rixty
/
AzuraCast
mirror of https://github.com/AzuraCast/AzuraCast.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

Merge commit 'e4ef4a340dbee48b75b3760a6892d10da4bb68dd'

This commit is contained in:
Buster "Silver Eagle" Neece 2022-01-23 06:41:11 -06:00
parent ec63c9db5f
commit 39442586b8
No known key found for this signature in database
GPG Key ID: 9FC8B9E008872109
11 changed files with 123 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose.dev.yml
View File

@ -3,7 +3,7 @@ services :
build :
context : .
volumes :
- ./util/local_ssl:/etc/nginx/certs:ro
- ./util/local_ssl:/etc/nginx/certs
- ./vendor:/var/azuracast/www/vendor
- .:/var/azuracast/www
extra_hosts:

4
docker-compose.sample.yml
View File

@ -37,7 +37,7 @@ services:
PGID: ${AZURACAST_PGID:-1000}
volumes:
- letsencrypt:/etc/nginx/certs
- letsencrypt_internal:/etc/acme.sh
- letsencrypt_acme:/etc/acme.sh
- www_vendor:/var/azuracast/www/vendor
- www_uploads:/var/azuracast/uploads
- tmp_data:/var/azuracast/www_tmp
@ -262,7 +262,7 @@ networks:
volumes:
db_data: { }
letsencrypt: { }
letsencrypt_internal: { }
letsencrypt_acme: { }
shoutcast2_install: { }
geolite_install: { }
sftpgo_data: { }

2
docker.sh
View File

@ -442,7 +442,7 @@ install-dev() {
fi
fi
if [[ ! -d ../docker-azuracast-nginx-proxy ]]; then
if [[ ! -d ../docker-azuracast-radio ]]; then
if ask "Clone related repositories?" Y; then
git clone https://github.com/AzuraCast/docker-azuracast-db.git ../docker-azuracast-db
git clone https://github.com/AzuraCast/docker-azuracast-redis.git ../docker-azuracast-redis

7
src/Radio/CertificateLocator.php
View File

@ -27,9 +27,14 @@ class CertificateLocator
}
}
$generatedKey = $certBase . '/ssl.key';
$generatedCert = $certBase . '/ssl.crt';
if (file_exists($generatedKey) && file_exists($generatedCert)) {
return new Certificate($generatedKey, $generatedCert);
}
$defaultKey = $certBase . '/default.key';
$defaultCert = $certBase . '/default.crt';
if (file_exists($defaultKey) && file_exists($defaultCert)) {
return new Certificate($defaultKey, $defaultCert);
}

5
util/docker/web/nginx/azuracast.conf.tmpl
View File

@ -68,8 +68,13 @@ server {
listen 80;
listen 443 default_server http2 ssl;
{{if exists "/etc/nginx/certs/ssl.crt"}}
ssl_certificate /etc/nginx/certs/ssl.crt;
ssl_certificate_key /etc/nginx/certs/ssl.key;
{{else}}
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
{{end}}
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;

74
util/docker/web/runit/acme/run
View File

@ -16,6 +16,47 @@ function lc() {
echo "${@,,}"
}
function create_link {
local -r source=${1?missing source argument}
local -r target=${2?missing target argument}
if [[ -f "$target" ]] && [[ "$(readlink "$target")" == "$source" ]]; then
[[ "$DEBUG" == 1 ]] && echo "$target already linked to $source"
return 1
else
ln -sf "$source" "$target"
fi
}
function create_links {
local -r base_domain=${1?missing base_domain argument}
if [[ ! -f "/etc/nginx/certs/$base_domain/fullchain.pem" || \
! -f "/etc/nginx/certs/$base_domain/key.pem" ]]; then
return 1
fi
local return_code=1
create_link "./$base_domain/fullchain.pem" "/etc/nginx/certs/ssl.crt"
return_code=$(( return_code & $? ))
create_link "./$base_domain/key.pem" "/etc/nginx/certs/ssl.key"
return_code=$(( return_code & $? ))
if [[ -f "/etc/nginx/certs/dhparam.pem" ]]; then
create_link ./dhparam.pem "/etc/nginx/certs/ssl.dhparam.pem"
return_code=$(( return_code & $? ))
fi
if [[ -f "/etc/nginx/certs/$base_domain/chain.pem" ]]; then
create_link "./$base_domain/chain.pem" "/etc/nginx/certs/ssl.chain.pem"
return_code=$(( return_code & $? ))
fi
return $return_code
}
CERTS_UPDATE_INTERVAL="${CERTS_UPDATE_INTERVAL:-3600}"
ACME_CA_URI="${ACME_CA_URI:-"https://acme-v02.api.letsencrypt.org/directory"}"
ACME_CA_TEST_URI="https://acme-staging-v02.api.letsencrypt.org/directory"
@ -113,15 +154,16 @@ function update_cert {
unset accountemail
config_home="/etc/acme.sh/staging"
# Prefix test certificate directory with _test_
certificate_dir="/etc/nginx/certs/_test_"
certificate_dir="/etc/nginx/certs/_test_$base_domain"
else
certificate_dir="/etc/nginx/certs"
certificate_dir="/etc/nginx/certs/$base_domain"
fi
params_issue_arr+=( \
--cert-file "${certificate_dir}/default.crt" \
--key-file "${certificate_dir}/default.key" \
--reloadcmd "/usr/local/bin/on_ssl_renewal" \
--cert-file "${certificate_dir}/cert.pem" \
--key-file "${certificate_dir}/key.pem" \
--ca-file "${certificate_dir}/chain.pem" \
--fullchain-file "${certificate_dir}/fullchain.pem" \
)
[[ ! -d "$config_home" ]] && mkdir -p "$config_home"
@ -176,6 +218,28 @@ function update_cert {
[[ "$DEBUG" == 1 ]] && echo "Calling acme.sh --issue with the following parameters : ${params_issue_arr[*]}"
echo "Creating/renewal $base_domain certificates... (${hosts_array[*]})"
acme.sh --issue "${params_issue_arr[@]}"
local acmesh_return=$?
local should_reload_nginx='false'
# 0 = success, 2 = RENEW_SKIP
if [[ $acmesh_return == 0 || $acmesh_return == 2 ]]; then
if [[ $acme_ca_uri =~ ^https://acme-staging.* ]]; then
create_links "_test_$base_domain" \
&& should_reload_nginx='true'
else
create_links "$base_domain" \
&& should_reload_nginx='true'
fi
[[ $acmesh_return -eq 0 ]] \
&& should_reload_nginx='true'
fi
if [[ "$should_reload_nginx" == 'true' ]]; then
echo "Reloading nginx..."
on_ssl_renewal
fi
}
if [ ! -z "$VIRTUAL_HOST" ]; then

19
util/docker/web/runit/nginx/run
View File

@ -1,3 +1,22 @@
#!/bin/bash
bool() {
case "$1" in
Y* | y* | true | TRUE | 1) return 0 ;;
esac
return 1
}
ENABLE_REDIS=${ENABLE_REDIS:-false}
if bool "$ENABLE_REDIS"; then
ENABLE_REDIS=true
else
ENABLE_REDIS=false
fi
export ENABLE_REDIS
# Copy the nginx template to its destination.
dockerize -template "/etc/nginx/azuracast.conf.tmpl:/etc/nginx/conf.d/azuracast.conf"
exec nginx -g "daemon off;"

14
util/docker/web/runit/sftpgo/run
View File

@ -2,6 +2,20 @@
echo 'Spinning up SFTP process...'
if [[ ! -f /var/azuracast/sftpgo/persist/id_rsa ]]; then
ssh-keygen -t rsa -b 4096 -f /var/azuracast/sftpgo/persist/id_rsa -q -N ""
fi
if [[ ! -f /var/azuracast/sftpgo/persist/id_ecdsa ]]; then
ssh-keygen -t ecdsa -b 521 -f /var/azuracast/sftpgo/persist/id_ecdsa -q -N ""
fi
if [[ ! -f /var/azuracast/sftpgo/persist/id_ed25519 ]]; then
ssh-keygen -t ed25519 -f /var/azuracast/sftpgo/persist/id_ed25519 -q -N ""
fi
chown -R azuracast:azuracast /var/azuracast/sftpgo/persist
cd /var/azuracast/sftpgo
exec sudo -E -u azuracast sftpgo --config-dir=/var/azuracast/sftpgo serve -l "" > /proc/1/fd/1 2> /proc/1/fd/2

20
util/docker/web/startup_scripts/01_nginx.sh
View File

@ -1,20 +0,0 @@
#!/bin/bash
bool() {
case "$1" in
Y* | y* | true | TRUE | 1) return 0 ;;
esac
return 1
}
ENABLE_REDIS=${ENABLE_REDIS:-false}
if bool "$ENABLE_REDIS"; then
ENABLE_REDIS=true
else
ENABLE_REDIS=false
fi
export ENABLE_REDIS
# Copy the nginx template to its destination.
dockerize -template "/etc/nginx/azuracast.conf.tmpl:/etc/nginx/conf.d/azuracast.conf"

8
util/docker/web/startup_scripts/01_self_signed_ssl.sh
View File

@ -1,8 +1,12 @@
#!/bin/bash
set -e
if [ -f /etc/nginx/certs/default.crt ]; then
rm -rf /etc/nginx/certs/default.key || true
rm -rf /etc/nginx/certs/default.crt || true
fi
# Generate a self-signed certificate if one doesn't exist in the certs path.
if [ ! -f /etc/nginx/certs/default.crt ]; then
if [ ! -f /etc/nginx/certs/default.crt ]; then
echo "Generating self-signed certificate..."
openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=localhost" \

15
util/docker/web/startup_scripts/05_sftpgo_private_key.sh
View File

@ -1,15 +0,0 @@
#!/bin/bash
if [[ ! -f /var/azuracast/sftpgo/persist/id_rsa ]]; then
ssh-keygen -t rsa -b 4096 -f /var/azuracast/sftpgo/persist/id_rsa -q -N ""
fi
if [[ ! -f /var/azuracast/sftpgo/persist/id_ecdsa ]]; then
ssh-keygen -t ecdsa -b 521 -f /var/azuracast/sftpgo/persist/id_ecdsa -q -N ""
fi
if [[ ! -f /var/azuracast/sftpgo/persist/id_ed25519 ]]; then
ssh-keygen -t ed25519 -f /var/azuracast/sftpgo/persist/id_ed25519 -q -N ""
fi
chown -R azuracast:azuracast /var/azuracast/sftpgo/persist