added external volume mounts and removes some
This commit is contained in:
@@ -25,12 +25,7 @@
|
|||||||
"SOURCE": "/etc/system/data/dns/hosts.local",
|
"SOURCE": "/etc/system/data/dns/hosts.local",
|
||||||
"DEST": "/etc/dns/hosts.local",
|
"DEST": "/etc/dns/hosts.local",
|
||||||
"TYPE": "ro"
|
"TYPE": "ro"
|
||||||
},
|
}
|
||||||
{
|
|
||||||
"SOURCE": "/var/run/docker.sock",
|
|
||||||
"DEST": "/var/run/docker.sock",
|
|
||||||
"TYPE": "rw"
|
|
||||||
}
|
|
||||||
],
|
],
|
||||||
"PORTS": [ ],
|
"PORTS": [ ],
|
||||||
"READYNESS": [
|
"READYNESS": [
|
||||||
|
|||||||
@@ -21,7 +21,7 @@
|
|||||||
"NETWORK": "letsencrypt",
|
"NETWORK": "letsencrypt",
|
||||||
"VOLUMES": [
|
"VOLUMES": [
|
||||||
{
|
{
|
||||||
"SOURCE": "/etc/ssl/keys/",
|
"SOURCE": "/etc/system/ssl/keys/",
|
||||||
"DEST": "/acme.sh/",
|
"DEST": "/acme.sh/",
|
||||||
"TYPE": "rw"
|
"TYPE": "rw"
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -14,11 +14,6 @@
|
|||||||
{
|
{
|
||||||
"SOURCE": "/etc/user/config/services",
|
"SOURCE": "/etc/user/config/services",
|
||||||
"DEST": "/etc/user/config/services",
|
"DEST": "/etc/user/config/services",
|
||||||
"TYPE": "ro"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"SOURCE": "/etc/user/config/services/tmp",
|
|
||||||
"DEST": "/etc/user/config/services/tmp",
|
|
||||||
"TYPE": "rw"
|
"TYPE": "rw"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -40,54 +40,44 @@ else
|
|||||||
DOCKER_REGISTRY_URL="";
|
DOCKER_REGISTRY_URL="";
|
||||||
fi
|
fi
|
||||||
|
|
||||||
DNS_DIR="/etc/system/data/dns";
|
|
||||||
DNS="--env DNS_DIR=$DNS_DIR";
|
|
||||||
DNS_PATH="--volume $DNS_DIR:/etc/dns:rw";
|
|
||||||
|
|
||||||
CA_PATH=/etc/ssl/certs;
|
|
||||||
CA="--env CA_PATH=$CA_PATH";
|
|
||||||
CA_FILE="--volume $CA_PATH:$CA_PATH:ro";
|
|
||||||
|
|
||||||
|
|
||||||
service_exec="docker run --rm \
|
service_exec="docker run --rm \
|
||||||
$DNS $DNS_PATH \
|
|
||||||
$CA $CA_FILE \
|
|
||||||
-w /services/ \
|
-w /services/ \
|
||||||
-v $SOURCE/system.json:/etc/user/config/system.json:ro \
|
--mount src=SYSTEM_DATA,dst=/etc/ssl/certs,volume-subpath=ssl/certs,ro \
|
||||||
-v $SOURCE/user.json:/etc/user/config/user.json:ro \
|
--mount src=SYSTEM_DATA,dst=/etc/dns/hosts.local,volume-subpath=dns/hosts.local,ro \
|
||||||
-v $SERVICE_FILES/tmp:/services:rw \
|
--mount src=USER_CONFIG,dst=/services,volume-subpath=services/tmp \
|
||||||
|
--mount src=USER_CONFIG,dst=/etc/user/config/system.json,volume-subpath=system.json,ro \
|
||||||
|
--mount src=USER_CONFIG,dst=/etc/user/config/user.json,volume-subpath=user.json,ro \
|
||||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
--env DOCKER_REGISTRY_URL=$DOCKER_REGISTRY_URL \
|
--env DOCKER_REGISTRY_URL=$DOCKER_REGISTRY_URL \
|
||||||
$DOCKER_REGISTRY_URL$SETUP"
|
$DOCKER_REGISTRY_URL$SETUP"
|
||||||
|
|
||||||
|
|
||||||
letsencrypt_certificates() {
|
letsencrypt_certificates() {
|
||||||
|
|
||||||
#cd /
|
#cd /
|
||||||
|
|
||||||
for retries in $(seq 0 $((RESTART + 1))); do
|
for retries in $(seq 0 $((RESTART + 1))); do
|
||||||
if [[ $retries -le $RESTART ]] ; then
|
if [[ $retries -le $RESTART ]] ; then
|
||||||
|
|
||||||
LETS_ENCRYPT_VALUE="$(docker ps | grep letsencrypt | grep Up | wc -l)";
|
LETS_ENCRYPT_VALUE="$(docker ps | grep letsencrypt | grep Up | wc -l)";
|
||||||
if [[ $LETS_ENCRYPT_VALUE -eq 0 ]] ; then
|
if [[ $LETS_ENCRYPT_VALUE -eq 0 ]] ; then
|
||||||
echo "Starting letsencrypt process";
|
echo "Starting letsencrypt process";
|
||||||
cp -av /firewall-files/firewall-letsencrypt.json /tmp/;
|
mkdir -p $SERVICE_FILES/tmp/tmp
|
||||||
LETSENCRYPT_TEMP_SERVICE_FILE=$(mktemp -p /tmp/)".json";
|
cp -av /firewall-files/firewall-letsencrypt.json $SERVICE_FILES/tmp/;
|
||||||
ENVS='[
|
LETSENCRYPT_TEMP_SERVICE_FILE=$(mktemp -p $SERVICE_FILES/tmp/);
|
||||||
{"DOMAIN": "'$DOMAIN'"},
|
ENVS='[
|
||||||
{"TIMEOUT": "'$TIMEOUT'"},
|
{"DOMAIN": "'$DOMAIN'"},
|
||||||
{"RESTART": "'$RESTART'"}
|
{"TIMEOUT": "'$TIMEOUT'"},
|
||||||
]';
|
{"RESTART": "'$RESTART'"}
|
||||||
VOLUMES='
|
]';
|
||||||
{
|
VOLUMES='
|
||||||
"SOURCE": "/etc/user/config/user.json",
|
{
|
||||||
"DEST": "/etc/user/config/user.json",
|
"SOURCE": "/etc/user/config/user.json",
|
||||||
"TYPE": "ro"
|
"DEST": "/etc/user/config/user.json",
|
||||||
}
|
"TYPE": "ro"
|
||||||
';
|
}
|
||||||
jq '.containers[0].ENVS |='"$ENVS"' | .containers[0].VOLUMES[.containers[0].VOLUMES|length]|='"$VOLUMES" $SERVICE_FILES/$LETSENCRYPT_SERVICE_NAME > $LETSENCRYPT_TEMP_SERVICE_FILE;
|
';
|
||||||
$service_exec $(basename ${LETSENCRYPT_TEMP_SERVICE_FILE%.*}) start info prechecked;
|
jq '.containers[0].ENVS |='"$ENVS"' | .containers[0].VOLUMES[.containers[0].VOLUMES|length]|='"$VOLUMES" $SERVICE_FILES/$LETSENCRYPT_SERVICE_NAME > $LETSENCRYPT_TEMP_SERVICE_FILE.json;
|
||||||
rm -v /tmp/firewall-letsencrypt.json ;
|
$service_exec $(basename $LETSENCRYPT_TEMP_SERVICE_FILE) start info prechecked; rm -v $SERVICE_FILES/tmp/firewall-letsencrypt.json ;
|
||||||
break;
|
break;
|
||||||
else
|
else
|
||||||
echo "Waiting "$TIMEOUT" second for previous letsencrypt process ending";
|
echo "Waiting "$TIMEOUT" second for previous letsencrypt process ending";
|
||||||
|
|||||||
Reference in New Issue
Block a user