/config/log/nginx-error.log
|
||||
/bin/rm -f /var/log/nginx/error.log
|
||||
fi
|
||||
|
|
|
@ -4,62 +4,67 @@ if [[ -z "${SSLDOMAINS}" && ! -d /mnt/config/ssl ]]; then
|
|||
exit 0
|
||||
fi
|
||||
|
||||
B_RSA=${B_RSA:-4096}
|
||||
B_ECDSA=${B_ECDSA:-384}
|
||||
export HOME=/mnt/config/home
|
||||
export B_RSA=${B_RSA:-4096}
|
||||
export B_ECDSA=${B_ECDSA:-384}
|
||||
export CURDOMAINS=""
|
||||
|
||||
cd /mnt/config/home || exit 1
|
||||
|
||||
# Determine Need
|
||||
|
||||
if [[ ! -d /mnt/config/etc/certbot ]]; then
|
||||
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/etc/certbot
|
||||
fi
|
||||
echo "$SSLDOMAINS" > /mnt/config/etc/certbot/requested
|
||||
|
||||
if [[ ! -f /mnt/config/etc/certbot/configured ]]; then
|
||||
echo "" > /mnt/config/etc/certbot/configured
|
||||
if [[ -d /mnt/config/etc/certbot ]]; then
|
||||
/bin/echo "$SSLDOMAINS" | /command/s6-setuidgid guardian /usr/bin/tee /mnt/config/etc/certbot/requested
|
||||
fi
|
||||
if [[ -f /mnt/config/etc/certbot/configured ]]; then
|
||||
export CURDOMAINS=$(/usr/bin/head -1 /mnt/config/etc/certbot/configured)
|
||||
fi
|
||||
CURDOMAINS=`/usr/bin/head -1 /mnt/config/etc/certbot/configured`
|
||||
|
||||
if [[ -z "${SSLDOMAINS}" && -z "${CURDOMAINS}" ]]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Create Log Directory
|
||||
# Revoke Existing Certificates
|
||||
|
||||
if [[ ! -d /mnt/config/log ]]; then
|
||||
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/log
|
||||
fi
|
||||
|
||||
# Revoke Existing Certificates
|
||||
|
||||
if [[ ! -d /mnt/config/ssl/live ]]; then
|
||||
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/ssl/live
|
||||
fi
|
||||
if [[ -f /mnt/config/ssl/live/README ]]; then
|
||||
/bin/rm -f /mnt/config/ssl/live/README
|
||||
fi
|
||||
if [[ "x$SSLDOMAINS" != "x$CURDOMAINS" ]]; then
|
||||
if [[ "x$SSLDOMAINS" != "x$CURDOMAINS" && -d /mnt/config/ssl/live ]]; then
|
||||
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
|
||||
/bin/ls /mnt/config/ssl/live | /usr/bin/xargs -n1 -I{} /command/s6-setuidgid guardian /usr/bin/certbot revoke -n --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --cert-path "/mnt/config/ssl/live/{}/fullchain.pem" --reason superseded --work-dir /tmp/certbot
|
||||
/bin/ls /mnt/config/ssl/live | /usr/bin/xargs -n1 -I{} /command/s6-setuidgid guardian /usr/bin/certbot delete -n --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --cert-name "{}" --work-dir /tmp/certbot
|
||||
/bin/rm -rf /mnt/config/etc/certbot/configured
|
||||
if [[ -f /mnt/config/etc/certbot/configured ]]; then
|
||||
/bin/rm -rf /mnt/config/etc/certbot/configured
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Renew Or Create Certificates
|
||||
|
||||
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -eq 0 ]]; then
|
||||
if [[ ! -z "$SSLDOMAINS" && $SSLEMAIL == *@* ]]; then
|
||||
if [[ ${B_ECDSA} -gt 0 ]]; then
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --key-type ecdsa --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
|
||||
else
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --rsa-key-size ${B_RSA} --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
|
||||
fi
|
||||
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
|
||||
/command/s6-setuidgid guardian /bin/cp /mnt/config/etc/certbot/requested /mnt/config/etc/certbot/configured
|
||||
if [[ -d /mnt/config/ssl/live ]]; then
|
||||
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -eq 0 ]]; then
|
||||
if [[ -n "$SSLDOMAINS" && $SSLEMAIL == *@* && -f /mnt/config/etc/certbot/requested ]]; then
|
||||
if [[ ${B_ECDSA} -gt 0 ]]; then
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --key-type ecdsa --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
|
||||
else
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --rsa-key-size "${B_RSA}" --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
|
||||
fi
|
||||
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
|
||||
/command/s6-setuidgid guardian /bin/cp /mnt/config/etc/certbot/requested /mnt/config/etc/certbot/configured
|
||||
fi
|
||||
fi
|
||||
elif [[ ${B_ECDSA} -gt 0 ]]; then
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --key-type ecdsa --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
|
||||
else
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size "${B_RSA}" --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
|
||||
fi
|
||||
elif [[ ${B_ECDSA} -gt 0 ]]; then
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --key-type ecdsa --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
|
||||
else
|
||||
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size ${B_RSA} --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue