safebox/proxy-scheduler
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added external volume mounts and removes some

Browse Source
This commit is contained in:
Gyorgy Berenyi
2024-11-23 12:40:45 +01:00
parent 4e8db26524
commit 3466187280
4 changed files with 36 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
firewall-letsencrypt.json
View File

@@ -25,11 +25,6 @@
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
}
],
"PORTS": [ ],

2
letsencrypt.json
View File

@@ -21,7 +21,7 @@
"NETWORK": "letsencrypt",
"VOLUMES": [
{
"SOURCE": "/etc/ssl/keys/",
"SOURCE": "/etc/system/ssl/keys/",
"DEST": "/acme.sh/",
"TYPE": "rw"
},

5
proxy-scheduler.json
View File

@@ -14,11 +14,6 @@
{
"SOURCE": "/etc/user/config/services",
"DEST": "/etc/user/config/services",
"TYPE": "ro"
},
{
"SOURCE": "/etc/user/config/services/tmp",
"DEST": "/etc/user/config/services/tmp",
"TYPE": "rw"
},
{

30
scripts/check_certificates.sh
View File

@@ -40,27 +40,17 @@ else
DOCKER_REGISTRY_URL="";
fi
DNS_DIR="/etc/system/data/dns";
DNS="--env DNS_DIR=$DNS_DIR";
DNS_PATH="--volume $DNS_DIR:/etc/dns:rw";
CA_PATH=/etc/ssl/certs;
CA="--env CA_PATH=$CA_PATH";
CA_FILE="--volume $CA_PATH:$CA_PATH:ro";
service_exec="docker run --rm \
$DNS $DNS_PATH \
$CA $CA_FILE \
-w /services/ \
-v $SOURCE/system.json:/etc/user/config/system.json:ro \
-v $SOURCE/user.json:/etc/user/config/user.json:ro \
-v $SERVICE_FILES/tmp:/services:rw \
--mount src=SYSTEM_DATA,dst=/etc/ssl/certs,volume-subpath=ssl/certs,ro \
--mount src=SYSTEM_DATA,dst=/etc/dns/hosts.local,volume-subpath=dns/hosts.local,ro \
--mount src=USER_CONFIG,dst=/services,volume-subpath=services/tmp \
--mount src=USER_CONFIG,dst=/etc/user/config/system.json,volume-subpath=system.json,ro \
--mount src=USER_CONFIG,dst=/etc/user/config/user.json,volume-subpath=user.json,ro \
-v /var/run/docker.sock:/var/run/docker.sock \
--env DOCKER_REGISTRY_URL=$DOCKER_REGISTRY_URL \
$DOCKER_REGISTRY_URL$SETUP"
letsencrypt_certificates() {
#cd /
@@ -71,8 +61,9 @@ letsencrypt_certificates() {
LETS_ENCRYPT_VALUE="$(docker ps | grep letsencrypt | grep Up | wc -l)";
if [[ $LETS_ENCRYPT_VALUE -eq 0 ]] ; then
echo "Starting letsencrypt process";
cp -av /firewall-files/firewall-letsencrypt.json /tmp/;
LETSENCRYPT_TEMP_SERVICE_FILE=$(mktemp -p /tmp/)".json";
mkdir -p $SERVICE_FILES/tmp/tmp
cp -av /firewall-files/firewall-letsencrypt.json $SERVICE_FILES/tmp/;
LETSENCRYPT_TEMP_SERVICE_FILE=$(mktemp -p $SERVICE_FILES/tmp/);
ENVS='[
{"DOMAIN": "'$DOMAIN'"},
{"TIMEOUT": "'$TIMEOUT'"},
@@ -85,9 +76,8 @@ letsencrypt_certificates() {
"TYPE": "ro"
}
';
jq '.containers[0].ENVS |='"$ENVS"' | .containers[0].VOLUMES[.containers[0].VOLUMES|length]|='"$VOLUMES" $SERVICE_FILES/$LETSENCRYPT_SERVICE_NAME > $LETSENCRYPT_TEMP_SERVICE_FILE;
$service_exec $(basename ${LETSENCRYPT_TEMP_SERVICE_FILE%.*}) start info prechecked;
rm -v /tmp/firewall-letsencrypt.json ;
jq '.containers[0].ENVS |='"$ENVS"' | .containers[0].VOLUMES[.containers[0].VOLUMES|length]|='"$VOLUMES" $SERVICE_FILES/$LETSENCRYPT_SERVICE_NAME > $LETSENCRYPT_TEMP_SERVICE_FILE.json;
$service_exec $(basename $LETSENCRYPT_TEMP_SERVICE_FILE) start info prechecked; rm -v $SERVICE_FILES/tmp/firewall-letsencrypt.json ;
break;
else
echo "Waiting "$TIMEOUT" second for previous letsencrypt process ending";