Commit 34872925 authored by Dashamir Hoxha's avatar Dashamir Hoxha

Improve getting a ssl cert

parent 67ceb627
......@@ -28,7 +28,6 @@ cmd_create() {
--restart=unless-stopped \
--mount type=bind,source=$(pwd),destination=/host \
$(_systemd_config $nosystemd) \
$(_mount_letsencrypt_dirs) \
$(_published_ports) \
$(_network_and_aliases) \
"[email protected]" $IMAGE
......@@ -61,34 +60,6 @@ _systemd_config() {
echo "$systemd_options"
}
### return 1 (false) if we don't need to get a ssl cert
### otherwise return 0 (true)
needs_ssl_cert() {
[[ -z $SSL_CERT_EMAIL ]] && return 1
[[ -z $DOMAIN ]] && return 1
[[ $DOMAIN =~ ^(.*\.)?example\.org$ ]] && return 1
[[ $DOMAIN =~ ^(.*\.)?example\.com$ ]] && return 1
[[ $DOMAIN =~ \.local$ ]] && return 1
return 0
}
### mount letsencrypt config dirs
_mount_letsencrypt_dirs() {
needs_ssl_cert || return
local wsproxy=${WSPROXY:-wsproxy}
local certdir="$CONTAINERS/$wsproxy/letsencrypt"
[[ ${wsproxy:0:1} == '/' ]] && certdir="$wsproxy/letsencrypt"
mkdir -p $certdir/archive $certdir/live
local mount_dirs=''
mount_dirs+=" --mount type=bind,src=$certdir/archive,dst=/etc/letsencrypt/archive,readonly"
mount_dirs+=" --mount type=bind,src=$certdir/live,dst=/etc/letsencrypt/live,readonly"
echo "$mount_dirs"
}
### published ports
_published_ports() {
[[ -n $PORTS ]] || return
......@@ -124,8 +95,40 @@ _add_domains_to_wsproxy() {
ds @$wsproxy domains-add $CONTAINER $DOMAIN $DOMAINS
}
### return 1 (false) if the domain is not a real one
### otherwise return 0 (true)
is_real_domain() {
local domain=$1
[[ -z $domain ]] && return 1
[[ $domain =~ ^(.*\.)?example\.org$ ]] && return 1
[[ $domain =~ ^(.*\.)?example\.com$ ]] && return 1
[[ $domain =~ \.local$ ]] && return 1
return 0
}
### return 1 (false) if the email is not a real one
### otherwise return 0 (true)
is_real_email() {
local email=$1
[[ -z $email ]] && return 1
[[ $email =~ \.example\.org$ ]] && return 1
[[ $email =~ \.example\.com$ ]] && return 1
return 0
}
### get a ssl cert from letsencrypt
_get_ssl_cert_from_letsencrypt() {
needs_ssl_cert || return
ds @wsproxy get-ssl-cert $SSL_CERT_EMAIL $DOMAIN
is_real_domain $DOMAIN || return
local email=${SSL_CERT_EMAIL:-${ADMIN_EMAIL:-$GMAIL_ADDRESS}}
is_real_email $email || return
for domain in $DOMAIN $DOMAINS; do
is_real_domain $domain || continue
ds @wsproxy get-ssl-cert $email $domain
done
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment