Initial commit

2025-08-17 21:45:52 +02:00 · 2025-08-17 21:45:52 +02:00 · b083f2b89c
commit b083f2b89c
5 changed files with 88 additions and 0 deletions
--- a/10
+++ b/10
@ -0,0 +1,10 @@
+FROM docker.io/neilpang/acme.sh:dev
+
+COPY --chmod=0755 docker-entrypoint.sh /docker-entrypoint.sh
+COPY --chmod=0755 scripts/ /opt/scripts/
+
+ENV ACME_SERVER=letsencrypt
+
+EXPOSE 80
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
--- a/README.md
+++ b/README.md
@ -0,0 +1,11 @@
+Quick tutorial:
+1. set `DOMAINS` and `SERVER_x` (can be multiple)
+2. run
+3. good to go
+
+Quirks:
+- alpha
+- runs as root inside container
+- adding / removing domains not supported
+
+TODO: Use certbot. It should be easier to extend with Python 3.
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -euo pipefail
+
+if cat /trusted-certificates/* >> /etc/ssl/certs/ca-certificates.crt; then
+    echo "One or more trusted certificates have been copied"
+fi
+
+if ! [ -f /acme.sh/renewer-setup ]; then
+    echo "Performing initial setup"
+    /opt/scripts/initial-setup.sh
+fi
+
+echo "Renewer welcomes you"
+
+# trap 'exit' INT TODO something like this
+/entry.sh daemon
--- a/scripts/initial-setup.sh
+++ b/scripts/initial-setup.sh
@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -euo pipefail
+
+: "${DOMAINS?Error: DOMAINS environment variable is not set.}"
+
+acme.sh --register-account --server $ACME_SERVER
+
+for domain in ${DOMAINS//,/ }; do
+    acme.sh --issue --standalone -d $domain --server $ACME_SERVER
+
+    acme.sh --install-cert -d $domain \
+        --key-file       /tmp/${domain}_key.pem  \
+        --fullchain-file /tmp/${domain}_cert.pem \
+        --reloadcmd     "/opt/scripts/upload-certificate.sh \"$domain\""
+done
+
--- a/scripts/upload-certificate.sh
+++ b/scripts/upload-certificate.sh
@ -0,0 +1,33 @@
+#!/bin/sh
+
+#set -euo pipefail
+
+domain=$1
+: "${1?Error: Please specify a domain.}"
+
+PRIVATE_KEY_FILE=/tmp/${domain}_key.pem
+CERTIFICATE_FILE=/tmp/${domain}_cert.pem
+
+env | while read -r line; do
+    case "$line" in
+        SERVER_*)
+            ;;
+        *)
+            continue
+            ;;
+    esac
+
+    value="${line#*=}"
+
+    url="${value%% *}"
+    key="${value#* }"
+
+    echo "Uploading to $url"
+
+    curl -H "Authorization: Bearer $key" -X POST -F "private_key=@$PRIVATE_KEY_FILE" -F "certificate=@$CERTIFICATE_FILE" $url/certificate/$domain
+    curl -H "Authorization: Bearer $key" $url/reload
+done
+
+rm $PRIVATE_KEY_FILE $CERTIFICATE_FILE
+
+touch /acme.sh/renewer-setup