Merge commit 'e4ef4a340dbee48b75b3760a6892d10da4bb68dd'
This commit is contained in:
parent
ec63c9db5f
commit
39442586b8
|
@ -3,7 +3,7 @@ services :
|
|||
build :
|
||||
context : .
|
||||
volumes :
|
||||
- ./util/local_ssl:/etc/nginx/certs:ro
|
||||
- ./util/local_ssl:/etc/nginx/certs
|
||||
- ./vendor:/var/azuracast/www/vendor
|
||||
- .:/var/azuracast/www
|
||||
extra_hosts:
|
||||
|
|
|
@ -37,7 +37,7 @@ services:
|
|||
PGID: ${AZURACAST_PGID:-1000}
|
||||
volumes:
|
||||
- letsencrypt:/etc/nginx/certs
|
||||
- letsencrypt_internal:/etc/acme.sh
|
||||
- letsencrypt_acme:/etc/acme.sh
|
||||
- www_vendor:/var/azuracast/www/vendor
|
||||
- www_uploads:/var/azuracast/uploads
|
||||
- tmp_data:/var/azuracast/www_tmp
|
||||
|
@ -262,7 +262,7 @@ networks:
|
|||
volumes:
|
||||
db_data: { }
|
||||
letsencrypt: { }
|
||||
letsencrypt_internal: { }
|
||||
letsencrypt_acme: { }
|
||||
shoutcast2_install: { }
|
||||
geolite_install: { }
|
||||
sftpgo_data: { }
|
||||
|
|
|
@ -442,7 +442,7 @@ install-dev() {
|
|||
fi
|
||||
fi
|
||||
|
||||
if [[ ! -d ../docker-azuracast-nginx-proxy ]]; then
|
||||
if [[ ! -d ../docker-azuracast-radio ]]; then
|
||||
if ask "Clone related repositories?" Y; then
|
||||
git clone https://github.com/AzuraCast/docker-azuracast-db.git ../docker-azuracast-db
|
||||
git clone https://github.com/AzuraCast/docker-azuracast-redis.git ../docker-azuracast-redis
|
||||
|
|
|
@ -27,9 +27,14 @@ class CertificateLocator
|
|||
}
|
||||
}
|
||||
|
||||
$generatedKey = $certBase . '/ssl.key';
|
||||
$generatedCert = $certBase . '/ssl.crt';
|
||||
if (file_exists($generatedKey) && file_exists($generatedCert)) {
|
||||
return new Certificate($generatedKey, $generatedCert);
|
||||
}
|
||||
|
||||
$defaultKey = $certBase . '/default.key';
|
||||
$defaultCert = $certBase . '/default.crt';
|
||||
|
||||
if (file_exists($defaultKey) && file_exists($defaultCert)) {
|
||||
return new Certificate($defaultKey, $defaultCert);
|
||||
}
|
||||
|
|
|
@ -68,8 +68,13 @@ server {
|
|||
listen 80;
|
||||
listen 443 default_server http2 ssl;
|
||||
|
||||
{{if exists "/etc/nginx/certs/ssl.crt"}}
|
||||
ssl_certificate /etc/nginx/certs/ssl.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/ssl.key;
|
||||
{{else}}
|
||||
ssl_certificate /etc/nginx/certs/default.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/default.key;
|
||||
{{end}}
|
||||
|
||||
ssl_protocols TLSv1.3 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
|
|
@ -16,6 +16,47 @@ function lc() {
|
|||
echo "${@,,}"
|
||||
}
|
||||
|
||||
function create_link {
|
||||
local -r source=${1?missing source argument}
|
||||
local -r target=${2?missing target argument}
|
||||
|
||||
if [[ -f "$target" ]] && [[ "$(readlink "$target")" == "$source" ]]; then
|
||||
[[ "$DEBUG" == 1 ]] && echo "$target already linked to $source"
|
||||
return 1
|
||||
else
|
||||
ln -sf "$source" "$target"
|
||||
fi
|
||||
}
|
||||
|
||||
function create_links {
|
||||
