Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[ACME] Log acme-client output base64 encoded, use mysqladmin status instead of ping to determine readiness

Browse Source
This commit is contained in:
André 2018-10-11 11:51:13 +02:00
parent 699c9a7348
commit ce135bb773
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
data/Dockerfiles/acme/docker-entrypoint.sh
View File

@ -13,8 +13,12 @@ log_f() {
elif [[ ${2} != "redis_only" ]]; then elif [[ ${2} != "redis_only" ]]; then
echo "$(date) - ${1}" echo "$(date) - ${1}"
fi fi
if [[ ${3} == "b64" ]]; then
redis-cli -h redis LPUSH ACME_LOG "{\"time\":\"$(date +%s)\",\"message\":\"base64,$(printf '%s' "${1}")\"}" > /dev/null
else
redis-cli -h redis LPUSH ACME_LOG "{\"time\":\"$(date +%s)\",\"message\":\"$(printf '%s' "${1}" | \ redis-cli -h redis LPUSH ACME_LOG "{\"time\":\"$(date +%s)\",\"message\":\"$(printf '%s' "${1}" | \
tr '%&;$"_[]{}-\r\n' ' ')\"}" > /dev/null tr '%&;$"_[]{}-\r\n' ' ')\"}" > /dev/null
fi
} }
if [[ "${SKIP_LETS_ENCRYPT}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then if [[ "${SKIP_LETS_ENCRYPT}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
@ -125,7 +129,7 @@ else
fi fi
log_f "Waiting for database... " log_f "Waiting for database... "
while ! mysqladmin ping --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
sleep 2 sleep 2
done done
log_f "Initializing, please wait... " log_f "Initializing, please wait... "
@ -324,10 +328,10 @@ while true; do
-k ${ACME_BASE}/acme/private/privkey.pem \ -k ${ACME_BASE}/acme/private/privkey.pem \
-c ${ACME_BASE}/acme \ -c ${ACME_BASE}/acme \
${ALL_VALIDATED[*]} 2>&1 | tee /dev/fd/5) ${ALL_VALIDATED[*]} 2>&1 | tee /dev/fd/5)
case "$?" in case "$?" in
0) # new certs 0) # new certs
log_f "${ACME_RESPONSE}" redis_only ACME_RESPONSE_B64=$(echo ${ACME_RESPONSE} | openssl enc -e -A -base64)
log_f "${ACME_RESPONSE_B64}" redis_only b64
# cp the new certificates and keys # cp the new certificates and keys
cp ${ACME_BASE}/acme/fullchain.pem ${ACME_BASE}/cert.pem cp ${ACME_BASE}/acme/fullchain.pem ${ACME_BASE}/cert.pem
cp ${ACME_BASE}/acme/private/privkey.pem ${ACME_BASE}/key.pem cp ${ACME_BASE}/acme/private/privkey.pem ${ACME_BASE}/key.pem
@ -341,7 +345,8 @@ while true; do
restart_containers ${CONTAINERS_RESTART[*]} restart_containers ${CONTAINERS_RESTART[*]}
;; ;;
1) # failure 1) # failure
log_f "${ACME_RESPONSE}" redis_only ACME_RESPONSE_B64=$(echo ${ACME_RESPONSE} | openssl enc -e -A -base64)
log_f "${ACME_RESPONSE_B64}" redis_only b64
if [[ $ACME_RESPONSE =~ "No registration exists" ]]; then if [[ $ACME_RESPONSE =~ "No registration exists" ]]; then
log_f "Registration keys are invalid, deleting old keys and restarting..." log_f "Registration keys are invalid, deleting old keys and restarting..."
rm ${ACME_BASE}/acme/private/account.key rm ${ACME_BASE}/acme/private/account.key
@ -370,7 +375,8 @@ while true; do
exec $(readlink -f "$0") exec $(readlink -f "$0")
;; ;;
2) # no change 2) # no change
log_f "${ACME_RESPONSE}" redis_only ACME_RESPONSE_B64=$(echo ${ACME_RESPONSE} | openssl enc -e -A -base64)
log_f "${ACME_RESPONSE_B64}" redis_only b64
if ! diff ${ACME_BASE}/acme/fullchain.pem ${ACME_BASE}/cert.pem; then if ! diff ${ACME_BASE}/acme/fullchain.pem ${ACME_BASE}/cert.pem; then
log_f "Certificate was not changed, but active certificate does not match the verified certificate, fixing and restarting containers..." log_f "Certificate was not changed, but active certificate does not match the verified certificate, fixing and restarting containers..."
cp ${ACME_BASE}/acme/fullchain.pem ${ACME_BASE}/cert.pem cp ${ACME_BASE}/acme/fullchain.pem ${ACME_BASE}/cert.pem
@ -387,7 +393,8 @@ while true; do
[[ ${TRIGGER_RESTART} == 1 ]] && restart_containers ${CONTAINERS_RESTART[*]} [[ ${TRIGGER_RESTART} == 1 ]] && restart_containers ${CONTAINERS_RESTART[*]}
;; ;;
*) # unspecified *) # unspecified
log_f "${ACME_RESPONSE}" redis_only ACME_RESPONSE_B64=$(echo ${ACME_RESPONSE} | openssl enc -e -A -base64)
log_f "${ACME_RESPONSE_B64}" redis_only b64
if [[ -f ${ACME_BASE}/acme/private/${DATE}.bak/fullchain.pem ]] && [[ -f ${ACME_BASE}/acme/private/${DATE}.bak/privkey.pem ]]; then if [[ -f ${ACME_BASE}/acme/private/${DATE}.bak/fullchain.pem ]] && [[ -f ${ACME_BASE}/acme/private/${DATE}.bak/privkey.pem ]]; then
log_f "Error requesting certificate, restoring previous certificate from backup and restarting containers...." log_f "Error requesting certificate, restoring previous certificate from backup and restarting containers...."
cp ${ACME_BASE}/acme/private/${DATE}.bak/fullchain.pem ${ACME_BASE}/cert.pem cp ${ACME_BASE}/acme/private/${DATE}.bak/fullchain.pem ${ACME_BASE}/cert.pem