diff --git a/firewall-letsencrypt.json b/firewall-letsencrypt.json index 692c726..a26862b 100644 --- a/firewall-letsencrypt.json +++ b/firewall-letsencrypt.json @@ -25,12 +25,7 @@ "SOURCE": "/etc/system/data/dns/hosts.local", "DEST": "/etc/dns/hosts.local", "TYPE": "ro" - }, - { - "SOURCE": "/var/run/docker.sock", - "DEST": "/var/run/docker.sock", - "TYPE": "rw" - } + } ], "PORTS": [ ], "READYNESS": [ diff --git a/letsencrypt.json b/letsencrypt.json index 32b0a81..eaf9602 100644 --- a/letsencrypt.json +++ b/letsencrypt.json @@ -21,7 +21,7 @@ "NETWORK": "letsencrypt", "VOLUMES": [ { - "SOURCE": "/etc/ssl/keys/", + "SOURCE": "/etc/system/ssl/keys/", "DEST": "/acme.sh/", "TYPE": "rw" }, diff --git a/proxy-scheduler.json b/proxy-scheduler.json index 8781694..7faa251 100644 --- a/proxy-scheduler.json +++ b/proxy-scheduler.json @@ -14,11 +14,6 @@ { "SOURCE": "/etc/user/config/services", "DEST": "/etc/user/config/services", - "TYPE": "ro" - }, - { - "SOURCE": "/etc/user/config/services/tmp", - "DEST": "/etc/user/config/services/tmp", "TYPE": "rw" }, { diff --git a/scripts/check_certificates.sh b/scripts/check_certificates.sh index 55c2489..300e5c3 100755 --- a/scripts/check_certificates.sh +++ b/scripts/check_certificates.sh @@ -40,54 +40,44 @@ else DOCKER_REGISTRY_URL=""; fi - DNS_DIR="/etc/system/data/dns"; - DNS="--env DNS_DIR=$DNS_DIR"; - DNS_PATH="--volume $DNS_DIR:/etc/dns:rw"; - - CA_PATH=/etc/ssl/certs; - CA="--env CA_PATH=$CA_PATH"; - CA_FILE="--volume $CA_PATH:$CA_PATH:ro"; - - service_exec="docker run --rm \ -$DNS $DNS_PATH \ -$CA $CA_FILE \ -w /services/ \ --v $SOURCE/system.json:/etc/user/config/system.json:ro \ --v $SOURCE/user.json:/etc/user/config/user.json:ro \ --v $SERVICE_FILES/tmp:/services:rw \ +--mount src=SYSTEM_DATA,dst=/etc/ssl/certs,volume-subpath=ssl/certs,ro \ +--mount src=SYSTEM_DATA,dst=/etc/dns/hosts.local,volume-subpath=dns/hosts.local,ro \ +--mount src=USER_CONFIG,dst=/services,volume-subpath=services/tmp \ +--mount src=USER_CONFIG,dst=/etc/user/config/system.json,volume-subpath=system.json,ro \ +--mount src=USER_CONFIG,dst=/etc/user/config/user.json,volume-subpath=user.json,ro \ -v /var/run/docker.sock:/var/run/docker.sock \ --env DOCKER_REGISTRY_URL=$DOCKER_REGISTRY_URL \ -$DOCKER_REGISTRY_URL$SETUP" - - -letsencrypt_certificates() { - - #cd / - - for retries in $(seq 0 $((RESTART + 1))); do - if [[ $retries -le $RESTART ]] ; then - - LETS_ENCRYPT_VALUE="$(docker ps | grep letsencrypt | grep Up | wc -l)"; - if [[ $LETS_ENCRYPT_VALUE -eq 0 ]] ; then - echo "Starting letsencrypt process"; - cp -av /firewall-files/firewall-letsencrypt.json /tmp/; - LETSENCRYPT_TEMP_SERVICE_FILE=$(mktemp -p /tmp/)".json"; - ENVS='[ - {"DOMAIN": "'$DOMAIN'"}, - {"TIMEOUT": "'$TIMEOUT'"}, - {"RESTART": "'$RESTART'"} - ]'; - VOLUMES=' - { - "SOURCE": "/etc/user/config/user.json", - "DEST": "/etc/user/config/user.json", - "TYPE": "ro" - } - '; - jq '.containers[0].ENVS |='"$ENVS"' | .containers[0].VOLUMES[.containers[0].VOLUMES|length]|='"$VOLUMES" $SERVICE_FILES/$LETSENCRYPT_SERVICE_NAME > $LETSENCRYPT_TEMP_SERVICE_FILE; - $service_exec $(basename ${LETSENCRYPT_TEMP_SERVICE_FILE%.*}) start info prechecked; - rm -v /tmp/firewall-letsencrypt.json ; +$DOCKER_REGISTRY_URL$SETUP" + +letsencrypt_certificates() { + + #cd / + + for retries in $(seq 0 $((RESTART + 1))); do + if [[ $retries -le $RESTART ]] ; then + + LETS_ENCRYPT_VALUE="$(docker ps | grep letsencrypt | grep Up | wc -l)"; + if [[ $LETS_ENCRYPT_VALUE -eq 0 ]] ; then + echo "Starting letsencrypt process"; + mkdir -p $SERVICE_FILES/tmp/tmp + cp -av /firewall-files/firewall-letsencrypt.json $SERVICE_FILES/tmp/; + LETSENCRYPT_TEMP_SERVICE_FILE=$(mktemp -p $SERVICE_FILES/tmp/); + ENVS='[ + {"DOMAIN": "'$DOMAIN'"}, + {"TIMEOUT": "'$TIMEOUT'"}, + {"RESTART": "'$RESTART'"} + ]'; + VOLUMES=' + { + "SOURCE": "/etc/user/config/user.json", + "DEST": "/etc/user/config/user.json", + "TYPE": "ro" + } + '; + jq '.containers[0].ENVS |='"$ENVS"' | .containers[0].VOLUMES[.containers[0].VOLUMES|length]|='"$VOLUMES" $SERVICE_FILES/$LETSENCRYPT_SERVICE_NAME > $LETSENCRYPT_TEMP_SERVICE_FILE.json; + $service_exec $(basename $LETSENCRYPT_TEMP_SERVICE_FILE) start info prechecked; rm -v $SERVICE_FILES/tmp/firewall-letsencrypt.json ; break; else echo "Waiting "$TIMEOUT" second for previous letsencrypt process ending";