local -r base_domain=${1?missing base_domain argument}
|
||||
|
||||
if [[ ! -f "/etc/nginx/certs/$base_domain/fullchain.pem" || \
|
||||
! -f "/etc/nginx/certs/$base_domain/key.pem" ]]; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
local return_code=1
|
||||
|
||||
create_link "./$base_domain/fullchain.pem" "/etc/nginx/certs/ssl.crt"
|
||||
return_code=$(( return_code & $? ))
|
||||
|
||||
create_link "./$base_domain/key.pem" "/etc/nginx/certs/ssl.key"
|
||||
return_code=$(( return_code & $? ))
|
||||
|
||||
if [[ -f "/etc/nginx/certs/dhparam.pem" ]]; then
|
||||
create_link ./dhparam.pem "/etc/nginx/certs/ssl.dhparam.pem"
|
||||
return_code=$(( return_code & $? ))
|
||||
fi
|
||||
|
||||
if [[ -f "/etc/nginx/certs/$base_domain/chain.pem" ]]; then
|
||||
create_link "./$base_domain/chain.pem" "/etc/nginx/certs/ssl.chain.pem"
|
||||
return_code=$(( return_code & $? ))
|
||||
fi
|
||||
|
||||
return $return_code
|
||||
}
|
||||
|
||||
CERTS_UPDATE_INTERVAL="${CERTS_UPDATE_INTERVAL:-3600}"
|
||||
ACME_CA_URI="${ACME_CA_URI:-"https://acme-v02.api.letsencrypt.org/directory"}"
|
||||
ACME_CA_TEST_URI="https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
|
@ -113,15 +154,16 @@ function update_cert {
|
|||
unset accountemail
|
||||
config_home="/etc/acme.sh/staging"
|
||||
# Prefix test certificate directory with _test_
|
||||
certificate_dir="/etc/nginx/certs/_test_"
|
||||
certificate_dir="/etc/nginx/certs/_test_$base_domain"
|
||||
else
|
||||
certificate_dir="/etc/nginx/certs"
|
||||
certificate_dir="/etc/nginx/certs/$base_domain"
|
||||
fi
|
||||
|
||||
params_issue_arr+=( \
|
||||
--cert-file "${certificate_dir}/default.crt" \
|
||||
--key-file "${certificate_dir}/default.key" \
|
||||
--reloadcmd "/usr/local/bin/on_ssl_renewal" \
|
||||
--cert-file "${certificate_dir}/cert.pem" \
|
||||
--key-file "${certificate_dir}/key.pem" \
|
||||
--ca-file "${certificate_dir}/chain.pem" \
|
||||
--fullchain-file "${certificate_dir}/fullchain.pem" \
|
||||
)
|
||||
|
||||
[[ ! -d "$config_home" ]] && mkdir -p "$config_home"
|
||||
|
@ -176,6 +218,28 @@ function update_cert {
|
|||
[[ "$DEBUG" == 1 ]] && echo "Calling acme.sh --issue with the following parameters : ${params_issue_arr[*]}"
|
||||
echo "Creating/renewal $base_domain certificates... (${hosts_array[*]})"
|
||||
acme.sh --issue "${params_issue_arr[@]}"
|
||||
|
||||
local acmesh_return=$?
|
||||
local should_reload_nginx='false'
|
||||
|
||||
# 0 = success, 2 = RENEW_SKIP
|
||||
if [[ $acmesh_return == 0 || $acmesh_return == 2 ]]; then
|
||||
if [[ $acme_ca_uri =~ ^https://acme-staging.* ]]; then
|
||||
create_links "_test_$base_domain" \
|
||||
&& should_reload_nginx='true'
|
||||
else
|
||||
create_links "$base_domain" \
|
||||
&& should_reload_nginx='true'
|
||||
fi
|
||||
|
||||
[[ $acmesh_return -eq 0 ]] \
|
||||
&& should_reload_nginx='true'
|
||||
fi
|
||||
|
||||
if [[ "$should_reload_nginx" == 'true' ]]; then
|
||||
echo "Reloading nginx..."
