m724/website-assistant-renewer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
Minecon724 2025-08-17 21:45:52 +02:00
commit b083f2b89c
Signed by untrusted user who does not match committer: m724
GPG key ID: A02E6E67AB961189
5 changed files with 88 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Containerfile Normal file
View file

@ -0,0 +1,10 @@
FROM docker.io/neilpang/acme.sh:dev
COPY --chmod=0755 docker-entrypoint.sh /docker-entrypoint.sh
COPY --chmod=0755 scripts/ /opt/scripts/
ENV ACME_SERVER=letsencrypt
EXPOSE 80
ENTRYPOINT ["/docker-entrypoint.sh"]

11
README.md Normal file
View file

@ -0,0 +1,11 @@
Quick tutorial:
1. set `DOMAINS` and `SERVER_x` (can be multiple)
2. run
3. good to go
Quirks:
- alpha
- runs as root inside container
- adding / removing domains not supported
TODO: Use certbot. It should be easier to extend with Python 3.

17
docker-entrypoint.sh Normal file
View file

@ -0,0 +1,17 @@
#!/bin/sh
set -euo pipefail
if cat /trusted-certificates/* >> /etc/ssl/certs/ca-certificates.crt; then
echo "One or more trusted certificates have been copied"
fi
if ! [ -f /acme.sh/renewer-setup ]; then
echo "Performing initial setup"
/opt/scripts/initial-setup.sh
fi
echo "Renewer welcomes you"
# trap 'exit' INT TODO something like this
/entry.sh daemon

17
scripts/initial-setup.sh Normal file
View file

@ -0,0 +1,17 @@
#!/bin/sh
set -euo pipefail
: "${DOMAINS?Error: DOMAINS environment variable is not set.}"
acme.sh --register-account --server $ACME_SERVER
for domain in ${DOMAINS//,/ }; do
acme.sh --issue --standalone -d $domain --server $ACME_SERVER
acme.sh --install-cert -d $domain \
--key-file /tmp/${domain}_key.pem \
--fullchain-file /tmp/${domain}_cert.pem \
--reloadcmd "/opt/scripts/upload-certificate.sh \"$domain\""
done

33
scripts/upload-certificate.sh Executable file
View file

@ -0,0 +1,33 @@
#!/bin/sh
#set -euo pipefail
domain=$1
: "${1?Error: Please specify a domain.}"
PRIVATE_KEY_FILE=/tmp/${domain}_key.pem
CERTIFICATE_FILE=/tmp/${domain}_cert.pem
env | while read -r line; do
case "$line" in
SERVER_*)
;;
*)
continue
;;
esac
value="${line#*=}"
url="${value%% *}"
key="${value#* }"
echo "Uploading to $url"
curl -H "Authorization: Bearer $key" -X POST -F "private_key=@$PRIVATE_KEY_FILE" -F "certificate=@$CERTIFICATE_FILE" $url/certificate/$domain
curl -H "Authorization: Bearer $key" $url/reload
done
rm $PRIVATE_KEY_FILE $CERTIFICATE_FILE
touch /acme.sh/renewer-setup