|
||||
on_ssl_renewal
|
||||
fi
|
||||
}
|
||||
|
||||
if [ ! -z "$VIRTUAL_HOST" ]; then
|
||||
|
|
|
@ -1,3 +1,22 @@
|
|||
#!/bin/bash
|
||||
|
||||
bool() {
|
||||
case "$1" in
|
||||
Y* | y* | true | TRUE | 1) return 0 ;;
|
||||
esac
|
||||
return 1
|
||||
}
|
||||
|
||||
ENABLE_REDIS=${ENABLE_REDIS:-false}
|
||||
if bool "$ENABLE_REDIS"; then
|
||||
ENABLE_REDIS=true
|
||||
else
|
||||
ENABLE_REDIS=false
|
||||
fi
|
||||
|
||||
export ENABLE_REDIS
|
||||
|
||||
# Copy the nginx template to its destination.
|
||||
dockerize -template "/etc/nginx/azuracast.conf.tmpl:/etc/nginx/conf.d/azuracast.conf"
|
||||
|
||||
exec nginx -g "daemon off;"
|
||||
|
|
|
@ -2,6 +2,20 @@
|
|||
|
||||
echo 'Spinning up SFTP process...'
|
||||
|
||||
if [[ ! -f /var/azuracast/sftpgo/persist/id_rsa ]]; then
|
||||
ssh-keygen -t rsa -b 4096 -f /var/azuracast/sftpgo/persist/id_rsa -q -N ""
|
||||
fi
|
||||
|
||||
if [[ ! -f /var/azuracast/sftpgo/persist/id_ecdsa ]]; then
|
||||
ssh-keygen -t ecdsa -b 521 -f /var/azuracast/sftpgo/persist/id_ecdsa -q -N ""
|
||||
fi
|
||||
|
||||
if [[ ! -f /var/azuracast/sftpgo/persist/id_ed25519 ]]; then
|
||||
ssh-keygen -t ed25519 -f /var/azuracast/sftpgo/persist/id_ed25519 -q -N ""
|
||||
fi
|
||||
|
||||
chown -R azuracast:azuracast /var/azuracast/sftpgo/persist
|
||||
|
||||
cd /var/azuracast/sftpgo
|
||||
|
||||
exec sudo -E -u azuracast sftpgo --config-dir=/var/azuracast/sftpgo serve -l "" > /proc/1/fd/1 2> /proc/1/fd/2
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
bool() {
|
||||
case "$1" in
|
||||
Y* | y* | true | TRUE | 1) return 0 ;;
|
||||
esac
|
||||
return 1
|
||||
}
|
||||
|
||||
ENABLE_REDIS=${ENABLE_REDIS:-false}
|
||||
if bool "$ENABLE_REDIS"; then
|
||||
ENABLE_REDIS=true
|
||||
else
|
||||
ENABLE_REDIS=false
|
||||
fi
|
||||
|
||||
export ENABLE_REDIS
|
||||
|
||||
# Copy the nginx template to its destination.
|
||||
dockerize -template "/etc/nginx/azuracast.conf.tmpl:/etc/nginx/conf.d/azuracast.conf"
|
|
@ -1,8 +1,12 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
if [ -f /etc/nginx/certs/default.crt ]; then
|
||||
rm -rf /etc/nginx/certs/default.key || true
|
||||
rm -rf /etc/nginx/certs/default.crt || true
|
||||
fi
|
||||
|
||||
# Generate a self-signed certificate if one doesn't exist in the certs path.
|
||||
if [ ! -f /etc/nginx/certs/default.crt ]; then
|
||||
if [ ! -f /etc/nginx/certs/default.crt ]; then
|
||||
echo "Generating self-signed certificate..."
|
||||
|
||||
openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=localhost" \
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [[ ! -f /var/azuracast/sftpgo/persist/id_rsa ]]; then
|
||||
ssh-keygen -t rsa -b 4096 -f /var/azuracast/sftpgo/persist/id_rsa -q -N ""
|
||||
fi
|
||||
|
||||
if [[ ! -f /var/azuracast/sftpgo/persist/id_ecdsa ]]; then
|
||||
ssh-keygen -t ecdsa -b 521 -f /var/azuracast/sftpgo/persist/id_ecdsa -q -N ""
|
||||
fi
|
||||
|
||||
if [[ ! -f /var/azuracast/sftpgo/persist/id_ed25519 ]]; then
|
||||
ssh-keygen -t ed25519 -f /var/azuracast/sftpgo/persist/id_ed25519 -q -N ""
|
||||
fi
|
||||
|
||||
chown -R azuracast:azuracast /var/azuracast/sftpgo/persist
|
Loading…
Reference in New Issue